forked from ScoDoc/ScoDoc
Restreint accès aux saisies de notes (admin et self)
This commit is contained in:
parent
e5a3e3a5a0
commit
8135038edb
@ -48,6 +48,9 @@ def operations_user_notes(uid: int):
|
||||
-----
|
||||
uid: l'id de l'utilisateur
|
||||
"""
|
||||
# --- Permission: restreint au superadmin ou à l'utilisateur lui-même
|
||||
if not app.current_user.is_administrator() and app.current_user.id != uid:
|
||||
return {"error": "Permission denied"}, 403
|
||||
start = int(app.request.args.get("start", 0))
|
||||
length = min(int(app.request.args.get("length", 10)), MAX_QUERY_LENGTH)
|
||||
order = app.request.args.get("order[dir]", "desc")
|
||||
|
@ -137,9 +137,6 @@ _identiteEditor = ndb.EditableTable(
|
||||
(
|
||||
"admission_id",
|
||||
"boursier",
|
||||
"cas_allow_login",
|
||||
"cas_allow_scodoc_login",
|
||||
"cas_id",
|
||||
"civilite_etat_civil",
|
||||
"civilite", # 'M", "F", or "X"
|
||||
"code_ine",
|
||||
|
@ -115,8 +115,8 @@ div.scobox.saisies-notes {
|
||||
</div>
|
||||
{% endfor %}
|
||||
|
||||
|
||||
<div class="scobox saisies-notes">
|
||||
{% if current_user.is_administrator() or current_user.id == user.id %}
|
||||
<div class="scobox-title">
|
||||
Dernières saisies de notes par {{user.get_prenomnom()}}
|
||||
</div>
|
||||
@ -133,13 +133,15 @@ div.scobox.saisies-notes {
|
||||
<!-- Data will be loaded dynamically via JavaScript -->
|
||||
</tbody>
|
||||
</table>
|
||||
{% else %}
|
||||
<div class="help">
|
||||
Vous n'avez pas les droits pour voir les notes de cet utilisateur.
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
{% endblock app_content %}
|
||||
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
"Infos sur version ScoDoc"
|
||||
|
||||
SCOVERSION = "9.7.38"
|
||||
SCOVERSION = "9.7.39"
|
||||
|
||||
SCONAME = "ScoDoc"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user