diff --git a/app/decorators.py b/app/decorators.py
index b8bc694b..93feccc7 100644
--- a/app/decorators.py
+++ b/app/decorators.py
@@ -76,7 +76,7 @@ class ZResponse(object):
         return flask.redirect(url)  # http 302
 
     def setHeader(self, header, value):
-        self.headers[header.tolower()] = value
+        self.headers[header.lower()] = value
 
 
 def permission_required(permission):
diff --git a/app/scodoc/ZEntreprises.py b/app/scodoc/ZEntreprises.py
index dd7f5047..56be1de4 100644
--- a/app/scodoc/ZEntreprises.py
+++ b/app/scodoc/ZEntreprises.py
@@ -111,7 +111,9 @@ class ZEntreprises(
 <ul class="insidebar">"""
             % params,
         ]
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if REQUEST.AUTHENTICATED_USER.has_permission(
+            Permission.ScoEntrepriseChange, self
+        ):
             H.append(
                 """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_create" class="sidebar">Nouvelle entreprise</a> </li>"""
                 % params
@@ -138,7 +140,9 @@ class ZEntreprises(
       <li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_list?entreprise_id=%(entreprise_id)s" class="sidebar">Corresp.</a></li>"""
                     % params
                 )  # """
-                if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+                if REQUEST.AUTHENTICATED_USER.has_permission(
+                    Permission.ScoEntrepriseChange, self
+                ):
                     H.append(
                         """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau Corresp.</a></li>"""
                         % params
@@ -147,7 +151,9 @@ class ZEntreprises(
                     """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_list?entreprise_id=%(entreprise_id)s" class="sidebar">Contacts</a></li>"""
                     % params
                 )
-                if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+                if REQUEST.AUTHENTICATED_USER.has_permission(
+                    Permission.ScoEntrepriseChange, self
+                ):
                     H.append(
                         """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau "contact"</a></li>"""
                         % params
@@ -156,7 +162,9 @@ class ZEntreprises(
 
         #
         H.append("""<br/><br/>%s""" % scu.icontag("entreprise_side_img"))
-        if not REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if not REQUEST.AUTHENTICATED_USER.has_permission(
+            Permission.ScoEntrepriseChange, self
+        ):
             H.append("""<br/><em>(Lecture seule)</em>""")
         H.append("""</div> </div> <!-- end of sidebar -->""")
         return "".join(H)
@@ -336,7 +344,9 @@ class ZEntreprises(
 
         H.append(tab.html())
 
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if REQUEST.AUTHENTICATED_USER.has_permission(
+            Permission.ScoEntrepriseChange, self
+        ):
             if entreprise_id:
                 H.append(
                     """<p class="entreprise_create"><a class="entreprise_create" href="entreprise_contact_create?entreprise_id=%(entreprise_id)s">nouveau "contact"</a></p>
@@ -443,7 +453,9 @@ class ZEntreprises(
 
         H.append(tab.html())
 
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if REQUEST.AUTHENTICATED_USER.has_permission(
+            Permission.ScoEntrepriseChange, self
+        ):
             H.append(
                 """<p class="entreprise_create"><a class="entreprise_create" href="entreprise_correspondant_create?entreprise_id=%(entreprise_id)s">Ajouter un correspondant dans l'entreprise %(nom)s</a></p>
                 """
@@ -556,7 +568,9 @@ class ZEntreprises(
 
         if tf[0] == 0:
             H.append(tf[1])
-            if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+            if REQUEST.AUTHENTICATED_USER.has_permission(
+                Permission.ScoEntrepriseChange, self
+            ):
                 H.append(
                     """<p class="entreprise_descr"><a class="entreprise_delete" href="entreprise_contact_delete?entreprise_contact_id=%s">Supprimer ce contact</a> </p>"""
                     % entreprise_contact_id
@@ -1130,7 +1144,7 @@ class ZEntreprises(
     def entreprise_edit(self, entreprise_id, REQUEST=None, start=1):
         """Form. edit entreprise"""
         authuser = REQUEST.AUTHENTICATED_USER
-        readonly = not authuser.has_permission(ScoEntrepriseChange, self)
+        readonly = not authuser.has_permission(Permission.ScoEntrepriseChange, self)
         F = sco_entreprises.do_entreprise_list(
             self, args={"entreprise_id": entreprise_id}
         )[0]
diff --git a/app/scodoc/ZScoDoc.py b/app/scodoc/ZScoDoc.py
index ad0d6434..5aab6e8c 100644
--- a/app/scodoc/ZScoDoc.py
+++ b/app/scodoc/ZScoDoc.py
@@ -131,7 +131,9 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
     def _check_admin_perm(self, REQUEST):
         """Check if user has permission to add/delete departements"""
         authuser = REQUEST.AUTHENTICATED_USER
-        if authuser.has_role("manager") or authuser.has_permission(ScoSuperAdmin, self):
+        if authuser.has_role("manager") or authuser.has_permission(
+            Permission.ScoSuperAdmin, self
+        ):
             return ""
         else:
             return """<h2>Vous n'avez pas le droit d'accéder à cette page</h2>"""
@@ -294,7 +296,8 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
             [
                 d.id
                 for d in self._list_depts()
-                if (not viewable) or authuser.has_permission(ScoView, d.Scolarite)
+                if (not viewable)
+                or authuser.has_permission(Permission.ScoView, d.Scolarite)
             ],
             name="depts",
             format=format,
@@ -480,7 +483,7 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
             else:
                 dest_folder = ""
             for deptFolder in self._list_depts():
-                if authuser.has_permission(ScoView, deptFolder.Scolarite):
+                if authuser.has_permission(Permission.ScoView, deptFolder.Scolarite):
                     link_cls = "link_accessible"
                 else:
                     link_cls = "link_unauthorized"
@@ -561,7 +564,7 @@ E. Viennet (Université Paris 13).</p>
         authuser = REQUEST.AUTHENTICATED_USER
         try:
             dept = getattr(self, deptfoldername)
-            if authuser.has_permission(ScoView, dept):
+            if authuser.has_permission(Permission.ScoView, dept):
                 return REQUEST.RESPONSE.redirect("ScoDoc/%s/Scolarite" % deptfoldername)
         except:
             log(
diff --git a/app/scodoc/ZScoUsers.py b/app/scodoc/ZScoUsers.py
index ec86bfa1..8429bd66 100644
--- a/app/scodoc/ZScoUsers.py
+++ b/app/scodoc/ZScoUsers.py
@@ -141,7 +141,7 @@ class ZScoUsers(
         H = [self.sco_header(REQUEST, page_title="Gestion des utilisateurs")]
         H.append("<h2>Gestion des utilisateurs</h2>")
 
