Elimine les attributs de ZREQUEST, sauf forms.

This commit is contained in:
Emmanuel Viennet 2021-09-18 13:42:19 +02:00
parent 987800c30e
commit 7daa49f2aa
25 changed files with 127 additions and 175 deletions

View File

@ -55,8 +55,8 @@ class ZRequest(object):
# query_string is bytes:
# self.QUERY_STRING = request.query_string.decode("utf-8")
# self.REQUEST_METHOD = request.method
self.AUTHENTICATED_USER = current_user
self.REMOTE_ADDR = request.remote_addr
# self.AUTHENTICATED_USER = current_user
# self.REMOTE_ADDR = request.remote_addr
if request.method == "POST":
# request.form is a werkzeug.datastructures.ImmutableMultiDict
# must copy to get a mutable version (needed by TrivialFormulator)

View File

@ -57,6 +57,7 @@ import time
import flask
from flask import g, request
from flask_login import current_user
import app.scodoc.sco_utils as scu
from config import Config
@ -382,9 +383,7 @@ def formsemestre_archive(REQUEST, formsemestre_id, group_ids=[]):
(all students or only selected groups)
"""
if not sco_permissions_check.can_edit_pv(formsemestre_id):
raise AccessDenied(
"opération non autorisée pour %s" % str(REQUEST.AUTHENTICATED_USER)
)
raise AccessDenied("opération non autorisée pour %s" % str(current_user))
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
if not group_ids:
@ -559,9 +558,7 @@ def formsemestre_delete_archive(
):
"""Delete an archive"""
if not sco_permissions_check.can_edit_pv(formsemestre_id):
raise AccessDenied(
"opération non autorisée pour %s" % str(REQUEST.AUTHENTICATED_USER)
)
raise AccessDenied("opération non autorisée pour %s" % str(current_user))
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
sem_archive_id = formsemestre_id
archive_id = PVArchive.get_id_from_name(sem_archive_id, archive_name)

View File

@ -31,6 +31,7 @@
"""
import flask
from flask import url_for, g, request
from flask_login import current_user
import app.scodoc.sco_utils as scu
from app.scodoc import sco_import_etuds
@ -60,7 +61,7 @@ def can_edit_etud_archive(authuser):
def etud_list_archives_html(REQUEST, etudid):
"""HTML snippet listing archives"""
can_edit = can_edit_etud_archive(REQUEST.AUTHENTICATED_USER)
can_edit = can_edit_etud_archive(current_user)
etuds = sco_etud.get_etud_info(etudid=etudid)
if not etuds:
raise ScoValueError("étudiant inexistant")
@ -133,10 +134,8 @@ def add_archives_info_to_etud_list(etuds):
def etud_upload_file_form(REQUEST, etudid):
"""Page with a form to choose and upload a file, with a description."""
# check permission
if not can_edit_etud_archive(REQUEST.AUTHENTICATED_USER):
raise AccessDenied(
"opération non autorisée pour %s" % REQUEST.AUTHENTICATED_USER
)
if not can_edit_etud_archive(current_user):
raise AccessDenied("opération non autorisée pour %s" % current_user)
etuds = sco_etud.get_etud_info(filled=True)
if not etuds:
raise ScoValueError("étudiant inexistant")
@ -202,10 +201,8 @@ def _store_etud_file_to_new_archive(etud_archive_id, data, filename, description
def etud_delete_archive(REQUEST, etudid, archive_name, dialog_confirmed=False):
"""Delete an archive"""
# check permission
if not can_edit_etud_archive(REQUEST.AUTHENTICATED_USER):
raise AccessDenied(
"opération non autorisée pour %s" % str(REQUEST.AUTHENTICATED_USER)
)
if not can_edit_etud_archive(current_user):
raise AccessDenied("opération non autorisée pour %s" % str(current_user))
etuds = sco_etud.get_etud_info(filled=True)
if not etuds:
raise ScoValueError("étudiant inexistant")

