diff --git a/app/decorators.py b/app/decorators.py index df67751ae..a688cb17b 100644 --- a/app/decorators.py +++ b/app/decorators.py @@ -52,7 +52,10 @@ def scodoc(func): def scodoc_function(*args, **kwargs): # interdit les POST si pas loggué if request.method == "POST" and not current_user.is_authenticated: - current_app.logger.info("POST by non authenticated user") + current_app.logger.info( + "POST by non authenticated user (request.form=%s)", + str(request.form)[:2048], + ) return redirect( url_for( "auth.login", diff --git a/app/views/absences.py b/app/views/absences.py index 21ed46f60..c6fe5a1cf 100644 --- a/app/views/absences.py +++ b/app/views/absences.py @@ -1047,8 +1047,8 @@ def EtatAbsencesDate(group_ids=[], date=None): # list of groups to display # ----- Gestion des "billets d'absence": signalement par les etudiants eux mêmes (à travers le portail) @bp.route("/AddBilletAbsence", methods=["GET", "POST"]) # API ScoDoc 7 compat -@scodoc @permission_required_compat_scodoc7(Permission.ScoAbsAddBillet) +@scodoc @scodoc7func def AddBilletAbsence( begin, @@ -1105,7 +1105,7 @@ def AddBilletAbsence( return billet_id -@bp.route("/AddBilletAbsenceForm") +@bp.route("/AddBilletAbsenceForm", methods=["GET", "POST"]) @scodoc @permission_required(Permission.ScoAbsAddBillet) @scodoc7func @@ -1238,8 +1238,8 @@ def listeBilletsEtud(etudid=False, format="html"): @bp.route( "/XMLgetBilletsEtud", methods=["GET", "POST"] ) # pour compat anciens clients PHP -@scodoc @permission_required_compat_scodoc7(Permission.ScoView) +@scodoc @scodoc7func def XMLgetBilletsEtud(etudid=False): """Liste billets pour un etudiant""" @@ -1464,8 +1464,8 @@ def ProcessBilletAbsenceForm(billet_id): # @bp.route("/essai_api7") -# @scodoc # @permission_required_compat_scodoc7(Permission.ScoView) +# @scodoc # @scodoc7func # def essai_api7(x="xxx"): # "un essai" @@ -1474,8 +1474,8 @@ def ProcessBilletAbsenceForm(billet_id): @bp.route("/XMLgetAbsEtud", methods=["GET", "POST"]) # pour compat anciens clients PHP -@scodoc @permission_required_compat_scodoc7(Permission.ScoView) +@scodoc @scodoc7func def XMLgetAbsEtud(beg_date="", end_date=""): """returns list of absences in date interval""" diff --git a/app/views/notes.py b/app/views/notes.py index 90d70c466..c549377bf 100644 --- a/app/views/notes.py +++ b/app/views/notes.py @@ -266,8 +266,8 @@ sco_publish( @bp.route( "formsemestre_bulletinetud", methods=["GET", "POST"] ) # POST pour compat anciens clients PHP (deprecated) -@scodoc @permission_required_compat_scodoc7(Permission.ScoView) +@scodoc @scodoc7func def formsemestre_bulletinetud( etudid=None, @@ -642,8 +642,8 @@ sco_publish("/ue_move", sco_edit_formation.ue_move, Permission.ScoChangeFormatio @bp.route( "/formsemestre_list", methods=["GET", "POST"] ) # pour compat anciens clients PHP -@scodoc @permission_required_compat_scodoc7(Permission.ScoView) +@scodoc @scodoc7func def formsemestre_list( format="json", @@ -669,8 +669,8 @@ def formsemestre_list( @bp.route( "/XMLgetFormsemestres", methods=["GET", "POST"] ) # pour compat anciens clients PHP -@scodoc @permission_required_compat_scodoc7(Permission.ScoView) +@scodoc @scodoc7func def XMLgetFormsemestres(etape_apo=None, formsemestre_id=None): """List all formsemestres matching etape, XML format diff --git a/app/views/scolar.py b/app/views/scolar.py index 38f63f063..40c45a192 100644 --- a/app/views/scolar.py +++ b/app/views/scolar.py @@ -358,8 +358,8 @@ def search_etud_by_name(): @bp.route( "/Notes/XMLgetEtudInfos", methods=["GET", "POST"] ) # pour compat anciens clients PHP -@scodoc @permission_required_compat_scodoc7(Permission.ScoView) +@scodoc @scodoc7func def etud_info(etudid=None, format="xml"): "Donne les informations sur un etudiant"