-        if authuser.has_permission(ScoUsersAdmin, self):
+        if authuser.has_permission(Permission.ScoUsersAdmin, self):
             H.append(
                 '<p><a href="create_user_form" class="stdlink">Ajouter un utilisateur</a>'
             )
@@ -170,7 +170,7 @@ class ZScoUsers(
             with_olds=with_olds,
             format=format,
             REQUEST=REQUEST,
-            with_links=authuser.has_permission(ScoUsersAdmin, self),
+            with_links=authuser.has_permission(Permission.ScoUsersAdmin, self),
         )
         if format != "html":
             return L
@@ -338,7 +338,7 @@ class ZScoUsers(
         if str(authuser) == user_name:
             return True
         # has permission ?
-        if not authuser.has_permission(ScoUsersAdmin, self):
+        if not authuser.has_permission(Permission.ScoUsersAdmin, self):
             return False
         # Ok, now check that authuser can manage users from this departement
         # Get user info
@@ -499,11 +499,11 @@ class ZScoUsers(
                 "<p>L' utilisateur '%s' n'est pas défini dans ce module.</p>"
                 % user_name
             )
-            if authuser.has_permission(ScoEditAllNotes, self):
+            if authuser.has_permission(Permission.ScoEditAllNotes, self):
                 H.append("<p>(il peut modifier toutes les notes)</p>")
-            if authuser.has_permission(ScoEditAllEvals, self):
+            if authuser.has_permission(Permission.ScoEditAllEvals, self):
                 H.append("<p>(il peut modifier toutes les évaluations)</p>")
-            if authuser.has_permission(ScoImplement, self):
+            if authuser.has_permission(Permission.ScoImplement, self):
                 H.append("<p>(il peut creer des formations)</p>")
         else:
             H.append(
@@ -520,7 +520,7 @@ class ZScoUsers(
              <li><a class="stdlink" href="form_change_password?user_name=%(user_name)s">changer le mot de passe</a></li>"""
                 % info[0]
             )
-            if authuser.has_permission(ScoUsersAdmin, self):
+            if authuser.has_permission(Permission.ScoUsersAdmin, self):
                 H.append(
                     """
              <li><a  class="stdlink" href="create_user_form?user_name=%(user_name)s&edit=1">modifier/déactiver ce compte</a></li>
@@ -560,7 +560,7 @@ class ZScoUsers(
                         b = "non"
                     H.append("<li>%s : %s</li>" % (permname, b))
             H.append("</ul></div>")
-        if authuser.has_permission(ScoUsersAdmin, self):
+        if authuser.has_permission(Permission.ScoUsersAdmin, self):
             H.append(
                 '<p><a class="stdlink" href="%s/Users">Liste de tous les utilisateurs</a></p>'
                 % self.ScoURL()
@@ -602,13 +602,13 @@ class ZScoUsers(
         else:
             H.append("<h2>Création d'un utilisateur</h2>")
 
-        if authuser.has_permission(ScoSuperAdmin, self):
+        if authuser.has_permission(Permission.ScoSuperAdmin, self):
             H.append("""<p class="warning">Vous êtes super administrateur !</p>""")
 
         # Noms de roles pouvant etre attribues aux utilisateurs via ce dialogue
         # si pas SuperAdmin, restreint aux rôles EnsX, SecrX, DeptX
         #
-        if authuser.has_permission(ScoSuperAdmin, self):
+        if authuser.has_permission(Permission.ScoSuperAdmin, self):
             log("create_user_form called by %s (super admin)" % (auth_name,))
             editable_roles = set(self._all_roles())
         else:
diff --git a/app/scodoc/html_sco_header.py b/app/scodoc/html_sco_header.py
index 89003b66..3eb22aab 100644
--- a/app/scodoc/html_sco_header.py
+++ b/app/scodoc/html_sco_header.py
@@ -28,7 +28,6 @@
 import cgi
 
 import sco_utils as scu
-from sco_formsemestre_status import formsemestre_page_title
 
 """
 HTML Header/Footer for ScoDoc pages
@@ -263,3 +262,6 @@ def sco_footer(context, REQUEST=None):
     return (
         """</div><!-- /gtrcontent -->""" + scu.CUSTOM_HTML_FOOTER + """</body></html>"""
     )
+
+
+from sco_formsemestre_status import formsemestre_page_title
diff --git a/app/scodoc/html_sidebar.py b/app/scodoc/html_sidebar.py
index 5fc75035..76b8253b 100644
--- a/app/scodoc/html_sidebar.py
+++ b/app/scodoc/html_sidebar.py
@@ -62,14 +62,14 @@ def sidebar_common(context, REQUEST=None):
         % params,
     ]
 
-    if authuser.has_permission(ScoUsersAdmin, context) or authuser.has_permission(
-        ScoUsersView, context
-    ):
+    if authuser.has_permission(
+        Permission.ScoUsersAdmin, context
+    ) or authuser.has_permission(ScoUsersView, context):
         H.append(
             """<a href="%(UsersURL)s" class="sidebar">Utilisateurs</a> <br/>""" % params
         )
 
-    if authuser.has_permission(ScoChangePreferences, context):
+    if authuser.has_permission(Permission.ScoChangePreferences, context):
         H.append(
             """<a href="%(ScoURL)s/edit_preferences" class="sidebar">Paramétrage</a> <br/>"""
             % params
@@ -120,7 +120,7 @@ def sidebar(context, REQUEST=None):
             )
 
         H.append("<ul>")
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoAbsChange, context):
+        if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange, context):
             H.append(
                 """
 <li>     <a href="%(ScoURL)s/Absences/SignaleAbsenceEtud?etudid=%(etudid)s">Ajouter</a></li>
diff --git a/app/scodoc/sco_abs_views.py b/app/scodoc/sco_abs_views.py
index c8190983..24916c45 100644
--- a/app/scodoc/sco_abs_views.py
+++ b/app/scodoc/sco_abs_views.py
@@ -88,7 +88,13 @@ def doSignaleAbsence(
             nbadded += 2
         else:
             context._AddAbsence(
-                etudid, jour, demijournee, estjust, REQUEST, description_abs, moduleimpl_id
+                etudid,
+                jour,
+                demijournee,
+                estjust,
+                REQUEST,
+                description_abs,
+                moduleimpl_id,
             )
             nbadded += 1
     #
@@ -846,7 +852,7 @@ def absences_index_html(context, REQUEST=None):
             """<p>Pour signaler, annuler ou justifier une absence, choisissez d'abord l'étudiant concerné:</p>"""
         )
         H.append(sco_find_etud.form_search_etud(context, REQUEST))
-        if authuser.has_permission(ScoAbsChange, context):
+        if authuser.has_permission(Permission.ScoAbsChange, context):
             H.extend(
                 (
                     """<hr/>
diff --git a/app/scodoc/sco_archives_etud.py b/app/scodoc/sco_archives_etud.py
index 1469a43b..4e135437 100644
--- a/app/scodoc/sco_archives_etud.py
+++ b/app/scodoc/sco_archives_etud.py
@@ -53,7 +53,7 @@ EtudsArchive = EtudsArchiver()
 
 def can_edit_etud_archive(context, authuser):
     """True si l'utilisateur peut modifier les archives etudiantes"""
-    return authuser.has_permission(ScoEtudAddAnnotations, context)
+    return authuser.has_permission(Permission.ScoEtudAddAnnotations, context)
 
 
 def etud_list_archives_html(context, REQUEST, etudid):
diff --git a/app/scodoc/sco_bulletins.py b/app/scodoc/sco_bulletins.py
index 62a31a35..90c451cf 100644
--- a/app/scodoc/sco_bulletins.py
+++ b/app/scodoc/sco_bulletins.py
@@ -842,7 +842,7 @@ def can_send_bulletin_by_mail(context, formsemestre_id, REQUEST):
     sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     return (
         context.get_preference("bul_mail_allowed_for_all", formsemestre_id)
-        or authuser.has_permission(ScoImplement, context)
+        or authuser.has_permission(Permission.ScoImplement, context)
         or str(authuser) in sem["responsables"]
     )
 