View File

@ -48,7 +48,7 @@ import app.scodoc.sco_utils as scu
import app.scodoc.notesdb as ndb
from app import log
from app.scodoc.sco_permissions import Permission
from app.scodoc.sco_exceptions import AccessDenied
from app.scodoc.sco_exceptions import AccessDenied, ScoValueError
from app.scodoc import html_sco_header
from app.scodoc import htmlutils
from app.scodoc import sco_abs
@ -121,9 +121,7 @@ def make_context_dict(sem, etud):
return C
def formsemestre_bulletinetud_dict(
formsemestre_id, etudid, version="long", REQUEST=None
):
def formsemestre_bulletinetud_dict(formsemestre_id, etudid, version="long"):
"""Collecte informations pour bulletin de notes
Retourne un dictionnaire (avec valeur par défaut chaine vide).
Le contenu du dictionnaire dépend des options (rangs, ...)
@ -143,10 +141,7 @@ def formsemestre_bulletinetud_dict(
I["etudid"] = etudid
I["formsemestre_id"] = formsemestre_id
I["sem"] = nt.sem
if REQUEST:
I["server_name"] = request.url_root
else:
I["server_name"] = ""
# Formation et parcours
I["formation"] = sco_formations.formation_list(
@ -778,7 +773,10 @@ def formsemestre_bulletinetud(
etud = sco_etud.get_etud_info(filled=True)[0]
etudid = etud["etudid"]
except:
return scu.log_unknown_etud(REQUEST, format=format)
sco_etud.log_unknown_etud()
raise ScoValueError("étudiant inconnu")
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
bulletin = do_formsemestre_bulletinetud(
formsemestre_id,
@ -791,7 +789,8 @@ def formsemestre_bulletinetud(
REQUEST=REQUEST,
)[0]
if format not in {"html", "pdfmail"}:
return bulletin
filename = scu.bul_filename(sem, etud, format)
return scu.send_file(bulletin, filename, mime=scu.get_mime_suffix(format))
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
H = [
@ -862,14 +861,13 @@ def do_formsemestre_bulletinetud(
):
"""Génère le bulletin au format demandé.
Retourne: (bul, filigranne)
bul est au format demandé (html, pdf, pdfmail, pdfpart, xml)
bul est str ou bytes au format demandé (html, pdf, pdfmail, pdfpart, xml, json)
et filigranne est un message à placer en "filigranne" (eg "Provisoire").
"""
if format == "xml":
bul = sco_bulletins_xml.make_xml_formsemestre_bulletinetud(
formsemestre_id,
etudid,
REQUEST=REQUEST,
xml_with_decisions=xml_with_decisions,
force_publishing=force_publishing,
version=version,
@ -881,19 +879,18 @@ def do_formsemestre_bulletinetud(
bul = sco_bulletins_json.make_json_formsemestre_bulletinetud(
formsemestre_id,
etudid,
REQUEST=REQUEST,
xml_with_decisions=xml_with_decisions,
force_publishing=force_publishing,
version=version,
)
return bul, ""
I = formsemestre_bulletinetud_dict(formsemestre_id, etudid, REQUEST=REQUEST)
I = formsemestre_bulletinetud_dict(formsemestre_id, etudid)
etud = I["etud"]
if format == "html":
htm, _ = sco_bulletins_generator.make_formsemestre_bulletinetud(
I, version=version, format="html", REQUEST=REQUEST
I, version=version, format="html"
)
return htm, I["filigranne"]
@ -903,7 +900,6 @@ def do_formsemestre_bulletinetud(
version=version,
format="pdf",
stand_alone=(format != "pdfpart"),
REQUEST=REQUEST,
)
if format == "pdf":
return (
@ -923,11 +919,11 @@ def do_formsemestre_bulletinetud(
htm = "" # speed up if html version not needed
else:
htm, _ = sco_bulletins_generator.make_formsemestre_bulletinetud(
I, version=version, format="html", REQUEST=REQUEST
I, version=version, format="html"
)
pdfdata, filename = sco_bulletins_generator.make_formsemestre_bulletinetud(
I, version=version, format="pdf", REQUEST=REQUEST
I, version=version, format="pdf"
)
if prefer_mail_perso:
@ -998,7 +994,7 @@ def mail_bulletin(formsemestre_id, I, pdfdata, filename, recipient_addr):
# Attach pdf
msg.attach(filename, scu.PDF_MIMETYPE, pdfdata)
breakpoint()
log("mail bulletin a %s" % recipient_addr)
email.send_message(msg)
@ -1119,6 +1115,16 @@ def _formsemestre_bulletinetud_header_html(
"enabled": etud["emailperso"]
and can_send_bulletin_by_mail(formsemestre_id),
},
{
"title": "Version json",
"endpoint": endpoint,
"args": {
"formsemestre_id": formsemestre_id,
"etudid": etudid,
"version": version,
"format": "json",
},
},
{
"title": "Version XML",
"endpoint": endpoint,

