Elimine les attributs de ZREQUEST, sauf forms.

2021-09-18 13:42:19 +02:00 · 2021-09-18 13:42:19 +02:00 · 7daa49f2aa
commit 7daa49f2aa
parent 987800c30e
25 changed files with 127 additions and 175 deletions
--- a/app/decorators.py
+++ b/app/decorators.py
@ -55,8 +55,8 @@ class ZRequest(object):
        # query_string is bytes:
        # self.QUERY_STRING = request.query_string.decode("utf-8")
        # self.REQUEST_METHOD = request.method
-        self.AUTHENTICATED_USER = current_user
+        # self.AUTHENTICATED_USER = current_user
-        self.REMOTE_ADDR = request.remote_addr
+        # self.REMOTE_ADDR = request.remote_addr
        if request.method == "POST":
            # request.form is a werkzeug.datastructures.ImmutableMultiDict
            # must copy to get a mutable version (needed by TrivialFormulator)
--- a/app/scodoc/sco_archives.py
+++ b/app/scodoc/sco_archives.py
@ -57,6 +57,7 @@ import time
 import flask
 from flask import g, request
 from flask_login import current_user
 import app.scodoc.sco_utils as scu
 from config import Config
@ -382,9 +383,7 @@ def formsemestre_archive(REQUEST, formsemestre_id, group_ids=[]):
    (all students or only selected groups)
    """
    if not sco_permissions_check.can_edit_pv(formsemestre_id):
-        raise AccessDenied(
+        raise AccessDenied("opération non autorisée pour %s" % str(current_user))
            "opération non autorisée pour %s" % str(REQUEST.AUTHENTICATED_USER)
        )
    sem = sco_formsemestre.get_formsemestre(formsemestre_id)
    if not group_ids:
@ -559,9 +558,7 @@ def formsemestre_delete_archive(
 ):
    """Delete an archive"""
    if not sco_permissions_check.can_edit_pv(formsemestre_id):
-        raise AccessDenied(
+        raise AccessDenied("opération non autorisée pour %s" % str(current_user))
            "opération non autorisée pour %s" % str(REQUEST.AUTHENTICATED_USER)
        )
    sem = sco_formsemestre.get_formsemestre(formsemestre_id)
    sem_archive_id = formsemestre_id
    archive_id = PVArchive.get_id_from_name(sem_archive_id, archive_name)
--- a/app/scodoc/sco_archives_etud.py
+++ b/app/scodoc/sco_archives_etud.py
@ -31,6 +31,7 @@
 """
 import flask
 from flask import url_for, g, request
 from flask_login import current_user
 import app.scodoc.sco_utils as scu
 from app.scodoc import sco_import_etuds
@ -60,7 +61,7 @@ def can_edit_etud_archive(authuser):
 def etud_list_archives_html(REQUEST, etudid):
    """HTML snippet listing archives"""
-    can_edit = can_edit_etud_archive(REQUEST.AUTHENTICATED_USER)
+    can_edit = can_edit_etud_archive(current_user)
    etuds = sco_etud.get_etud_info(etudid=etudid)
    if not etuds:
        raise ScoValueError("étudiant inexistant")
@ -133,10 +134,8 @@ def add_archives_info_to_etud_list(etuds):
 def etud_upload_file_form(REQUEST, etudid):
    """Page with a form to choose and upload a file, with a description."""