@@ -1077,7 +1077,7 @@ def _formsemestre_bulletinetud_header_html(
             "url": "formsemestre_edit_options?formsemestre_id=%s&target_url=%s"
             % (formsemestre_id, qurl),
             "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement, context),
         },
         {
             "title": 'Version papier (pdf, format "%s")'
@@ -1120,14 +1120,14 @@ def _formsemestre_bulletinetud_header_html(
             % (etudid, formsemestre_id),
             "enabled": (
                 (authuser in sem["responsables"])
-                or (authuser.has_permission(ScoEtudInscrit, context))
+                or (authuser.has_permission(Permission.ScoEtudInscrit, context))
             ),
         },
         {
             "title": "Enregistrer un semestre effectué ailleurs",
             "url": "formsemestre_ext_create_form?etudid=%s&formsemestre_id=%s"
             % (etudid, formsemestre_id),
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
         },
         {
             "title": "Enregistrer une validation d'UE antérieure",
diff --git a/app/scodoc/sco_bulletins_legacy.py b/app/scodoc/sco_bulletins_legacy.py
index 29b1c530..ba6474d8 100644
--- a/app/scodoc/sco_bulletins_legacy.py
+++ b/app/scodoc/sco_bulletins_legacy.py
@@ -316,7 +316,7 @@ class BulletinGeneratorLegacy(sco_bulletins_generator.BulletinGenerator):
         # le dir. des etud peut ajouter des appreciations,
         # mais aussi le chef (perm. ScoEtudInscrit)
         can_edit_app = (str(authuser) in self.infos["responsables"]) or (
-            authuser.has_permission(ScoEtudInscrit, self.context)
+            authuser.has_permission(Permission.ScoEtudInscrit, self.context)
         )
         H.append('<div class="bull_appreciations">')
         if I["appreciations_list"]:
diff --git a/app/scodoc/sco_bulletins_standard.py b/app/scodoc/sco_bulletins_standard.py
index a3811ea1..ce34c2b5 100644
--- a/app/scodoc/sco_bulletins_standard.py
+++ b/app/scodoc/sco_bulletins_standard.py
@@ -153,7 +153,7 @@ class BulletinGeneratorStandard(sco_bulletins_generator.BulletinGenerator):
         # le dir. des etud peut ajouter des appreciations,
         # mais aussi le chef (perm. ScoEtudInscrit)
         can_edit_app = (str(self.authuser) in self.infos["responsables"]) or (
-            self.authuser.has_permission(ScoEtudInscrit, self.context)
+            self.authuser.has_permission(Permission.ScoEtudInscrit, self.context)
         )
         H.append('<div class="bull_appreciations">')
         for app in self.infos["appreciations_list"]:
diff --git a/app/scodoc/sco_core.py b/app/scodoc/sco_core.py
old mode 100644
new mode 100755
index 90300ea2..2437cc0a
--- a/app/scodoc/sco_core.py
+++ b/app/scodoc/sco_core.py
@@ -17,3 +17,10 @@ def sco_get_version(context, REQUEST=None):
 def test_refactor(context, x=1):
     x = context.toto()
     y = ("context=" + context.module_is_locked("alpha")) + "23"
+    z = context.sco_header(
+        a_long_argument_hahahahaha=1,
+        another_very_long_arggggggggggggg=2,
+        z=6,
+        u=99,
+        kkkkkk=1,
+    )
diff --git a/app/scodoc/sco_dept.py b/app/scodoc/sco_dept.py
index b1941833..66a6fa79 100644
--- a/app/scodoc/sco_dept.py
+++ b/app/scodoc/sco_dept.py
@@ -138,7 +138,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
     )
     #
     authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit, context):
         H.append(
             """<hr>
         <h3>Gestion des étudiants</h3>
@@ -151,7 +151,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
         """
         )
     #
-    if authuser.has_permission(ScoEditApo, context):
+    if authuser.has_permission(Permission.ScoEditApo, context):
         H.append(
             """<hr>
         <h3>Exports Apogée</h3>
diff --git a/app/scodoc/sco_edit_formation.py b/app/scodoc/sco_edit_formation.py
index b1947744..22325d5e 100644
--- a/app/scodoc/sco_edit_formation.py
+++ b/app/scodoc/sco_edit_formation.py
@@ -35,6 +35,7 @@ from TrivialFormulator import TrivialFormulator, TF, tf_error_message
 import sco_codes_parcours
 import sco_formsemestre
 from sco_exceptions import ScoValueError
+import sco_formation
 
 
 def formation_delete(context, formation_id=None, dialog_confirmed=False, REQUEST=None):
@@ -223,6 +224,32 @@ def formation_edit(context, formation_id=None, create=False, REQUEST=None):
         return REQUEST.RESPONSE.redirect("ue_list?formation_id=%s" % formation_id)
 
 
+def do_formation_create(context, args, REQUEST):
+    "create a formation"
+    cnx = context.GetDBConnexion()
+    # check unique acronyme/titre/version
+    a = args.copy()
+    if a.has_key("formation_id"):
+        del a["formation_id"]
+    F = context.formation_list(args=a)
+    if len(F) > 0:
+        log("do_formation_create: error: %d formations matching args=%s" % (len(F), a))
+        raise ScoValueError("Formation non unique (%s) !" % str(a))
+    # Si pas de formation_code, l'enleve (default SQL)
+    if args.has_key("formation_code") and not args["formation_code"]:
+        del args["formation_code"]
+    #
+    r = _formationEditor.create(cnx, args)
+
+    sco_news.add(
+        context,
+        REQUEST,
+        typ=NEWS_FORM,
+        text="Création de la formation %(titre)s (%(acronyme)s)" % args,
+    )
+    return r
+
+
 def do_formation_edit(context, args):
     "edit a formation"
     # log('do_formation_edit( args=%s )'%args)
@@ -238,7 +265,7 @@ def do_formation_edit(context, args):
         del args["formation_code"]
 
     cnx = context.GetDBConnexion()
-    context._formationEditor.edit(cnx, args)
+    sco_formation._formationEditor.edit(cnx, args)
 
     # Invalide les semestres utilisant cette formation:
     for sem in sco_formsemestre.do_formsemestre_list(
diff --git a/app/scodoc/sco_edit_module.py b/app/scodoc/sco_edit_module.py
index 1b15984e..41867211 100644
--- a/app/scodoc/sco_edit_module.py
+++ b/app/scodoc/sco_edit_module.py
@@ -417,7 +417,9 @@ def module_list(context, formation_id, REQUEST=None):
         % F,
         '<ul class="notes_module_list">',
     ]
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(ScoChangeFormation, context)
+    editable = REQUEST.AUTHENTICATED_USER.has_permission(
+        Permission.ScoChangeFormation, context
+    )
 
     for Mod in context.do_module_list(args={"formation_id": formation_id}):
         H.append('<li class="notes_module_list">%s' % Mod)
diff --git a/app/scodoc/sco_edit_ue.py b/app/scodoc/sco_edit_ue.py
index 0a977afe..4762116a 100644
--- a/app/scodoc/sco_edit_ue.py
+++ b/app/scodoc/sco_edit_ue.py
@@ -300,14 +300,16 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
     ue_list.sort(key=lambda u: (u["semestre_id"], u["numero"]))
     has_duplicate_ue_codes = len(set([ue["ue_code"] for ue in ue_list])) != len(ue_list)
 
-    perm_change = authuser.has_permission(ScoChangeFormation, context)
+    perm_change = authuser.has_permission(Permission.ScoChangeFormation, context)
     # editable = (not locked) and perm_change
     # On autorise maintanant la modification des formations qui ont des semestres verrouillés,
     # sauf si cela affect les notes passées (verrouillées):
     #   - pas de modif des modules utilisés dans des semestres verrouillés
     #   - pas de changement des codes d'UE utilisés dans des semestres verrouillés
     editable = perm_change
-    tag_editable = authuser.has_permission(ScoEditFormationTags, context) or perm_change
+    tag_editable = (
+        authuser.has_permission(Permission.ScoEditFormationTags, context) or perm_change
+    )
     if locked:
         lockicon = scu.icontag("lock32_img", title="verrouillé")
     else:
@@ -653,7 +655,7 @@ Si vous souhaitez modifier cette formation (par exemple pour y ajouter un module
             H.append("</li>")
         H.append("</ul>")
 
-    if authuser.has_permission(ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement, context):
         H.append(
             """<ul>
         <li><a class="stdlink" href="formsemestre_createwithmodules?formation_id=%(formation_id)s&semestre_id=1">Mettre en place un nouveau semestre de formation %(acronyme)s</a>
diff --git a/app/scodoc/sco_find_etud.py b/app/scodoc/sco_find_etud.py
index 765a2f5e..7abbaace 100644
--- a/app/scodoc/sco_find_etud.py
+++ b/app/scodoc/sco_find_etud.py
@@ -266,7 +266,7 @@ def form_search_etud_in_accessible_depts(context, REQUEST):
 def can_view_dept(context, REQUEST):
     """True if auth user can access (View) this context"""
     authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(ScoView, context)
+    return authuser.has_permission(Permission.ScoView, context)
 
 
 def search_etud_in_accessible_depts(context, expnom=None, code_nip=None, REQUEST=None):
diff --git a/app/scodoc/sco_formations.py b/app/scodoc/sco_formations.py
index 145c28d7..928a678c 100644
--- a/app/scodoc/sco_formations.py
+++ b/app/scodoc/sco_formations.py
@@ -217,7 +217,9 @@ def formation_list_table(context, formation_id=None, args={}, REQUEST=None):
         "edit_img", border="0", alt="modifier", title="Modifier titres et code"
     )
 