View File

@ -53,6 +53,7 @@ from reportlab.platypus import SimpleDocTemplate, Paragraph, Spacer, Frame, Page
from reportlab.platypus import Table, TableStyle, Image, KeepInFrame
from flask import request
from flask_login import current_user
from app.scodoc import sco_utils as scu
from app.scodoc.sco_exceptions import NoteProcessError
@ -150,14 +151,7 @@ class BulletinGenerator(object):
def get_filename(self):
"""Build a filename to be proposed to the web client"""
sem = sco_formsemestre.get_formsemestre(self.infos["formsemestre_id"])
dt = time.strftime("%Y-%m-%d")
filename = "bul-%s-%s-%s.pdf" % (
sem["titre_num"],
dt,
self.infos["etud"]["nom"],
)
filename = scu.unescape_html(filename).replace(" ", "_").replace("&", "")
return filename
return scu.bul_filename(sem, self.infos["etud"], "pdf")
def generate(self, format="", stand_alone=True):
"""Return bulletin in specified format"""
@ -262,7 +256,6 @@ def make_formsemestre_bulletinetud(
version="long", # short, long, selectedevals
format="pdf", # html, pdf
stand_alone=True,
REQUEST=None,
):
"""Bulletin de notes
@ -288,7 +281,7 @@ def make_formsemestre_bulletinetud(
PDFLOCK.acquire()
bul_generator = gen_class(
infos,
authuser=REQUEST.AUTHENTICATED_USER,
authuser=current_user,
version=version,
filigranne=infos["filigranne"],
server_name=request.url_root,
@ -303,7 +296,7 @@ def make_formsemestre_bulletinetud(
gen_class = bulletin_get_class(bul_class_name)
bul_generator = gen_class(
infos,
authuser=REQUEST.AUTHENTICATED_USER,
authuser=current_user,
version=version,
filigranne=infos["filigranne"],
server_name=request.url_root,

View File

@ -47,27 +47,22 @@ from app.scodoc import sco_etud
def make_json_formsemestre_bulletinetud(
formsemestre_id,
etudid,
REQUEST=None,
formsemestre_id: int,
etudid: int,
xml_with_decisions=False,
version="long",
force_publishing=False, # force publication meme si semestre non publie sur "portail"
):
) -> str:
"""Renvoie bulletin en chaine JSON"""
d = formsemestre_bulletinetud_published_dict(
formsemestre_id,
etudid,
force_publishing=force_publishing,
REQUEST=REQUEST,
xml_with_decisions=xml_with_decisions,
version=version,
)
if REQUEST:
REQUEST.RESPONSE.setHeader("content-type", scu.JSON_MIMETYPE)
return json.dumps(d, cls=scu.ScoDocJSONEncoder)
@ -79,7 +74,6 @@ def formsemestre_bulletinetud_published_dict(
etudid,
force_publishing=False,
xml_nodate=False,
REQUEST=None,
xml_with_decisions=False, # inclue les decisions même si non publiées
version="long",
):

View File

@ -69,16 +69,13 @@ def make_xml_formsemestre_bulletinetud(
doc=None, # XML document
force_publishing=False,
xml_nodate=False,
REQUEST=None,
xml_with_decisions=False, # inclue les decisions même si non publiées
version="long",
):
) -> str:
"bulletin au format XML"
from app.scodoc import sco_bulletins
log("xml_bulletin( formsemestre_id=%s, etudid=%s )" % (formsemestre_id, etudid))
if REQUEST:
REQUEST.RESPONSE.setHeader("content-type", scu.XML_MIMETYPE)
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
if (not sem["bul_hide_xml"]) or force_publishing:

View File

@ -51,6 +51,7 @@ import fcntl
import subprocess
import requests
from flask_login import current_user
import app.scodoc.notesdb as ndb
import app.scodoc.sco_utils as scu
@ -190,10 +191,8 @@ def _send_db(REQUEST, ano_db_name):
data={
"dept_name": sco_preferences.get_preference("DeptName"),
"serial": _get_scodoc_serial(),
"sco_user": str(REQUEST.AUTHENTICATED_USER),
"sent_by": sco_users.user_info(str(REQUEST.AUTHENTICATED_USER))[
"nomcomplet"
],
"sco_user": str(current_user),
"sent_by": sco_users.user_info(str(current_user))["nomcomplet"],
"sco_version": sco_version.SCOVERSION,
"sco_fullversion": scu.get_scodoc_version(),
},