    # check permission
-    if not can_edit_etud_archive(REQUEST.AUTHENTICATED_USER):
+    if not can_edit_etud_archive(current_user):
-        raise AccessDenied(
+        raise AccessDenied("opération non autorisée pour %s" % current_user)
            "opération non autorisée pour %s" % REQUEST.AUTHENTICATED_USER
        )
    etuds = sco_etud.get_etud_info(filled=True)
    if not etuds:
        raise ScoValueError("étudiant inexistant")
@ -202,10 +201,8 @@ def _store_etud_file_to_new_archive(etud_archive_id, data, filename, description
 def etud_delete_archive(REQUEST, etudid, archive_name, dialog_confirmed=False):
    """Delete an archive"""
    # check permission
-    if not can_edit_etud_archive(REQUEST.AUTHENTICATED_USER):
+    if not can_edit_etud_archive(current_user):
-        raise AccessDenied(
+        raise AccessDenied("opération non autorisée pour %s" % str(current_user))
            "opération non autorisée pour %s" % str(REQUEST.AUTHENTICATED_USER)
        )
    etuds = sco_etud.get_etud_info(filled=True)
    if not etuds:
        raise ScoValueError("étudiant inexistant")
--- a/app/scodoc/sco_bulletins.py
+++ b/app/scodoc/sco_bulletins.py
@ -48,7 +48,7 @@ import app.scodoc.sco_utils as scu
 import app.scodoc.notesdb as ndb
 from app import log
 from app.scodoc.sco_permissions import Permission
-from app.scodoc.sco_exceptions import AccessDenied
+from app.scodoc.sco_exceptions import AccessDenied, ScoValueError
 from app.scodoc import html_sco_header
 from app.scodoc import htmlutils
 from app.scodoc import sco_abs
@ -121,9 +121,7 @@ def make_context_dict(sem, etud):
    return C
-def formsemestre_bulletinetud_dict(
+def formsemestre_bulletinetud_dict(formsemestre_id, etudid, version="long"):
    formsemestre_id, etudid, version="long", REQUEST=None
 ):
    """Collecte informations pour bulletin de notes
    Retourne un dictionnaire (avec valeur par défaut chaine vide).
    Le contenu du dictionnaire dépend des options (rangs, ...)
@ -143,10 +141,7 @@ def formsemestre_bulletinetud_dict(
    I["etudid"] = etudid
    I["formsemestre_id"] = formsemestre_id
    I["sem"] = nt.sem
    if REQUEST:
    I["server_name"] = request.url_root
    else:
        I["server_name"] = ""
    # Formation et parcours
    I["formation"] = sco_formations.formation_list(
@ -778,7 +773,10 @@ def formsemestre_bulletinetud(
        etud = sco_etud.get_etud_info(filled=True)[0]
        etudid = etud["etudid"]
    except:
-        return scu.log_unknown_etud(REQUEST, format=format)
+        sco_etud.log_unknown_etud()
        raise ScoValueError("étudiant inconnu")
    sem = sco_formsemestre.get_formsemestre(formsemestre_id)
    bulletin = do_formsemestre_bulletinetud(
        formsemestre_id,
@ -791,7 +789,8 @@ def formsemestre_bulletinetud(
        REQUEST=REQUEST,
    )[0]
    if format not in {"html", "pdfmail"}:
-        return bulletin
+        filename = scu.bul_filename(sem, etud, format)
        return scu.send_file(bulletin, filename, mime=scu.get_mime_suffix(format))
    sem = sco_formsemestre.get_formsemestre(formsemestre_id)
    H = [
@ -862,14 +861,13 @@ def do_formsemestre_bulletinetud(
 ):
    """Génère le bulletin au format demandé.
    Retourne: (bul, filigranne)
-    où bul est au format demandé (html, pdf, pdfmail, pdfpart, xml)
+    où bul est str ou bytes au format demandé (html, pdf, pdfmail, pdfpart, xml, json)
    et filigranne est un message à placer en "filigranne" (eg "Provisoire").