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(ScoChangeFormation, context)
+    editable = REQUEST.AUTHENTICATED_USER.has_permission(
+        Permission.ScoChangeFormation, context
+    )
 
     # Traduit/ajoute des champs à afficher:
     for f in formations:
diff --git a/app/scodoc/sco_formsemestre_edit.py b/app/scodoc/sco_formsemestre_edit.py
index 927a2829..cda130c3 100644
--- a/app/scodoc/sco_formsemestre_edit.py
+++ b/app/scodoc/sco_formsemestre_edit.py
@@ -105,7 +105,7 @@ def can_edit_sem(context, REQUEST, formsemestre_id="", sem=None):
     """Return sem if user can edit it, False otherwise"""
     sem = sem or sco_formsemestre.get_formsemestre(context, formsemestre_id)
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):  # pas chef
+    if not authuser.has_permission(Permission.ScoImplement, context):  # pas chef
         if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
             return False
     return sem
@@ -118,7 +118,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
         formsemestre_id = REQUEST.form["formsemestre_id"]
         sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement, context):
         if not edit:
             # il faut ScoImplement pour creer un semestre
             raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
@@ -434,7 +434,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
             },
         ),
     ]
-    if authuser.has_permission(ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement, context):
         modform += [
             (
                 "resp_can_edit",
diff --git a/app/scodoc/sco_formsemestre_status.py b/app/scodoc/sco_formsemestre_status.py
index 2824a3c4..04fa2a03 100644
--- a/app/scodoc/sco_formsemestre_status.py
+++ b/app/scodoc/sco_formsemestre_status.py
@@ -157,7 +157,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "url": "formsemestre_editwithmodules?formation_id=%(formation_id)s&formsemestre_id=%(formsemestre_id)s"
             % sem,
             "enabled": (
-                authuser.has_permission(ScoImplement, context)
+                authuser.has_permission(Permission.ScoImplement, context)
                 or (
                     str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
                     and sem["resp_can_edit"]
@@ -171,7 +171,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "url": "formsemestre_edit_preferences?formsemestre_id=%(formsemestre_id)s"
             % sem,
             "enabled": (
-                authuser.has_permission(ScoImplement, context)
+                authuser.has_permission(Permission.ScoImplement, context)
                 or (
                     str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
                     and sem["resp_can_edit"]
@@ -184,14 +184,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "title": "Réglages bulletins",
             "url": "formsemestre_edit_options?formsemestre_id=" + formsemestre_id,
             "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement, context),
             "helpmsg": "Change les options",
         },
         {
             "title": change_lock_msg,
             "url": "formsemestre_change_lock?formsemestre_id=" + formsemestre_id,
             "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement, context),
             "helpmsg": "",
         },
         {
@@ -216,21 +216,21 @@ def formsemestre_status_menubar(context, sem, REQUEST):
         {
             "title": "Cloner ce semestre",
             "url": "formsemestre_clone?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
             "helpmsg": "",
         },
         {
             "title": "Associer à une nouvelle version du programme",
             "url": "formsemestre_associate_new_version?formsemestre_id="
             + formsemestre_id,
-            "enabled": authuser.has_permission(ScoChangeFormation, context)
+            "enabled": authuser.has_permission(Permission.ScoChangeFormation, context)
             and (sem["etat"] == "1"),
             "helpmsg": "",
         },
         {
             "title": "Supprimer ce semestre",
             "url": "formsemestre_delete?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
             "helpmsg": "",
         },
     ]
@@ -254,13 +254,13 @@ def formsemestre_status_menubar(context, sem, REQUEST):
         {
             "title": "Passage des étudiants depuis d'autres semestres",
             "url": "formsemestre_inscr_passage?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
             and (sem["etat"] == "1"),
         },
         {
             "title": "Synchroniser avec étape Apogée",
             "url": "formsemestre_synchro_etuds?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoView, context)
+            "enabled": authuser.has_permission(Permission.ScoView, context)
             and context.get_preference("portal_url")
             and (sem["etat"] == "1"),
         },
@@ -268,26 +268,26 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "title": "Inscrire un étudiant",
             "url": "formsemestre_inscription_with_modules_etud?formsemestre_id="
             + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
             and (sem["etat"] == "1"),
         },
         {
             "title": "Importer des étudiants dans ce semestre (table Excel)",
             "url": "form_students_import_excel?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
             and (sem["etat"] == "1"),
         },
         {
             "title": "Import/export des données admission",
             "url": "form_students_import_infos_admissions?formsemestre_id="
             + formsemestre_id,
-            "enabled": authuser.has_permission(ScoView, context),
+            "enabled": authuser.has_permission(Permission.ScoView, context),
         },
         {
             "title": "Resynchroniser données identité",
             "url": "formsemestre_import_etud_admission?formsemestre_id="
             + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudChangeAdr, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context)
             and context.get_preference("portal_url"),
         },
         {
@@ -750,7 +750,7 @@ def _make_listes_sem(context, sem, REQUEST=None, with_absences=True):
     #
     H = []
     # pas de menu absences si pas autorise:
-    if with_absences and not authuser.has_permission(ScoAbsChange, context):
+    if with_absences and not authuser.has_permission(Permission.ScoAbsChange, context):
         with_absences = False
 
     #
diff --git a/app/scodoc/sco_groups.py b/app/scodoc/sco_groups.py
index 74f71403..a04bec9a 100644
--- a/app/scodoc/sco_groups.py
+++ b/app/scodoc/sco_groups.py
@@ -62,7 +62,7 @@ def can_change_groups(context, REQUEST, formsemestre_id):
     if sem["etat"] != "1":
         return False  # semestre verrouillé
     authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(ScoEtudChangeGroups, context):
+    if authuser.has_permission(Permission.ScoEtudChangeGroups, context):
         return True  # admin, chef dept
     uid = str(authuser)
     if uid in sem["responsables"]:
diff --git a/app/scodoc/sco_groups_view.py b/app/scodoc/sco_groups_view.py
index 59a9470b..8b1fef28 100644
--- a/app/scodoc/sco_groups_view.py
+++ b/app/scodoc/sco_groups_view.py
@@ -851,13 +851,13 @@ def tab_absences_html(context, groups_infos, etat=None, REQUEST=None):
     # Lien pour verif codes INE/NIP
     # (pour tous les etudiants du semestre)
     group_id = sco_groups.get_default_group(context, groups_infos.formsemestre_id)
-    if authuser.has_permission(ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit, context):
         H.append(
             '<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>'
             % (group_id, etat or "")
         )
     # Lien pour ajout fichiers étudiants
-    if authuser.has_permission(ScoEtudAddAnnotations, context):
+    if authuser.has_permission(Permission.ScoEtudAddAnnotations, context):
         H.append(
             """<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>"""
             % (group_id)
@@ -880,7 +880,7 @@ def form_choix_jour_saisie_hebdo(
 ):
     """Formulaire choix jour semaine pour saisie."""
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoAbsChange, context):
+    if not authuser.has_permission(Permission.ScoAbsChange, context):
         return ""
     sem = groups_infos.formsemestre
     first_monday = sco_abs.ddmmyyyy(sem["date_debut"]).prev_monday()
@@ -921,7 +921,7 @@ def form_choix_jour_saisie_hebdo(
 # Formulaire saisie absences semaine
 def form_choix_saisie_semaine(context, groups_infos, REQUEST=None):
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoAbsChange, context):
+    if not authuser.has_permission(Permission.ScoAbsChange, context):
         return ""
     # construit l'URL "destination"
     # (a laquelle on revient apres saisie absences)
diff --git a/app/scodoc/sco_moduleimpl.py b/app/scodoc/sco_moduleimpl.py
index daa6851f..7f5cb64e 100644
--- a/app/scodoc/sco_moduleimpl.py
+++ b/app/scodoc/sco_moduleimpl.py
@@ -302,7 +302,7 @@ def can_change_module_resp(context, REQUEST, moduleimpl_id):
     authuser = REQUEST.AUTHENTICATED_USER
     uid = str(authuser)
     # admin ou resp. semestre avec flag resp_can_change_resp
-    if not authuser.has_permission(ScoImplement, context) and (
+    if not authuser.has_permission(Permission.ScoImplement, context) and (
         (uid not in sem["responsables"]) or (not sem["resp_can_change_ens"])
     ):
         raise AccessDenied("Modification impossible pour %s" % uid)
@@ -325,7 +325,7 @@ def can_change_ens(context, REQUEST, moduleimpl_id, raise_exc=True):
     # admin, resp. module ou resp. semestre
     if (
         uid != M["responsable_id"]
-        and not authuser.has_permission(ScoImplement, context)
+        and not authuser.has_permission(Permission.ScoImplement, context)
         and (uid not in sem["responsables"])
     ):
         if raise_exc:
diff --git a/app/scodoc/sco_moduleimpl_inscriptions.py b/app/scodoc/sco_moduleimpl_inscriptions.py
index 6f68f589..4e019cf7 100644
--- a/app/scodoc/sco_moduleimpl_inscriptions.py
+++ b/app/scodoc/sco_moduleimpl_inscriptions.py
@@ -245,7 +245,10 @@ def moduleimpl_inscriptions_stats(context, formsemestre_id, REQUEST=None):
         context, formsemestre_id
     )
 