View File

@ -30,6 +30,7 @@
"""
import flask
from flask import url_for, g, request
from flask_login import current_user
import app.scodoc.notesdb as ndb
import app.scodoc.sco_utils as scu
@ -544,7 +545,7 @@ def module_list(formation_id, REQUEST=None):
% F,
'<ul class="notes_module_list">',
]
editable = REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoChangeFormation)
editable = current_user.has_permission(Permission.ScoChangeFormation)
for Mod in do_module_list(args={"formation_id": formation_id}):
H.append('<li class="notes_module_list">%s' % Mod)

View File

@ -649,6 +649,12 @@ def make_etud_args(etudid=None, code_nip=None, use_request=True, raise_exc=True)
return args
def log_unknown_etud():
"""Log request: cas ou getEtudInfo n'a pas ramene de resultat"""
etud_args = make_etud_args(raise_exc=False)
log(f"unknown student: args={etud_args}")
def get_etud_info(etudid=False, code_nip=False, filled=False) -> list:
"""infos sur un etudiant (API). If not foud, returns empty list.
On peut specifier etudid ou code_nip

View File

@ -32,6 +32,7 @@ import xml.dom.minidom
import flask
from flask import g, url_for, request
from flask_login import current_user
import app.scodoc.sco_utils as scu
@ -247,7 +248,7 @@ def formation_list_table(formation_id=None, args={}, REQUEST=None):
"edit_img", border="0", alt="modifier", title="Modifier titres et code"
)
editable = REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoChangeFormation)
editable = current_user.has_permission(Permission.ScoChangeFormation)
# Traduit/ajoute des champs à afficher:
for f in formations:

View File

@ -40,6 +40,7 @@ import time
from flask import url_for, g, request
from flask_login import current_user
import app.scodoc.sco_utils as scu
from app.scodoc import html_sco_header
@ -798,7 +799,7 @@ def groups_table(
def tab_absences_html(groups_infos, etat=None, REQUEST=None):
"""contenu du tab "absences et feuilles diverses" """
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
H = ['<div class="tab-content">']
if not groups_infos.members:
return "".join(H) + "<h3>Aucun étudiant !</h3></div>"
@ -867,7 +868,7 @@ def tab_photos_html(groups_infos, etat=None, REQUEST=None):
def form_choix_jour_saisie_hebdo(groups_infos, moduleimpl_id=None, REQUEST=None):
"""Formulaire choix jour semaine pour saisie."""
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
if not authuser.has_permission(Permission.ScoAbsChange):
return ""
sem = groups_infos.formsemestre
@ -908,7 +909,7 @@ def form_choix_jour_saisie_hebdo(groups_infos, moduleimpl_id=None, REQUEST=None)
# Ajout Le Havre
# Formulaire saisie absences semaine
def form_choix_saisie_semaine(groups_infos, REQUEST=None):
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
if not authuser.has_permission(Permission.ScoAbsChange):
return ""
# construit l'URL "destination"

View File

@ -31,6 +31,7 @@ from operator import itemgetter
import flask
from flask import url_for, g, request
from flask_login import current_user
import app.scodoc.notesdb as ndb
import app.scodoc.sco_utils as scu
@ -250,7 +251,7 @@ def moduleimpl_inscriptions_stats(formsemestre_id, REQUEST=None):
tous sauf <liste d'au plus 7 noms>
"""
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
inscrits = sco_formsemestre_inscriptions.do_formsemestre_inscription_list(