    """
    if format == "xml":
        bul = sco_bulletins_xml.make_xml_formsemestre_bulletinetud(
            formsemestre_id,
            etudid,
            REQUEST=REQUEST,
            xml_with_decisions=xml_with_decisions,
            force_publishing=force_publishing,
            version=version,
@ -881,19 +879,18 @@ def do_formsemestre_bulletinetud(
        bul = sco_bulletins_json.make_json_formsemestre_bulletinetud(
            formsemestre_id,
            etudid,
            REQUEST=REQUEST,
            xml_with_decisions=xml_with_decisions,
            force_publishing=force_publishing,
            version=version,
        )
        return bul, ""
-    I = formsemestre_bulletinetud_dict(formsemestre_id, etudid, REQUEST=REQUEST)
+    I = formsemestre_bulletinetud_dict(formsemestre_id, etudid)
    etud = I["etud"]
    if format == "html":
        htm, _ = sco_bulletins_generator.make_formsemestre_bulletinetud(
-            I, version=version, format="html", REQUEST=REQUEST
+            I, version=version, format="html"
        )
        return htm, I["filigranne"]
@ -903,7 +900,6 @@ def do_formsemestre_bulletinetud(
            version=version,
            format="pdf",
            stand_alone=(format != "pdfpart"),
            REQUEST=REQUEST,
        )
        if format == "pdf":
            return (
@ -923,11 +919,11 @@ def do_formsemestre_bulletinetud(
            htm = ""  # speed up if html version not needed
        else:
            htm, _ = sco_bulletins_generator.make_formsemestre_bulletinetud(
-                I, version=version, format="html", REQUEST=REQUEST
+                I, version=version, format="html"
            )
        pdfdata, filename = sco_bulletins_generator.make_formsemestre_bulletinetud(
-            I, version=version, format="pdf", REQUEST=REQUEST
+            I, version=version, format="pdf"
        )
        if prefer_mail_perso:
@ -998,7 +994,7 @@ def mail_bulletin(formsemestre_id, I, pdfdata, filename, recipient_addr):
    # Attach pdf
    msg.attach(filename, scu.PDF_MIMETYPE, pdfdata)
-
+    breakpoint()
    log("mail bulletin a %s" % recipient_addr)
    email.send_message(msg)
@ -1119,6 +1115,16 @@ def _formsemestre_bulletinetud_header_html(
            "enabled": etud["emailperso"]
            and can_send_bulletin_by_mail(formsemestre_id),
        },
        {
            "title": "Version json",
            "endpoint": endpoint,
            "args": {
                "formsemestre_id": formsemestre_id,
                "etudid": etudid,
                "version": version,
                "format": "json",
            },
        },
        {
            "title": "Version XML",
            "endpoint": endpoint,
--- a/app/scodoc/sco_bulletins_generator.py
+++ b/app/scodoc/sco_bulletins_generator.py
@ -53,6 +53,7 @@ from reportlab.platypus import SimpleDocTemplate, Paragraph, Spacer, Frame, Page
 from reportlab.platypus import Table, TableStyle, Image, KeepInFrame
 from flask import request
 from flask_login import current_user
 from app.scodoc import sco_utils as scu
 from app.scodoc.sco_exceptions import NoteProcessError
@ -150,14 +151,7 @@ class BulletinGenerator(object):
    def get_filename(self):
        """Build a filename to be proposed to the web client"""
        sem = sco_formsemestre.get_formsemestre(self.infos["formsemestre_id"])
-        dt = time.strftime("%Y-%m-%d")
+        return scu.bul_filename(sem, self.infos["etud"], "pdf")
        filename = "bul-%s-%s-%s.pdf" % (
            sem["titre_num"],
            dt,
            self.infos["etud"]["nom"],
        )
        filename = scu.unescape_html(filename).replace(" ", "_").replace("&", "")
        return filename
    def generate(self, format="", stand_alone=True):
        """Return bulletin in specified format"""
@ -262,7 +256,6 @@ def make_formsemestre_bulletinetud(
    version="long",  # short, long, selectedevals
    format="pdf",  # html, pdf
    stand_alone=True,
    REQUEST=None,
 ):
    """Bulletin de notes
@ -288,7 +281,7 @@ def make_formsemestre_bulletinetud(
        PDFLOCK.acquire()
        bul_generator = gen_class(
            infos,
-            authuser=REQUEST.AUTHENTICATED_USER,
+            authuser=current_user,
            version=version,