-    can_change = authuser.has_permission(ScoEtudInscrit, context) and sem["etat"] == "1"
+    can_change = (
+        authuser.has_permission(Permission.ScoEtudInscrit, context)
+        and sem["etat"] == "1"
+    )
 
     # Liste des modules
     Mlist = sco_moduleimpl.do_moduleimpl_withmodule_list(
diff --git a/app/scodoc/sco_moduleimpl_status.py b/app/scodoc/sco_moduleimpl_status.py
index 52dbcb42..47f3b233 100644
--- a/app/scodoc/sco_moduleimpl_status.py
+++ b/app/scodoc/sco_moduleimpl_status.py
@@ -217,7 +217,7 @@ def moduleimpl_status(context, moduleimpl_id=None, partition_id=None, REQUEST=No
         """<tr><td class="fichetitre2">Inscrits: </td><td> %d étudiants"""
         % len(ModInscrits)
     )
-    if authuser.has_permission(ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit, context):
         H.append(
             """<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id=%s">modifier</a>"""
             % M["moduleimpl_id"]
diff --git a/app/scodoc/sco_page_etud.py b/app/scodoc/sco_page_etud.py
index b0cb60ee..0efcbc3a 100644
--- a/app/scodoc/sco_page_etud.py
+++ b/app/scodoc/sco_page_etud.py
@@ -67,80 +67,78 @@ def _menuScolarite(context, authuser, sem, etudid):
         return lockicon  # no menu
     if not authuser.has_permission(
         ScoEtudInscrit, context
-    ) and not authuser.has_permission(ScoEtudChangeGroups, context):
+    ) and not authuser.has_permission(Permission.ScoEtudChangeGroups, context):
         return ""  # no menu
     ins = sem["ins"]
     args = {"etudid": etudid, "formsemestre_id": ins["formsemestre_id"]}
 
     if ins["etat"] != "D":
         dem_title = "Démission"
-        dem_url = (
-            "formDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
-        )
+        dem_url = "formDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
     else:
         dem_title = "Annuler la démission"
         dem_url = (
-            "doCancelDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s"
-            % args
+            "doCancelDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
         )
 
     # Note: seul un etudiant inscrit (I) peut devenir défaillant.
     if ins["etat"] != sco_codes_parcours.DEF:
         def_title = "Déclarer défaillance"
-        def_url = (
-            "formDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
-        )
+        def_url = "formDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
     elif ins["etat"] == sco_codes_parcours.DEF:
         def_title = "Annuler la défaillance"
         def_url = (
-            "doCancelDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s"
-            % args
+            "doCancelDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
         )
     def_enabled = (
         (ins["etat"] != "D")
-        and authuser.has_permission(ScoEtudInscrit, context)
+        and authuser.has_permission(Permission.ScoEtudInscrit, context)
         and not locked
     )
     items = [
         #        { 'title' : 'Changer de groupe',
         #          'url' : 'formChangeGroup?etudid=%s&formsemestre_id=%s' % (etudid,ins['formsemestre_id']),
-        #          'enabled' : authuser.has_permission(ScoEtudChangeGroups,context) and not locked,
+        #          'enabled' : authuser.has_permission(Permission.ScoEtudChangeGroups,context) and not locked,
         #        },
         {
             "title": dem_title,
             "url": dem_url,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            and not locked,
         },
         {
             "title": "Validation du semestre (jury)",
             "url": "Notes/formsemestre_validation_etud_form?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s"
             % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            and not locked,
         },
         {"title": def_title, "url": def_url, "enabled": def_enabled},
         {
             "title": "Inscrire à un module optionnel (ou au sport)",
             "url": "Notes/formsemestre_inscription_option?formsemestre_id=%(formsemestre_id)s&etudid=%(etudid)s"
             % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            and not locked,
         },
         {
             "title": "Désinscrire (en cas d'erreur)",
             "url": "Notes/formsemestre_desinscription?formsemestre_id=%(formsemestre_id)s&etudid=%(etudid)s"
             % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            and not locked,
         },
         {
             "title": "Inscrire à un autre semestre",
             "url": "Notes/formsemestre_inscription_with_modules_form?etudid=%(etudid)s"
             % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
         },
         {
             "title": "Enregistrer un semestre effectué ailleurs",
             "url": "Notes/formsemestre_ext_create_form?formsemestre_id=%(formsemestre_id)s&etudid=%(etudid)s"
             % args,
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
         },
     ]
 
