Restreint accès aux saisies de notes (admin et self)

This commit is contained in:
Emmanuel Viennet 2024-11-05 09:19:27 +01:00
parent e5a3e3a5a0
commit 8135038edb
4 changed files with 28 additions and 26 deletions

View File

@ -48,6 +48,9 @@ def operations_user_notes(uid: int):
----- -----
uid: l'id de l'utilisateur uid: l'id de l'utilisateur
""" """
# --- Permission: restreint au superadmin ou à l'utilisateur lui-même
if not app.current_user.is_administrator() and app.current_user.id != uid:
return {"error": "Permission denied"}, 403
start = int(app.request.args.get("start", 0)) start = int(app.request.args.get("start", 0))
length = min(int(app.request.args.get("length", 10)), MAX_QUERY_LENGTH) length = min(int(app.request.args.get("length", 10)), MAX_QUERY_LENGTH)
order = app.request.args.get("order[dir]", "desc") order = app.request.args.get("order[dir]", "desc")

View File

@ -137,9 +137,6 @@ _identiteEditor = ndb.EditableTable(
( (
"admission_id", "admission_id",
"boursier", "boursier",
"cas_allow_login",
"cas_allow_scodoc_login",
"cas_id",
"civilite_etat_civil", "civilite_etat_civil",
"civilite", # 'M", "F", or "X" "civilite", # 'M", "F", or "X"
"code_ine", "code_ine",

View File

@ -115,31 +115,33 @@ div.scobox.saisies-notes {
</div> </div>
{% endfor %} {% endfor %}
<div class="scobox saisies-notes">
<div class="scobox saisies-notes"> {% if current_user.is_administrator() or current_user.id == user.id %}
<div class="scobox-title"> <div class="scobox-title">
Dernières saisies de notes par {{user.get_prenomnom()}} Dernières saisies de notes par {{user.get_prenomnom()}}
</div> </div>
<table id="saisies-notes" class="display" style="width:100%"> <table id="saisies-notes" class="display" style="width:100%">
<thead> <thead>
<tr> <tr>
<th>Date</th> <th>Date</th>
<th>Évaluation</th> <th>Évaluation</th>
<th>Étudiant</th> <th>Étudiant</th>
<th>Note</th> <th>Note</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<!-- Data will be loaded dynamically via JavaScript --> <!-- Data will be loaded dynamically via JavaScript -->
</tbody> </tbody>
</table> </table>
{% else %}
<div class="help">
Vous n'avez pas les droits pour voir les notes de cet utilisateur.
</div>
{% endif %}
</div>
</div> </div>
</div>
{% endblock app_content %} {% endblock app_content %}

View File

@ -3,7 +3,7 @@
"Infos sur version ScoDoc" "Infos sur version ScoDoc"
SCOVERSION = "9.7.38" SCOVERSION = "9.7.39"
SCONAME = "ScoDoc" SCONAME = "ScoDoc"