            filigranne=infos["filigranne"],
            server_name=request.url_root,
@ -303,7 +296,7 @@ def make_formsemestre_bulletinetud(
            gen_class = bulletin_get_class(bul_class_name)
            bul_generator = gen_class(
                infos,
-                authuser=REQUEST.AUTHENTICATED_USER,
+                authuser=current_user,
                version=version,
                filigranne=infos["filigranne"],
                server_name=request.url_root,
--- a/app/scodoc/sco_bulletins_json.py
+++ b/app/scodoc/sco_bulletins_json.py
@ -47,27 +47,22 @@ from app.scodoc import sco_etud
 def make_json_formsemestre_bulletinetud(
-    formsemestre_id,
+    formsemestre_id: int,
-    etudid,
+    etudid: int,
    REQUEST=None,
    xml_with_decisions=False,
    version="long",
    force_publishing=False,  # force publication meme si semestre non publie sur "portail"
-):
+) -> str:
    """Renvoie bulletin en chaine JSON"""
    d = formsemestre_bulletinetud_published_dict(
        formsemestre_id,
        etudid,
        force_publishing=force_publishing,
        REQUEST=REQUEST,
        xml_with_decisions=xml_with_decisions,
        version=version,
    )
    if REQUEST:
        REQUEST.RESPONSE.setHeader("content-type", scu.JSON_MIMETYPE)
    return json.dumps(d, cls=scu.ScoDocJSONEncoder)
@ -79,7 +74,6 @@ def formsemestre_bulletinetud_published_dict(
    etudid,
    force_publishing=False,
    xml_nodate=False,
    REQUEST=None,
    xml_with_decisions=False,  # inclue les decisions même si non publiées
    version="long",
 ):
--- a/app/scodoc/sco_bulletins_xml.py
+++ b/app/scodoc/sco_bulletins_xml.py
@ -69,16 +69,13 @@ def make_xml_formsemestre_bulletinetud(
    doc=None,  # XML document
    force_publishing=False,
    xml_nodate=False,
    REQUEST=None,
    xml_with_decisions=False,  # inclue les decisions même si non publiées
    version="long",
-):
+) -> str:
    "bulletin au format XML"
    from app.scodoc import sco_bulletins
    log("xml_bulletin( formsemestre_id=%s, etudid=%s )" % (formsemestre_id, etudid))
    if REQUEST:
        REQUEST.RESPONSE.setHeader("content-type", scu.XML_MIMETYPE)
    sem = sco_formsemestre.get_formsemestre(formsemestre_id)
    if (not sem["bul_hide_xml"]) or force_publishing:
--- a/app/scodoc/sco_dump_db.py
+++ b/app/scodoc/sco_dump_db.py
@ -51,6 +51,7 @@ import fcntl
 import subprocess
 import requests
 from flask_login import current_user
 import app.scodoc.notesdb as ndb
 import app.scodoc.sco_utils as scu
@ -190,10 +191,8 @@ def _send_db(REQUEST, ano_db_name):
        data={
            "dept_name": sco_preferences.get_preference("DeptName"),
            "serial": _get_scodoc_serial(),
-            "sco_user": str(REQUEST.AUTHENTICATED_USER),
+            "sco_user": str(current_user),
-            "sent_by": sco_users.user_info(str(REQUEST.AUTHENTICATED_USER))[
+            "sent_by": sco_users.user_info(str(current_user))["nomcomplet"],
                "nomcomplet"
            ],
            "sco_version": sco_version.SCOVERSION,
            "sco_fullversion": scu.get_scodoc_version(),
        },
--- a/app/scodoc/sco_edit_module.py
+++ b/app/scodoc/sco_edit_module.py
@ -30,6 +30,7 @@
 """
 import flask
 from flask import url_for, g, request
 from flask_login import current_user
 import app.scodoc.notesdb as ndb
 import app.scodoc.sco_utils as scu
@ -544,7 +545,7 @@ def module_list(formation_id, REQUEST=None):
        % F,
        '<ul class="notes_module_list">',
    ]
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoChangeFormation)
+    editable = current_user.has_permission(Permission.ScoChangeFormation)
    for Mod in do_module_list(args={"formation_id": formation_id}):
        H.append('<li class="notes_module_list">%s' % Mod)
--- a/app/scodoc/sco_etud.py
+++ b/app/scodoc/sco_etud.py
@ -649,6 +649,12 @@ def make_etud_args(etudid=None, code_nip=None, use_request=True, raise_exc=True)
    return args
 def log_unknown_etud():
    """Log request: cas ou getEtudInfo n'a pas ramene de resultat"""
    etud_args = make_etud_args(raise_exc=False)
    log(f"unknown student: args={etud_args}")
 def get_etud_info(etudid=False, code_nip=False, filled=False) -> list:
    """infos sur un etudiant (API). If not foud, returns empty list.
