diff --git a/app/views/users.py b/app/views/users.py index 0655da50..06f49979 100644 --- a/app/views/users.py +++ b/app/views/users.py @@ -149,7 +149,7 @@ def user_info(user_name, format="json"): @scodoc @permission_required(Permission.ScoUsersAdmin) @scodoc7func -def create_user_form(user_name=None, edit=0, all_roles=1): +def create_user_form(user_name=None, edit=0, all_roles=False): "form. création ou édition utilisateur" if user_name is not None: # scodoc7func converti en int ! user_name = str(user_name) @@ -218,9 +218,11 @@ def create_user_form(user_name=None, edit=0, all_roles=1): } if current_user.is_administrator(): editable_roles_set |= { - (Role.get_named_role(r), "") + (Role.get_named_role(r), None) for r in sco_roles_default.ROLES_ATTRIBUABLES_SCODOC } + # Un super-admin peut nommer d'autres super-admin: + editable_roles_set |= {(Role.get_named_role("SuperAdmin"), None)} # if not edit: submitlabel = "Créer utilisateur" @@ -251,16 +253,23 @@ def create_user_form(user_name=None, edit=0, all_roles=1): orig_roles_strings = {r.name + "_" + (dept or "") for (r, dept) in orig_roles} # add existing user roles displayed_roles = list(editable_roles_set.union(orig_roles)) - displayed_roles.sort(key=lambda x: (x[1] or "", x[0].name or "")) + displayed_roles.sort( + key=lambda x: ( + x[1] or "", + (x[0].name or "") if x[0].name != "SuperAdmin" else "A", + ) + ) displayed_roles_strings = [ r.name + "_" + (dept or "") for (r, dept) in displayed_roles ] - displayed_roles_labels = [f"{dept}: {r.name}" for (r, dept) in displayed_roles] + displayed_roles_labels = [ + f"{dept or 'tout dépt.'}: {r.name}" for (r, dept) in displayed_roles + ] disabled_roles = {} # pour désactiver les roles que l'on ne peut pas éditer for i in range(len(displayed_roles_strings)): if displayed_roles_strings[i] not in editable_roles_strings: disabled_roles[i] = True - + breakpoint() descr = [ ("edit", {"input_type": "hidden", "default": edit}), ("nom", {"title": "Nom", "size": 20, "allow_null": False}),