@@ -206,7 +204,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
     else:
         info["emaillink"] = "<em>(pas d'adresse e-mail)</em>"
     # champs dependant des permissions
-    if authuser.has_permission(ScoEtudChangeAdr, context):
+    if authuser.has_permission(Permission.ScoEtudChangeAdr, context):
         info["modifadresse"] = (
             '<a class="stdlink" href="formChangeCoordonnees?etudid=%s">modifier adresse</a>'
             % etudid
@@ -272,7 +270,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
     else:
         # non inscrit
         l = ["<p><b>Etudiant%s non inscrit%s" % (info["ne"], info["ne"])]
-        if authuser.has_permission(ScoEtudInscrit, context):
+        if authuser.has_permission(Permission.ScoEtudInscrit, context):
             l.append(
                 '<a href="%s/Notes/formsemestre_inscription_with_modules_form?etudid=%s">inscrire</a></li>'
                 % (context.ScoURL(), etudid)
@@ -517,17 +515,17 @@ def menus_etud(context, REQUEST=None):
         {
             "title": "Changer la photo",
             "url": "formChangePhoto?etudid=%(etudid)s" % etud,
-            "enabled": authuser.has_permission(ScoEtudChangeAdr, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context),
         },
         {
             "title": "Changer les données identité/admission",
             "url": "etudident_edit_form?etudid=%(etudid)s" % etud,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
         },
         {
             "title": "Supprimer cet étudiant...",
             "url": "etudident_delete?etudid=%(etudid)s" % etud,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
         },
         {
             "title": "Voir le journal...",
diff --git a/app/scodoc/sco_saisie_notes.py b/app/scodoc/sco_saisie_notes.py
index 98fc06bb..c2a6426f 100644
--- a/app/scodoc/sco_saisie_notes.py
+++ b/app/scodoc/sco_saisie_notes.py
@@ -74,12 +74,12 @@ def can_edit_notes(context, authuser, moduleimpl_id, allow_ens=True):
     if sco_parcours_dut.formsemestre_has_decisions(context, sem["formsemestre_id"]):
         # il y a des décisions de jury dans ce semestre !
         return (
-            authuser.has_permission(ScoEditAllNotes, context)
+            authuser.has_permission(Permission.ScoEditAllNotes, context)
             or uid in sem["responsables"]
         )
     else:
         if (
-            (not authuser.has_permission(ScoEditAllNotes, context))
+            (not authuser.has_permission(Permission.ScoEditAllNotes, context))
             and uid != M["responsable_id"]
             and uid not in sem["responsables"]
         ):
diff --git a/app/scodoc/sco_synchro_etuds.py b/app/scodoc/sco_synchro_etuds.py
index d9c99493..65f5cb0c 100644
--- a/app/scodoc/sco_synchro_etuds.py
+++ b/app/scodoc/sco_synchro_etuds.py
@@ -90,7 +90,7 @@ def formsemestre_synchro_etuds(
     sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem)
     # Write access ?
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoEtudInscrit, context):
+    if not authuser.has_permission(Permission.ScoEtudInscrit, context):
         read_only = True
     if read_only:
         submitted = False
diff --git a/app/scodoc/sco_tag_module.py b/app/scodoc/sco_tag_module.py
index c4071a7f..62653595 100644
--- a/app/scodoc/sco_tag_module.py
+++ b/app/scodoc/sco_tag_module.py
@@ -237,7 +237,7 @@ def module_tag_set(context, module_id="", taglist=[], REQUEST=None):
         authuser = REQUEST.AUTHENTICATED_USER
         tag_editable = authuser.has_permission(
             ScoEditFormationTags, context
-        ) or authuser.has_permission(ScoChangeFormation, context)
+        ) or authuser.has_permission(Permission.ScoChangeFormation, context)
         if not tag_editable:
             raise AccessDenied("Modification des tags impossible pour %s" % authuser)
     #
diff --git a/app/scodoc/sco_ue_external.py b/app/scodoc/sco_ue_external.py
index 512d9559..db30cf86 100644
--- a/app/scodoc/sco_ue_external.py
+++ b/app/scodoc/sco_ue_external.py
@@ -81,7 +81,7 @@ def external_ue_create(
     sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     # Contrôle d'accès:
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement, context):
         if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
             raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
     #
@@ -210,7 +210,7 @@ def external_ue_create_form(context, formsemestre_id, etudid, REQUEST=None):
     sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     # Contrôle d'accès:
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement, context):
         if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
             raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
 
diff --git a/app/views/absences.py b/app/views/absences.py
index ba048031..d386bf6d 100644
--- a/app/views/absences.py
+++ b/app/views/absences.py
@@ -95,6 +95,16 @@ from app.scodoc.sco_abs import ddmmyyyy
 CSSSTYLES = html_sco_header.BOOTSTRAP_MULTISELECT_CSS
 
 
+context = ScoDoc7Context(globals())
+
+
+def sco_publish(route, function, permission):
+    """Declare a route for a python function,
+    protected by permission and called following ScoDoc 7 Zope standards.
+    """
+    bp.route(route)(permission_required(permission)(scodoc7func(context)(function)))
+
+
 def _toboolean(x):
     "convert a value to boolean (ensure backward compat with OLD intranet code)"
     if type(x) == type(""):
diff --git a/app/views/notes.py b/app/views/notes.py
index 0d20761e..2341a2b9 100644
--- a/app/views/notes.py
+++ b/app/views/notes.py
@@ -67,68 +67,68 @@ from app.scodoc.sco_exceptions import (
     ScoGenError,
     AccessDenied,
 )
-from app.scodoc.sco_permissions import Permission, ScoImplement
-from app.scodoc.TrivialFormulator import TrivialFormulator
-import app.scodoc.htmlutils as htmlutils
-import app.scodoc.sco_excel as sco_excel
-
-from app.scodoc.gen_tables import GenTable
-from app.scodoc import sco_cache as sco_cache
-from app.scodoc import scolars as scolars
-from app.scodoc import sco_news as sco_news
-from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
-
-from app.scodoc import sco_formsemestre as sco_formsemestre
-from app.scodoc import sco_formsemestre_edit as sco_formsemestre_edit
-from app.scodoc import sco_formsemestre_status as sco_formsemestre_status
-from app.scodoc import sco_formsemestre_inscriptions as sco_formsemestre_inscriptions
-from app.scodoc import sco_formsemestre_custommenu as sco_formsemestre_custommenu
-from app.scodoc import sco_moduleimpl as sco_moduleimpl
-from app.scodoc import sco_moduleimpl_status as sco_moduleimpl_status
-from app.scodoc import sco_moduleimpl_inscriptions as sco_moduleimpl_inscriptions
-from app.scodoc import sco_evaluations as sco_evaluations
-from app.scodoc import sco_groups as sco_groups
-from app.scodoc import sco_edit_ue as sco_edit_ue
-from app.scodoc import sco_edit_formation as sco_edit_formation
-from app.scodoc import sco_edit_matiere as sco_edit_matiere
-from app.scodoc import sco_edit_module as sco_edit_module
-from app.scodoc import sco_tag_module as sco_tag_module
-from app.scodoc import sco_bulletins as sco_bulletins
-from app.scodoc import sco_bulletins_pdf as sco_bulletins_pdf
-from app.scodoc import sco_compute_moy as sco_compute_moy
-from app.scodoc import sco_recapcomplet as sco_recapcomplet
-from app.scodoc import sco_liste_notes as sco_liste_notes
-from app.scodoc import sco_saisie_notes as sco_saisie_notes
-from app.scodoc import sco_placement as sco_placement
-from app.scodoc import sco_undo_notes as sco_undo_notes
-from app.scodoc import sco_formations as sco_formations
-from app.scodoc import sco_report as sco_report
-from app.scodoc import sco_lycee as sco_lycee
-from app.scodoc import sco_poursuite_dut as sco_poursuite_dut
-from app.scodoc import pe_view as pe_view
-from app.scodoc import sco_debouche as sco_debouche
-from app.scodoc import sco_ue_external as sco_ue_external
-from app.scodoc import sco_cost_formation as sco_cost_formation
-from app.scodoc import sco_formsemestre_validation as sco_formsemestre_validation
-from app.scodoc import sco_parcours_dut as sco_parcours_dut
-from app.scodoc import sco_codes_parcours as sco_codes_parcours
-from app.scodoc import sco_pvjury as sco_pvjury
-from app.scodoc import sco_pvpdf as sco_pvpdf
-from app.scodoc import sco_prepajury as sco_prepajury
-from app.scodoc import sco_inscr_passage as sco_inscr_passage
-from app.scodoc import sco_synchro_etuds as sco_synchro_etuds
-from app.scodoc import sco_archives as sco_archives
-from app.scodoc import sco_apogee_csv as sco_apogee_csv
-from app.scodoc import sco_etape_apogee_view as sco_etape_apogee_view
-from app.scodoc import sco_apogee_compare as sco_apogee_compare
-from app.scodoc import sco_semset as sco_semset
-from app.scodoc import sco_export_results as sco_export_results
-from app.scodoc import sco_formsemestre_exterieurs as sco_formsemestre_exterieurs
-
 from app.scodoc.sco_pdf import PDFLOCK
-from app.scodoc import notes_table as notes_table
 from app.scodoc.notes_table import NOTES_CACHE_INST, CacheNotesTable
 import app.scodoc.VERSION as VERSION
+from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
+from app.scodoc.gen_tables import GenTable
+from app.scodoc.sco_permissions import Permission, ScoImplement
+from app.scodoc.TrivialFormulator import TrivialFormulator
+
+from app.scodoc import htmlutils
+from app.scodoc import sco_excel
+from app.scodoc import sco_cache
+from app.scodoc import scolars
+from app.scodoc import sco_news
+from app.scodoc import sco_formsemestre
+from app.scodoc import sco_formsemestre_edit
+from app.scodoc import sco_formsemestre_status
+from app.scodoc import sco_formsemestre_inscriptions
+from app.scodoc import sco_formsemestre_custommenu
+from app.scodoc import sco_moduleimpl
+from app.scodoc import sco_moduleimpl_status
+from app.scodoc import sco_moduleimpl_inscriptions
+from app.scodoc import sco_evaluations
+from app.scodoc import sco_groups
+from app.scodoc import sco_edit_ue
+from app.scodoc import sco_edit_formation
+from app.scodoc import sco_edit_matiere
+from app.scodoc import sco_edit_module
+from app.scodoc import sco_tag_module
+from app.scodoc import sco_bulletins
+from app.scodoc import sco_bulletins_pdf
+from app.scodoc import sco_compute_moy
+from app.scodoc import sco_recapcomplet
+from app.scodoc import sco_liste_notes
+from app.scodoc import sco_saisie_notes
+from app.scodoc import sco_placement
+from app.scodoc import sco_undo_notes
+from app.scodoc import sco_formations
+from app.scodoc import sco_report
+from app.scodoc import sco_lycee
+from app.scodoc import sco_poursuite_dut
+from app.scodoc import pe_view
+from app.scodoc import sco_debouche
+from app.scodoc import sco_ue_external
+from app.scodoc import sco_cost_formation
+from app.scodoc import sco_formsemestre_validation
+from app.scodoc import sco_parcours_dut
+from app.scodoc import sco_codes_parcours
+from app.scodoc import sco_pvjury
+from app.scodoc import sco_pvpdf
+from app.scodoc import sco_prepajury
+from app.scodoc import sco_inscr_passage
+from app.scodoc import sco_synchro_etuds
+from app.scodoc import sco_archives
+from app.scodoc import sco_apogee_csv
+from app.scodoc import sco_etape_apogee_view
+from app.scodoc import sco_apogee_compare
+from app.scodoc import sco_semset
+from app.scodoc import sco_export_results
+from app.scodoc import sco_formsemestre_exterieurs
+from app.scodoc import notes_table
+
+context = ScoDoc7Context(globals())
 