    On peut specifier etudid ou code_nip
--- a/app/scodoc/sco_formations.py
+++ b/app/scodoc/sco_formations.py
@ -32,6 +32,7 @@ import xml.dom.minidom
 import flask
 from flask import g, url_for, request
 from flask_login import current_user
 import app.scodoc.sco_utils as scu
@ -247,7 +248,7 @@ def formation_list_table(formation_id=None, args={}, REQUEST=None):
        "edit_img", border="0", alt="modifier", title="Modifier titres et code"
    )
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoChangeFormation)
+    editable = current_user.has_permission(Permission.ScoChangeFormation)
    # Traduit/ajoute des champs à afficher:
    for f in formations:
--- a/app/scodoc/sco_groups_view.py
+++ b/app/scodoc/sco_groups_view.py
@ -40,6 +40,7 @@ import time
 from flask import url_for, g, request
 from flask_login import current_user
 import app.scodoc.sco_utils as scu
 from app.scodoc import html_sco_header
@ -798,7 +799,7 @@ def groups_table(
 def tab_absences_html(groups_infos, etat=None, REQUEST=None):
    """contenu du tab "absences et feuilles diverses" """
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    H = ['<div class="tab-content">']
    if not groups_infos.members:
        return "".join(H) + "<h3>Aucun étudiant !</h3></div>"
@ -867,7 +868,7 @@ def tab_photos_html(groups_infos, etat=None, REQUEST=None):
 def form_choix_jour_saisie_hebdo(groups_infos, moduleimpl_id=None, REQUEST=None):
    """Formulaire choix jour semaine pour saisie."""
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    if not authuser.has_permission(Permission.ScoAbsChange):
        return ""
    sem = groups_infos.formsemestre
@ -908,7 +909,7 @@ def form_choix_jour_saisie_hebdo(groups_infos, moduleimpl_id=None, REQUEST=None)
 # Ajout Le Havre
 # Formulaire saisie absences semaine
 def form_choix_saisie_semaine(groups_infos, REQUEST=None):
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    if not authuser.has_permission(Permission.ScoAbsChange):
        return ""
    # construit l'URL "destination"
--- a/app/scodoc/sco_moduleimpl_inscriptions.py
+++ b/app/scodoc/sco_moduleimpl_inscriptions.py
@ -31,6 +31,7 @@ from operator import itemgetter
 import flask
 from flask import url_for, g, request
 from flask_login import current_user
 import app.scodoc.notesdb as ndb
 import app.scodoc.sco_utils as scu
@ -250,7 +251,7 @@ def moduleimpl_inscriptions_stats(formsemestre_id, REQUEST=None):
      tous sauf <liste d'au plus 7 noms>
    """
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    sem = sco_formsemestre.get_formsemestre(formsemestre_id)
    inscrits = sco_formsemestre_inscriptions.do_formsemestre_inscription_list(
--- a/app/scodoc/sco_moduleimpl_status.py
+++ b/app/scodoc/sco_moduleimpl_status.py
@ -64,7 +64,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
    if (
        sco_permissions_check.can_edit_notes(
-            REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
+            current_user, E["moduleimpl_id"], allow_ens=False
        )
        and nbnotes != 0
    ):
@ -80,7 +80,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
                "evaluation_id": evaluation_id,
            },
            "enabled": sco_permissions_check.can_edit_notes(
-                REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"]
+                current_user, E["moduleimpl_id"]
            ),
        },
        {
@ -90,7 +90,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
                "evaluation_id": evaluation_id,
            },
            "enabled": sco_permissions_check.can_edit_notes(
-                REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
+                current_user, E["moduleimpl_id"], allow_ens=False
            ),
        },
        {
@ -101,7 +101,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
            },
            "enabled": nbnotes == 0
            and sco_permissions_check.can_edit_notes(
-                REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
+                current_user, E["moduleimpl_id"], allow_ens=False
            ),
        },
        {
@ -111,7 +111,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
                "evaluation_id": evaluation_id,
            },
            "enabled": sco_permissions_check.can_edit_notes(
-                REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
+                current_user, E["moduleimpl_id"], allow_ens=False
            ),
        },
        {
@ -129,9 +129,7 @@ def moduleimpl_evaluation_menu(evaluation_id, nbnotes=0, REQUEST=None):