View File

@ -64,7 +64,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
if (
sco_permissions_check.can_edit_notes(
REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
current_user, E["moduleimpl_id"], allow_ens=False
)
and nbnotes != 0
):
@ -80,7 +80,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
"evaluation_id": evaluation_id,
},
"enabled": sco_permissions_check.can_edit_notes(
REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"]
current_user, E["moduleimpl_id"]
),
},
{
@ -90,7 +90,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
"evaluation_id": evaluation_id,
},
"enabled": sco_permissions_check.can_edit_notes(
REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
current_user, E["moduleimpl_id"], allow_ens=False
),
},
{
@ -101,7 +101,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
},
"enabled": nbnotes == 0
and sco_permissions_check.can_edit_notes(
REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
current_user, E["moduleimpl_id"], allow_ens=False
),
},
{
@ -111,7 +111,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
"evaluation_id": evaluation_id,
},
"enabled": sco_permissions_check.can_edit_notes(
REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
current_user, E["moduleimpl_id"], allow_ens=False
),
},
{
@ -129,9 +129,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
"evaluation_id": evaluation_id,
},
"enabled": nbnotes == 0
and sco_permissions_check.can_edit_notes(
REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"]
),
and sco_permissions_check.can_edit_notes(current_user, E["moduleimpl_id"]),
},
{
"title": "Absences ce jour",

View File

@ -31,6 +31,7 @@
"""
from flask import url_for, g
from flask_login import current_user
import app.scodoc.sco_utils as scu
import app.scodoc.notesdb as ndb
@ -144,7 +145,7 @@ def _menuScolarite(authuser, sem, etudid):
def ficheEtud(etudid=None, REQUEST=None):
"fiche d'informations sur un etudiant"
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
cnx = ndb.GetDBConnexion()
if etudid and REQUEST:
# la sidebar est differente s'il y a ou pas un etudid
@ -491,7 +492,7 @@ def menus_etud(REQUEST=None):
"""Menu etudiant (operations sur l'etudiant)"""
if "etudid" not in REQUEST.form:
return ""
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
etud = sco_etud.get_etud_info(filled=True)[0]

View File

@ -36,6 +36,7 @@ import urllib
import flask
from flask import request
from flask_login import current_user
from app.scodoc.sco_exceptions import ScoValueError
import app.scodoc.sco_utils as scu
@ -234,7 +235,7 @@ def do_placement(REQUEST):
"""
Choisi le placement
"""
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
authusername = str(authuser)
try:
evaluation_id = int(REQUEST.form["evaluation_id"])

View File

@ -32,6 +32,7 @@ import time
from openpyxl.styles.numbers import FORMAT_NUMBER_00
from flask import request
from flask_login import current_user
import app.scodoc.sco_utils as scu
from app.scodoc import sco_abs
@ -321,7 +322,7 @@ def feuille_preparation_jury(formsemestre_id, REQUEST):
sco_version.SCONAME,
time.strftime("%d/%m/%Y"),
request.url_root,
REQUEST.AUTHENTICATED_USER,
current_user,
)
)
xls = ws.generate_standalone()

View File

@ -168,7 +168,7 @@ def do_evaluation_upload_xls(REQUEST):
"""
Soumission d'un fichier XLS (evaluation_id, notefile)
"""
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
evaluation_id = int(REQUEST.form["evaluation_id"])
comment = REQUEST.form["comment"]
E = sco_evaluations.do_evaluation_list({"evaluation_id": evaluation_id})[0]
@ -711,7 +711,7 @@ def saisie_notes_tableur(evaluation_id, group_ids=[], REQUEST=None):
#
H.append("""</div><h3>Autres opérations</h3><ul>""")
if sco_permissions_check.can_edit_notes(
REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
current_user, E["moduleimpl_id"], allow_ens=False
):
H.append(
"""
@ -1221,7 +1221,7 @@ def _form_saisie_notes(E, M, group_ids, destination="", REQUEST=None):
def save_note(etudid=None, evaluation_id=None, value=None, comment="", REQUEST=None):
"""Enregistre une note (ajax)"""
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
log(
"save_note: evaluation_id=%s etudid=%s uid=%s value=%s"
% (evaluation_id, etudid, authuser, value)

View File

@ -169,7 +169,7 @@ def external_ue_inscrit_et_note(
)
# Saisie des notes
_, _, _ = sco_saisie_notes._notes_add(
REQUEST.AUTHENTICATED_USER,
current_user,
evaluation_id,
list(notes_etuds.items()),
do_it=True,