 
 def sco_publish(route, function, permission):
@@ -405,7 +405,9 @@ sco_publish(
 def index_html(context, REQUEST=None):
     "Page accueil formations"
 
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(ScoChangeFormation, context)
+    editable = REQUEST.AUTHENTICATED_USER.has_permission(
+        Permission.ScoChangeFormation, g.scodoc_dept
+    )
 
     H = [
         context.sco_header(REQUEST, page_title="Programmes formations"),
@@ -435,21 +437,6 @@ def index_html(context, REQUEST=None):
 # --------------------------------------------------------------------
 
 # --- Formations
-_formationEditor = ndb.EditableTable(
-    "notes_formations",
-    "formation_id",
-    (
-        "formation_id",
-        "acronyme",
-        "titre",
-        "titre_officiel",
-        "version",
-        "formation_code",
-        "type_parcours",
-        "code_specialite",
-    ),
-    sortkey="acronyme",
-)
 
 
 @bp.route("/do_formation_create")
@@ -470,7 +457,7 @@ def do_formation_create(context, args, REQUEST):
     if args.has_key("formation_code") and not args["formation_code"]:
         del args["formation_code"]
     #
-    r = context._formationEditor.create(cnx, args)
+    r = _formationEditor.create(cnx, args)
 
     sco_news.add(
         context,
@@ -497,7 +484,7 @@ def do_formation_delete(context, oid, REQUEST):
     for ue in ues:
         context._do_ue_delete(ue["ue_id"], REQUEST=REQUEST, force=True)
 
-    context._formationEditor.delete(cnx, oid)
+    _formationEditor.delete(cnx, oid)
 
     # news
     sco_news.add(
@@ -523,7 +510,7 @@ def formation_list(context, format=None, REQUEST=None, formation_id=None, args={
         else:
             args = {"formation_id": formation_id}
     cnx = context.GetDBConnexion()
-    r = context._formationEditor.list(cnx, args=args)
+    r = _formationEditor.list(cnx, args=args)
     # log('%d formations found' % len(r))
     return scu.sendResult(REQUEST, r, name="formation", format=format)
 
@@ -2247,7 +2234,7 @@ def _evaluation_check_write_access(context, REQUEST, moduleimpl_id=None):
     sem = sco_formsemestre.get_formsemestre(context, M["formsemestre_id"])
 
     if (
-        (not authuser.has_permission(ScoEditAllEvals, context))
+        (not authuser.has_permission(Permission.ScoEditAllEvals, context))
         and uid != M["responsable_id"]
         and uid not in sem["responsables"]
     ):
@@ -2834,7 +2821,7 @@ def appreciation_add_form(
     sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     # check custom access permission
     can_edit_app = (str(authuser) in sem["responsables"]) or (
-        authuser.has_permission(ScoEtudInscrit, context)
+        authuser.has_permission(Permission.ScoEtudInscrit, context)
     )
     if not can_edit_app:
         raise AccessDenied("vous n'avez pas le droit d'ajouter une appreciation")
@@ -2923,7 +2910,7 @@ def _can_edit_pv(context, REQUEST, formsemestre_id):
     # Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr
     # (ceci nous évite d'ajouter une permission Zope aux installations existantes)
     authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(ScoEtudChangeAdr, context)
+    return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
 
 
 # --- FORMULAIRE POUR VALIDATION DES UE ET SEMESTRES
@@ -2939,7 +2926,7 @@ def _can_validate_sem(context, REQUEST, formsemestre_id):
 def _is_chef_or_diretud(context, REQUEST, sem):
     "Vrai si utilisateur est admin, chef dept ou responsable du semestre"
     authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement, context):
         return True  # admin, chef dept
     uid = str(authuser)
     if uid in sem["responsables"]:
diff --git a/app/views/scolar.py b/app/views/scolar.py
index e045eab2..0b04291b 100644
--- a/app/views/scolar.py
+++ b/app/views/scolar.py
@@ -88,7 +88,6 @@ from app.scodoc.sco_permissions import (
     ScoEditApo,
     ScoSuperAdmin,
 )
-import app.scodoc.sco_permissions
 from app.scodoc.sco_exceptions import (
     AccessDenied,
     ScoException,
@@ -99,10 +98,9 @@ from app.scodoc.sco_exceptions import (
     ScoInvalidDept,
 )
 from app.scodoc.TrivialFormulator import TrivialFormulator, tf_error_message
-import app.scodoc.scolars
-import app.scodoc.sco_codes_parcours
-import app.scodoc.sco_preferences
-import app.scodoc.sco_formations
+from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
+from app.scodoc.VERSION import SCOVERSION, SCONEWS
+
 from app.scodoc.scolars import (
     format_nom,
     format_prenom,
@@ -111,40 +109,50 @@ from app.scodoc.scolars import (
     format_lycee_from_code,
 )
 from app.scodoc.scolars import format_telephone, format_pays, make_etud_args
-import app.scodoc.sco_find_etud
-import app.scodoc.sco_photos
-import app.scodoc.sco_formsemestre
-import app.scodoc.sco_formsemestre_edit
-import app.scodoc.sco_news
-from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
-
-import app.scodoc.html_sco_header
-import app.scodoc.html_sidebar
-
 from app.scodoc.gen_tables import GenTable
-import app.scodoc.sco_excel
-import app.scodoc.imageresize
 