                "evaluation_id": evaluation_id,
            },
            "enabled": nbnotes == 0
-            and sco_permissions_check.can_edit_notes(
+            and sco_permissions_check.can_edit_notes(current_user, E["moduleimpl_id"]),
                REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"]
            ),
        },
        {
            "title": "Absences ce jour",
--- a/app/scodoc/sco_page_etud.py
+++ b/app/scodoc/sco_page_etud.py
@ -31,6 +31,7 @@
 """
 from flask import url_for, g
 from flask_login import current_user
 import app.scodoc.sco_utils as scu
 import app.scodoc.notesdb as ndb
@ -144,7 +145,7 @@ def _menuScolarite(authuser, sem, etudid):
 def ficheEtud(etudid=None, REQUEST=None):
    "fiche d'informations sur un etudiant"
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    cnx = ndb.GetDBConnexion()
    if etudid and REQUEST:
        # la sidebar est differente s'il y a ou pas un etudid
@ -491,7 +492,7 @@ def menus_etud(REQUEST=None):
    """Menu etudiant (operations sur l'etudiant)"""
    if "etudid" not in REQUEST.form:
        return ""
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    etud = sco_etud.get_etud_info(filled=True)[0]
--- a/app/scodoc/sco_placement.py
+++ b/app/scodoc/sco_placement.py
@ -36,6 +36,7 @@ import urllib
 import flask
 from flask import request
 from flask_login import current_user
 from app.scodoc.sco_exceptions import ScoValueError
 import app.scodoc.sco_utils as scu
@ -234,7 +235,7 @@ def do_placement(REQUEST):
    """
    Choisi le placement
    """
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    authusername = str(authuser)
    try:
        evaluation_id = int(REQUEST.form["evaluation_id"])
--- a/app/scodoc/sco_prepajury.py
+++ b/app/scodoc/sco_prepajury.py
@ -32,6 +32,7 @@ import time
 from openpyxl.styles.numbers import FORMAT_NUMBER_00
 from flask import request
 from flask_login import current_user
 import app.scodoc.sco_utils as scu
 from app.scodoc import sco_abs
@ -321,7 +322,7 @@ def feuille_preparation_jury(formsemestre_id, REQUEST):
            sco_version.SCONAME,
            time.strftime("%d/%m/%Y"),
            request.url_root,
-            REQUEST.AUTHENTICATED_USER,
+            current_user,
        )
    )
    xls = ws.generate_standalone()
--- a/app/scodoc/sco_saisie_notes.py
+++ b/app/scodoc/sco_saisie_notes.py
@ -168,7 +168,7 @@ def do_evaluation_upload_xls(REQUEST):
    """
    Soumission d'un fichier XLS (evaluation_id, notefile)
    """
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    evaluation_id = int(REQUEST.form["evaluation_id"])
    comment = REQUEST.form["comment"]
    E = sco_evaluations.do_evaluation_list({"evaluation_id": evaluation_id})[0]
@ -711,7 +711,7 @@ def saisie_notes_tableur(evaluation_id, group_ids=[], REQUEST=None):
    #
    H.append("""</div><h3>Autres opérations</h3><ul>""")
    if sco_permissions_check.can_edit_notes(
-        REQUEST.AUTHENTICATED_USER, E["moduleimpl_id"], allow_ens=False
+        current_user, E["moduleimpl_id"], allow_ens=False
    ):
        H.append(
            """
@ -1221,7 +1221,7 @@ def _form_saisie_notes(E, M, group_ids, destination="", REQUEST=None):
 def save_note(etudid=None, evaluation_id=None, value=None, comment="", REQUEST=None):
    """Enregistre une note (ajax)"""
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    log(
        "save_note: evaluation_id=%s etudid=%s uid=%s value=%s"
        % (evaluation_id, etudid, authuser, value)
--- a/app/scodoc/sco_ue_external.py
+++ b/app/scodoc/sco_ue_external.py
@ -169,7 +169,7 @@ def external_ue_inscrit_et_note(
        )
    # Saisie des notes
    _, _, _ = sco_saisie_notes._notes_add(
-        REQUEST.AUTHENTICATED_USER,
+        current_user,
        evaluation_id,
        list(notes_etuds.items()),
        do_it=True,
--- a/app/scodoc/sco_utils.py
+++ b/app/scodoc/sco_utils.py
@ -479,7 +479,7 @@ def sanitize_string(s):
    return suppress_accents(s.translate(trans)).replace(" ", "_").replace("\t", "_")
-_BAD_FILENAME_CHARS = str.maketrans("", "", ":/\\")
+_BAD_FILENAME_CHARS = str.maketrans("", "", ":/\\&")
 def make_filename(name):
@ -512,6 +512,14 @@ def is_valid_filename(filename):
    return VALID_EXP.match(filename)
 def bul_filename(sem, etud, format):
    """Build a filename for this bulletin"""
    dt = time.strftime("%Y-%m-%d")
    filename = f"bul-{sem['titre_num']}-{dt}-{etud['nom']}.{format}"
    filename = make_filename(filename)
    return filename
 def sendCSVFile(REQUEST, data, filename):  # DEPRECATED ne plus utiliser
    """publication fichier.
