diff --git a/app/models/moduleimpls.py b/app/models/moduleimpls.py index 36f5066e4..2b9313fad 100644 --- a/app/models/moduleimpls.py +++ b/app/models/moduleimpls.py @@ -253,6 +253,27 @@ class ModuleImpl(ScoDocModel): return False return True + def can_change_inscriptions(self, user: User | None = None, raise_exc=True) -> bool: + """check si user peut inscrire/désinsincrire des étudiants à ce module. + Autorise ScoEtudInscrit ou responsables semestre. + """ + user = current_user if user is None else user + if not self.formsemestre.etat: + if raise_exc: + raise ScoLockedSemError("Modification impossible: semestre verrouille") + return False + # -- check access + # resp. module ou ou perm. EtudInscrit ou resp. semestre + if ( + user.id != self.responsable_id + and not user.has_permission(Permission.EtudInscrit) + and user.id not in (u.id for u in self.formsemestre.responsables) + ): + if raise_exc: + raise AccessDenied(f"Modification impossible pour {user}") + return False + return True + def est_inscrit(self, etud: Identite) -> bool: """ Vérifie si l'étudiant est bien inscrit au moduleimpl (même si DEM ou DEF au semestre). diff --git a/app/scodoc/sco_moduleimpl.py b/app/scodoc/sco_moduleimpl.py index 5cd3a1c06..86c4dfe97 100644 --- a/app/scodoc/sco_moduleimpl.py +++ b/app/scodoc/sco_moduleimpl.py @@ -30,9 +30,6 @@ import psycopg2 -from app import db - -from app.models import Formation from app.scodoc import scolog from app.scodoc import sco_cache import app.scodoc.notesdb as ndb @@ -56,7 +53,8 @@ _moduleimplEditor = ndb.EditableTable( def do_moduleimpl_create(args): "create a moduleimpl" - # TODO remplacer par une methode de ModuleImpl qui appelle super().create_from_dict() puis invalide le formsemestre + # TODO remplacer par une methode de ModuleImpl qui appelle + # super().create_from_dict() puis invalide le formsemestre cnx = ndb.GetDBConnexion() r = _moduleimplEditor.create(cnx, args) sco_cache.invalidate_formsemestre( diff --git a/app/scodoc/sco_moduleimpl_inscriptions.py b/app/scodoc/sco_moduleimpl_inscriptions.py index 8f79e46f7..7b5eaa2e1 100644 --- a/app/scodoc/sco_moduleimpl_inscriptions.py +++ b/app/scodoc/sco_moduleimpl_inscriptions.py @@ -79,9 +79,9 @@ def moduleimpl_inscriptions_edit( modimpl = ModuleImpl.get_modimpl(moduleimpl_id) module = modimpl.module formsemestre = modimpl.formsemestre - # -- check lock - if not formsemestre.etat: - raise ScoValueError("opération impossible: semestre verrouille") + # -- check permission (and lock) + if not modimpl.can_change_inscriptions(): + return # can_change_inscriptions raises exception header = html_sco_header.sco_header( page_title="Inscription au module", init_qtip=True, diff --git a/app/scodoc/sco_moduleimpl_status.py b/app/scodoc/sco_moduleimpl_status.py index 0588cc981..1890b87de 100644 --- a/app/scodoc/sco_moduleimpl_status.py +++ b/app/scodoc/sco_moduleimpl_status.py @@ -196,9 +196,7 @@ def _ue_coefs_html(modimpl: ModuleImpl) -> str: def moduleimpl_status(moduleimpl_id=None, partition_id=None): """Tableau de bord module (liste des evaluations etc)""" - if not isinstance(moduleimpl_id, int): - raise ScoInvalidIdType("moduleimpl_id must be an integer !") - modimpl: ModuleImpl = ModuleImpl.query.get_or_404(moduleimpl_id) + modimpl: ModuleImpl = ModuleImpl.get_modimpl(moduleimpl_id) g.current_moduleimpl_id = modimpl.id module: Module = modimpl.module formsemestre_id = modimpl.formsemestre_id @@ -312,10 +310,13 @@ def moduleimpl_status(moduleimpl_id=None, partition_id=None): H.append( f"""Inscrits: {len(mod_inscrits)} étudiants""" ) - if current_user.has_permission(Permission.EtudInscrit): + if modimpl.can_change_inscriptions(raise_exc=False): H.append( f"""modifier""" + href="{ + url_for("notes.moduleimpl_inscriptions_edit", + scodoc_dept=g.scodoc_dept, moduleimpl_id=modimpl.id + )}">modifier""" ) H.append("") # Ligne: règle de calcul diff --git a/app/views/notes.py b/app/views/notes.py index 79c2dbdf4..8834834f9 100644 --- a/app/views/notes.py +++ b/app/views/notes.py @@ -1633,7 +1633,7 @@ sco_publish( sco_publish( "/moduleimpl_inscriptions_edit", sco_moduleimpl_inscriptions.moduleimpl_inscriptions_edit, - Permission.EtudInscrit, + Permission.ScoView, methods=["GET", "POST"], ) sco_publish(