-import app.scodoc.ImportScolars
-import app.scodoc.sco_abs
-import app.scodoc.sco_portal_apogee
-import app.scodoc.sco_synchro_etuds
-import app.scodoc.sco_page_etud
-import app.scodoc.sco_groups
-import app.scodoc.sco_trombino
-import app.scodoc.sco_groups_view
-import app.scodoc.sco_trombino_tours
-import app.scodoc.sco_parcours_dut
-import app.scodoc.sco_report
-import app.scodoc.sco_archives_etud
-import app.scodoc.sco_debouche
-import app.scodoc.sco_groups_edit
-import app.scodoc.sco_up_to_date
-import app.scodoc.sco_edt_cal
-import app.scodoc.sco_dept
-import app.scodoc.sco_dump_db
+from app.scodoc import scolars
+from app.scodoc import sco_codes_parcours
+from app.scodoc import sco_preferences
+from app.scodoc import sco_formations
+from app.scodoc import sco_permissions
+from app.scodoc import sco_find_etud
+from app.scodoc import sco_photos
+from app.scodoc import sco_formsemestre
+from app.scodoc import sco_formsemestre_edit
+from app.scodoc import sco_news
+from app.scodoc import html_sco_header
+from app.scodoc import html_sidebar
+from app.scodoc import sco_excel
+from app.scodoc import imageresize
+from app.scodoc import ImportScolars
+from app.scodoc import sco_abs
+from app.scodoc import sco_portal_apogee
+from app.scodoc import sco_synchro_etuds
+from app.scodoc import sco_page_etud
+from app.scodoc import sco_groups
+from app.scodoc import sco_trombino
+from app.scodoc import sco_groups_view
+from app.scodoc import sco_trombino_tours
+from app.scodoc import sco_parcours_dut
+from app.scodoc import sco_report
+from app.scodoc import sco_archives_etud
+from app.scodoc import sco_debouche
+from app.scodoc import sco_groups_edit
+from app.scodoc import sco_up_to_date
+from app.scodoc import sco_edt_cal
+from app.scodoc import sco_dept
+from app.scodoc import sco_dump_db
 
-from app.scodoc.VERSION import SCOVERSION, SCONEWS
+
+context = ScoDoc7Context(globals())
+
+
+def sco_publish(route, function, permission):
+    """Declare a route for a python function,
+    protected by permission and called following ScoDoc 7 Zope standards.
+    """
+    bp.route(route)(permission_required(permission)(scodoc7func(context)(function)))
 
 
 log.set_log_directory(Config.INSTANCE_HOME + "/log")
@@ -221,7 +229,7 @@ def formsemestre_edit_preferences(context, formsemestre_id, REQUEST):
     authuser = REQUEST.AUTHENTICATED_USER
     sem = sco_formsemestre.get_formsemestre(context.Notes, formsemestre_id)
     ok = (
-        authuser.has_permission(ScoImplement, context)
+        authuser.has_permission(Permission.ScoImplement, context)
         or ((str(authuser) in sem["responsables"]) and sem["resp_can_edit"])
     ) and (sem["etat"] == "1")
     if ok:
@@ -361,7 +369,8 @@ sco_publish(
 
 
 # XMLgetEtudInfos était le nom dans l'ancienne API ScoDoc 6
-@bp.route("/etud_info", "/XMLgetEtudInfos")
+@bp.route("/etud_info")
+@bp.route("/XMLgetEtudInfos")
 @permission_required(Permission.ScoView)
 @scodoc7func(context)
 def etud_info(context, etudid=None, format="xml", REQUEST=None):
@@ -494,7 +503,7 @@ sco_publish(
 # vrai si l'utilisateur peut modifier les informations de suivi sur la page etud"
 def can_edit_suivi(context, REQUEST=None):
     authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(ScoEtudChangeAdr, context)
+    return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
 
 
 sco_publish(
@@ -561,8 +570,8 @@ def canSuppressAnnotation(context, annotation_id, REQUEST):
     # c'est pourquoi on teste aussi ScoEtudInscrit (normalement détenue par le chef)
     return (
         (str(authuser) == anno["zope_authenticated_user"])
-        or authuser.has_permission(ScoEtudSupprAnnotations, context)
-        or authuser.has_permission(ScoEtudInscrit, context)
+        or authuser.has_permission(Permission.ScoEtudSupprAnnotations, context)
+        or authuser.has_permission(Permission.ScoEtudInscrit, context)
     )
 
 
@@ -1861,7 +1870,7 @@ def form_students_import_infos_admissions(context, REQUEST, formsemestre_id=None
     "formulaire import xls"
     authuser = REQUEST.AUTHENTICATED_USER
     F = context.sco_footer(REQUEST)
-    if not authuser.has_permission(ScoEtudInscrit, context):
+    if not authuser.has_permission(Permission.ScoEtudInscrit, context):
         # autorise juste l'export
         H = [
             context.sco_header(
diff --git a/refactor.py b/refactor.py
index 939d4ced..8bab9582 100644
--- a/refactor.py
+++ b/refactor.py
@@ -16,21 +16,21 @@ Pour chaque module dans views et dans scodoc:
 
 from __future__ import print_function
 import re
-
 from pprint import pprint as pp
+import os
 import sys
 import types
-
+import tempfile
+import shutil
 import click
-import flask
 
-import app
-from app import create_app, cli, db
-from app.auth.models import User, Role, UserRole
+# import flask
 
-from config import Config
+# import app
+# from app import create_app, cli, db
+# from app.auth.models import User, Role, UserRole
 
-from app.views import notes
+# from app.views import notes
 
 TYPES_TO_SCAN = {
     types.FunctionType,
@@ -61,6 +61,8 @@ def scan_views_symbols():
     """Scan modules in app.views and returns
     { }
     """
+    import app
+
     views_modules = [
         getattr(app.views, mod_name)
         for mod_name in dir(app.views)
@@ -102,6 +104,63 @@ def replace_context_calls(sourcefilename, sym2mod):
     return source2, undefined_list
 
 
-sym2mod = scan_views_symbols()
+# sym2mod = scan_views_symbols()
 
-source2, undefined_list = replace_context_calls("app/scodoc/sco_core.py", sym2mod)
+# source2, undefined_list = replace_context_calls("app/scodoc/sco_core.py", sym2mod)
+
+
+def list_context_calls(sourcefilename):
+    """List of methods called on context in this file"""
+    source = open(sourcefilename).read()
+    exp = re.compile(r"context\.([a-zA-Z0-9_]+)")
+    return sorted(set(exp.findall(source)))
+
+
+@click.group()
+def cli():
+    pass
+
+
+@cli.command()
+@click.argument("src_filenames", nargs=-1)
+def showcontextcalls(src_filenames):
+    click.echo("Initialized the database")
+    S = {}
+    for sourcefilename in src_filenames:
+        l = list_context_calls(sourcefilename)
+        module_name = os.path.splitext(os.path.split(sourcefilename)[1])[0]
+        for m in l:
+            if m in S:
+                S[m].append(module_name)
+            else:
+                S[m] = [module_name]
+        #
+        for method in sorted(S.keys()):
+            print(method + ":\t" + ", ".join(S[method]))
+
+
+@cli.command()
+@click.argument("method", nargs=1)
+@click.argument("module", nargs=1)
+@click.argument("src_filenames", nargs=-1)
+def refactor(method, module, src_filenames):
+    """Replace call context.method
+    by module.method
+    in all given source filenames
+    """
+    backup = tempfile.mkdtemp(dir="/tmp")
+    for sourcefilename in src_filenames:
+        print("reading %s" % sourcefilename)
+        source = open(sourcefilename).read()
+        source2 = source.replace("context." + method, module + "." + method)
+        shutil.move(sourcefilename, backup)
+        open(sourcefilename, "w").write(source2)
+    print("Done.\noriginal files saved in %s\n" % backup)
+
+
+if __name__ == "__main__":
+    try:
+        cli(obj={})
+    except SystemExit as e:
+        if e.code != 0:
+            raise