View File

@ -479,7 +479,7 @@ def sanitize_string(s):
return suppress_accents(s.translate(trans)).replace(" ", "_").replace("\t", "_")
_BAD_FILENAME_CHARS = str.maketrans("", "", ":/\\")
_BAD_FILENAME_CHARS = str.maketrans("", "", ":/\\&")
def make_filename(name):
@ -512,6 +512,14 @@ def is_valid_filename(filename):
return VALID_EXP.match(filename)
def bul_filename(sem, etud, format):
"""Build a filename for this bulletin"""
dt = time.strftime("%Y-%m-%d")
filename = f"bul-{sem['titre_num']}-{dt}-{etud['nom']}.{format}"
filename = make_filename(filename)
return filename
def sendCSVFile(REQUEST, data, filename): # DEPRECATED ne plus utiliser
"""publication fichier.
(on ne doit rien avoir émis avant, car ici sont générés les entetes)
@ -791,35 +799,6 @@ def AnneeScolaire(sco_year=None):
return year
def log_unknown_etud(REQUEST=None, format="html"):
"""Log request: cas ou getEtudInfo n'a pas ramene de resultat"""
etudid = REQUEST.form.get("etudid", "?")
code_nip = REQUEST.form.get("code_nip", "?")
code_ine = REQUEST.form.get("code_ine", "?")
log(
"unknown student: etudid=%s code_nip=%s code_ine=%s"
% (etudid, code_nip, code_ine)
)
return _sco_error_response("unknown student", format=format, REQUEST=REQUEST)
# XXX #sco8 à tester ou ré-écrire
def _sco_error_response(msg, format="html", REQUEST=None):
"""Send an error message to the client, in html or xml format."""
REQUEST.RESPONSE.setStatus(404, reason=msg)
if format == "html" or format == "pdf":
raise sco_exceptions.ScoValueError(msg)
elif format == "xml":
REQUEST.RESPONSE.setHeader("content-type", XML_MIMETYPE)
doc = ElementTree.Element("error", msg=msg)
return sco_xml.XML_HEADER + ElementTree.tostring(doc).decode(SCO_ENCODING)
elif format == "json":
REQUEST.RESPONSE.setHeader("content-type", JSON_MIMETYPE)
return "undefined" # XXX voir quoi faire en cas d'erreur json
else:
raise ValueError("ScoErrorResponse: invalid format")
def return_text_if_published(val, REQUEST):
"""Pour les méthodes publiées qui ramènent soit du texte (HTML) soit du JSON
sauf quand elles sont appellées depuis python.

View File

@ -58,6 +58,7 @@ from xml.etree import ElementTree
import flask
from flask import g, request
from flask import url_for
from flask_login import current_user
from app.decorators import (
scodoc,
@ -124,7 +125,7 @@ def index_html(REQUEST=None):
"""Gestionnaire absences, page principale"""
# crude portage from 1999 DTML
sems = sco_formsemestre.do_formsemestre_list()
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
H = [
html_sco_header.sco_header(
@ -1069,7 +1070,9 @@ def AddBilletAbsence(
# check etudid
etuds = sco_etud.get_etud_info(etudid=etudid, code_nip=code_nip, filled=True)
if not etuds:
return scu.log_unknown_etud(REQUEST=REQUEST)
sco_etud.log_unknown_etud()
raise ScoValueError("étudiant inconnu")
etud = etuds[0]
# check dates
begin_date = dateutil.parser.isoparse(begin) # may raises ValueError
@ -1224,7 +1227,8 @@ def listeBilletsEtud(etudid=False, REQUEST=None, format="html"):
"""Liste billets pour un etudiant"""
etuds = sco_etud.get_etud_info(filled=True, etudid=etudid)
if not etuds:
return scu.log_unknown_etud(format=format, REQUEST=REQUEST)
sco_etud.log_unknown_etud()
raise ScoValueError("étudiant inconnu")
etud = etuds[0]
cnx = ndb.GetDBConnexion()

