From e989a4ffa8b59fefb100841b18e3aea342308faf Mon Sep 17 00:00:00 2001 From: Lyanis Souidi Date: Sat, 10 Feb 2024 15:53:57 +0100 Subject: [PATCH] =?UTF-8?q?Restreint=20l'acc=C3=A8s=20aux=20annotations=20?= =?UTF-8?q?via=20l'API=20=C3=A0=20la=20permission=20ViewEtudData?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/etudiants.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/models/etudiants.py b/app/models/etudiants.py index 21b8d1cea..86490dd38 100644 --- a/app/models/etudiants.py +++ b/app/models/etudiants.py @@ -519,7 +519,7 @@ class Identite(models.ScoDocModel): e.pop("departement", None) e["sort_key"] = self.sort_key e["annotations"] = [ - annot.to_dict() + annot.to_dict(restrict=restrict) for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by( desc(EtudAnnotation.date) ) @@ -1082,10 +1082,14 @@ class EtudAnnotation(db.Model): author = db.Column(db.Text) # le pseudo (user_name), was zope_authenticated_user comment = db.Column(db.Text) - def to_dict(self): - """Représentation dictionnaire.""" + protected_attrs = {"comment"} + + def to_dict(self, restrict=False): + """Représentation dictionnaire. Si restrict, filtre les champs protégés (RGPD).""" e = dict(self.__dict__) e.pop("_sa_instance_state", None) + if restrict: + e = {k: v for (k, v) in e.items() if k not in self.protected_attrs} return e