From 1c59cfdd935e97f01d929a6bcb53a58375319bdf Mon Sep 17 00:00:00 2001 From: Emmanuel Viennet Date: Fri, 8 Dec 2023 13:37:43 +0100 Subject: [PATCH] API etudiants: qq routes departementales manquantes --- app/api/etudiants.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/app/api/etudiants.py b/app/api/etudiants.py index 05ebb0457..b709218e0 100755 --- a/app/api/etudiants.py +++ b/app/api/etudiants.py @@ -25,7 +25,6 @@ from app.but import bulletin_but_court from app.decorators import scodoc, permission_required from app.models import ( Admission, - Adresse, Departement, FormSemestreInscription, FormSemestre, @@ -422,9 +421,9 @@ def bulletin( ) -@bp.route( - "/etudiant/etudid//formsemestre//groups", - methods=["GET"], +@bp.route("/etudiant/etudid//formsemestre//groups") +@api_web_bp.route( + "/etudiant/etudid//formsemestre//groups" ) @scodoc @permission_required(Permission.ScoView) @@ -462,7 +461,6 @@ def etudiant_groups(formsemestre_id: int, etudid: int = None): } ] """ - query = FormSemestre.query.filter_by(id=formsemestre_id) if g.scodoc_dept: query = query.filter_by(dept_id=g.scodoc_dept_id) @@ -483,6 +481,8 @@ def etudiant_groups(formsemestre_id: int, etudid: int = None): @bp.route("/etudiant/create", methods=["POST"], defaults={"force": False}) @bp.route("/etudiant/create/force", methods=["POST"], defaults={"force": True}) +@api_web_bp.route("/etudiant/create", methods=["POST"], defaults={"force": False}) +@api_web_bp.route("/etudiant/create/force", methods=["POST"], defaults={"force": True}) @scodoc @permission_required(Permission.EtudInscrit) @as_json @@ -499,7 +499,10 @@ def etudiant_create(force=False): dept_o = Departement.query.filter_by(acronym=dept).first() if not dept_o: return scu.json_error(400, "dept invalide") - app.set_sco_dept(dept) + if g.scodoc_dept and g.scodoc_dept_id != dept_o.id: + return scu.json_error(400, "dept invalide (route departementale)") + else: + app.set_sco_dept(dept) args["dept_id"] = dept_o.id # vérifie que le département de création est bien autorisé if not current_user.has_permission(Permission.EtudInscrit, dept): @@ -545,6 +548,7 @@ def etudiant_create(force=False): @bp.route("/etudiant///edit", methods=["POST"]) +@api_web_bp.route("/etudiant///edit", methods=["POST"]) @scodoc @permission_required(Permission.EtudInscrit) def etudiant_edit(