View File

@ -39,6 +39,7 @@ import time
import calendar
from flask import request
from flask_login import current_user
# MIGRATION EN COURS => MODULE DESACTIVE !
@ -81,7 +82,7 @@ def sidebar(REQUEST):
<ul class="insidebar">"""
% params,
]
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
if current_user.has_permission(Permission.ScoEntrepriseChange):
H.append(
"""<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_create" class="sidebar">Nouvelle entreprise</a> </li>"""
% params
@ -106,9 +107,7 @@ def sidebar(REQUEST):
<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_list?entreprise_id=%(entreprise_id)s" class="sidebar">Corresp.</a></li>"""
% params
) # """
if REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
):
if current_user.has_permission(Permission.ScoEntrepriseChange):
H.append(
"""<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau Corresp.</a></li>"""
% params
@ -117,9 +116,7 @@ def sidebar(REQUEST):
"""<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_list?entreprise_id=%(entreprise_id)s" class="sidebar">Contacts</a></li>"""
% params
)
if REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
):
if current_user.has_permission(Permission.ScoEntrepriseChange):
H.append(
"""<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau "contact"</a></li>"""
% params
@ -128,7 +125,7 @@ def sidebar(REQUEST):
#
H.append("""<br/><br/>%s""" % scu.icontag("entreprise_side_img"))
if not REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
if not current_user.has_permission(Permission.ScoEntrepriseChange):
H.append("""<br/><em>(Lecture seule)</em>""")
H.append("""</div> </div> <!-- end of sidebar -->""")
return "".join(H)
@ -303,7 +300,7 @@ def entreprise_contact_list(entreprise_id=None, format="html", REQUEST=None):
H.append(tab.html())
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
if current_user.has_permission(Permission.ScoEntrepriseChange):
if entreprise_id:
H.append(
"""<p class="entreprise_create"><a class="entreprise_create" href="entreprise_contact_create?entreprise_id=%(entreprise_id)s">nouveau "contact"</a></p>
@ -409,7 +406,7 @@ def entreprise_correspondant_list(
H.append(tab.html())
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
if current_user.has_permission(Permission.ScoEntrepriseChange):
H.append(
"""<p class="entreprise_create"><a class="entreprise_create" href="entreprise_correspondant_create?entreprise_id=%(entreprise_id)s">Ajouter un correspondant dans l'entreprise %(nom)s</a></p>
"""
@ -517,14 +514,12 @@ def entreprise_contact_edit(entreprise_contact_id, REQUEST=None):
cancelbutton="Annuler",
initvalues=c,
submitlabel="Modifier les valeurs",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
),
readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
)
if tf[0] == 0:
H.append(tf[1])
if REQUEST.AUTHENTICATED_USER.has_permission(
if current_user.has_permission(
Permission.ScoEntrepriseChange,
):
H.append(
@ -643,9 +638,7 @@ def entreprise_correspondant_edit(entreprise_corresp_id, REQUEST=None):
cancelbutton="Annuler",
initvalues=c,
submitlabel="Modifier les valeurs",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
),
readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
)
if tf[0] == 0:
H.append(tf[1])
@ -752,9 +745,7 @@ def entreprise_contact_create(entreprise_id, REQUEST=None):
),
cancelbutton="Annuler",
submitlabel="Ajouter ce contact",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
),
readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
)
if tf[0] == 0:
H.append(tf[1])
@ -791,7 +782,7 @@ def entreprise_contact_delete(entreprise_contact_id, REQUEST=None):
initvalues=c,
submitlabel="Confirmer la suppression",
cancelbutton="Annuler",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange),
readonly=not current_user.has_permission(ScoEntrepriseChange),
)
if tf[0] == 0:
H.append(tf[1])
@ -894,9 +885,7 @@ def entreprise_correspondant_create(entreprise_id, REQUEST=None):
),
cancelbutton="Annuler",
submitlabel="Ajouter ce correspondant",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
),
readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
)
if tf[0] == 0:
H.append(tf[1])
@ -928,9 +917,7 @@ def entreprise_correspondant_delete(entreprise_corresp_id, REQUEST=None):
initvalues=c,
submitlabel="Confirmer la suppression",
cancelbutton="Annuler",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
),
readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
)
if tf[0] == 0:
H.append(tf[1])
@ -984,9 +971,7 @@ def entreprise_delete(entreprise_id, REQUEST=None):
initvalues=E,
submitlabel="Confirmer la suppression",
cancelbutton="Annuler",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
),
readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
)
if tf[0] == 0:
H.append(tf[1])
@ -1081,9 +1066,7 @@ def entreprise_create(REQUEST=None):
),
cancelbutton="Annuler",
submitlabel="Ajouter cette entreprise",
readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
Permission.ScoEntrepriseChange
),
readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
)
if tf[0] == 0:
return "\n".join(H) + tf[1] + entreprise_footer(REQUEST)
@ -1099,7 +1082,7 @@ security.declareProtected(ScoEntrepriseView, "entreprise_edit")
def entreprise_edit(entreprise_id, REQUEST=None, start=1):
"""Form. edit entreprise"""
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
readonly = not authuser.has_permission(Permission.ScoEntrepriseChange)
F = sco_entreprises.do_entreprise_list(args={"entreprise_id": entreprise_id})[0]
H = [

View File

@ -406,7 +406,7 @@ sco_publish(
def index_html(REQUEST=None):
"Page accueil formations"
editable = REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoChangeFormation)
editable = current_user.has_permission(Permission.ScoChangeFormation)
H = [
html_sco_header.sco_header(page_title="Programmes formations"),
@ -2010,8 +2010,7 @@ def formsemestre_validation_etud(
"Enregistre choix jury pour un étudiant"
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
@ -2043,8 +2042,7 @@ def formsemestre_validation_etud_manu(
"Enregistre choix jury pour un étudiant"
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
@ -2069,8 +2067,7 @@ def formsemestre_validate_previous_ue(formsemestre_id, etudid=None, REQUEST=None
"Form. saisie UE validée hors ScoDoc"
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
return sco_formsemestre_validation.formsemestre_validate_previous_ue(
@ -2094,8 +2091,7 @@ def formsemestre_ext_edit_ue_validations(formsemestre_id, etudid=None, REQUEST=N
"Form. edition UE semestre extérieur"
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
return sco_formsemestre_exterieurs.formsemestre_ext_edit_ue_validations(
@ -2118,8 +2114,7 @@ def etud_ue_suppress_validation(etudid, formsemestre_id, ue_id, REQUEST=None):
"""Suppress a validation (ue_id, etudid) and redirect to formsemestre"""
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
return sco_formsemestre_validation.etud_ue_suppress_validation(
@ -2135,8 +2130,7 @@ def formsemestre_validation_auto(formsemestre_id, REQUEST):
"Formulaire saisie automatisee des decisions d'un semestre"
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
@ -2153,8 +2147,7 @@ def do_formsemestre_validation_auto(formsemestre_id, REQUEST):
"Formulaire saisie automatisee des decisions d'un semestre"
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
@ -2173,8 +2166,7 @@ def formsemestre_validation_suppress_etud(
"""Suppression des decisions de jury pour un etudiant."""
if not sco_permissions_check.can_validate_sem(formsemestre_id):
return scu.confirm_dialog(
message="<p>Opération non autorisée pour %s</h2>"
% REQUEST.AUTHENTICATED_USER,
message="<p>Opération non autorisée pour %s</h2>" % current_user,
dest_url=scu.ScoURL(),
)
if not dialog_confirmed:
@ -2510,7 +2502,7 @@ def check_form_integrity(formation_id, fix=False, REQUEST=None):
log("check_form_integrity: formation_id=%s\ninconsistencies:" % formation_id)
log(txt)
# Notify by e-mail
sendAlarm("Notes: formation incoherente !", txt)
send_scodoc_alarm("Notes: formation incoherente !", txt)
else:
txth = "OK"
log("ok")

View File

@ -1967,7 +1967,7 @@ def import_generate_admission_sample(REQUEST, formsemestre_id):
@scodoc7func
def form_students_import_infos_admissions(REQUEST, formsemestre_id=None):
"formulaire import xls"
authuser = REQUEST.AUTHENTICATED_USER
authuser = current_user
F = html_sco_header.sco_footer()
if not authuser.has_permission(Permission.ScoEtudInscrit):
# autorise juste l'export

View File

@ -546,7 +546,7 @@ def import_users_form(REQUEST=None):
if tf[0] == 0:
return "\n".join(H) + tf[1] + "</li></ol>" + help + F
elif tf[0] == -1:
return flask.redirect(back_url)
return flask.redirect(url_for("scolar.index_html", docodc_dept=g.scodoc_dept))
else:
# IMPORT
ok, diag, nb_created = sco_import_users.import_excel_file(tf[2]["xlsfile"])
@ -654,8 +654,8 @@ def change_password(user_name, password, password2, REQUEST):
if not can_handle_passwd(u):
# access denied
log(
"change_password: access denied (authuser=%s, user_name=%s, ip=%s)"
% (REQUEST.AUTHENTICATED_USER, user_name, REQUEST.REMOTE_ADDR)
"change_password: access denied (authuser=%s, user_name=%s)"
% (current_user, user_name)
)
raise AccessDenied("vous n'avez pas la permission de changer ce mot de passe")
H = []