    (on ne doit rien avoir émis avant, car ici sont générés les entetes)
@ -791,35 +799,6 @@ def AnneeScolaire(sco_year=None):
    return year
 def log_unknown_etud(REQUEST=None, format="html"):
    """Log request: cas ou getEtudInfo n'a pas ramene de resultat"""
    etudid = REQUEST.form.get("etudid", "?")
    code_nip = REQUEST.form.get("code_nip", "?")
    code_ine = REQUEST.form.get("code_ine", "?")
    log(
        "unknown student: etudid=%s code_nip=%s code_ine=%s"
        % (etudid, code_nip, code_ine)
    )
    return _sco_error_response("unknown student", format=format, REQUEST=REQUEST)
 # XXX #sco8 à tester ou ré-écrire
 def _sco_error_response(msg, format="html", REQUEST=None):
    """Send an error message to the client, in html or xml format."""
    REQUEST.RESPONSE.setStatus(404, reason=msg)
    if format == "html" or format == "pdf":
        raise sco_exceptions.ScoValueError(msg)
    elif format == "xml":
        REQUEST.RESPONSE.setHeader("content-type", XML_MIMETYPE)
        doc = ElementTree.Element("error", msg=msg)
        return sco_xml.XML_HEADER + ElementTree.tostring(doc).decode(SCO_ENCODING)
    elif format == "json":
        REQUEST.RESPONSE.setHeader("content-type", JSON_MIMETYPE)
        return "undefined"  # XXX voir quoi faire en cas d'erreur json
    else:
        raise ValueError("ScoErrorResponse: invalid format")
 def return_text_if_published(val, REQUEST):
    """Pour les méthodes publiées qui ramènent soit du texte (HTML) soit du JSON
    sauf quand elles sont appellées depuis python.
--- a/app/views/absences.py
+++ b/app/views/absences.py
@ -58,6 +58,7 @@ from xml.etree import ElementTree
 import flask
 from flask import g, request
 from flask import url_for
 from flask_login import current_user
 from app.decorators import (
    scodoc,
@ -124,7 +125,7 @@ def index_html(REQUEST=None):
    """Gestionnaire absences, page principale"""
    # crude portage from 1999 DTML
    sems = sco_formsemestre.do_formsemestre_list()
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    H = [
        html_sco_header.sco_header(
@ -1069,7 +1070,9 @@ def AddBilletAbsence(
    # check etudid
    etuds = sco_etud.get_etud_info(etudid=etudid, code_nip=code_nip, filled=True)
    if not etuds:
-        return scu.log_unknown_etud(REQUEST=REQUEST)
+        sco_etud.log_unknown_etud()
        raise ScoValueError("étudiant inconnu")
    etud = etuds[0]
    # check dates
    begin_date = dateutil.parser.isoparse(begin)  # may raises ValueError
@ -1224,7 +1227,8 @@ def listeBilletsEtud(etudid=False, REQUEST=None, format="html"):
    """Liste billets pour un etudiant"""
    etuds = sco_etud.get_etud_info(filled=True, etudid=etudid)
    if not etuds:
-        return scu.log_unknown_etud(format=format, REQUEST=REQUEST)
+        sco_etud.log_unknown_etud()
        raise ScoValueError("étudiant inconnu")
    etud = etuds[0]
    cnx = ndb.GetDBConnexion()
--- a/app/views/entreprises.py
+++ b/app/views/entreprises.py
@ -39,6 +39,7 @@ import time
 import calendar
 from flask import request
 from flask_login import current_user
 # MIGRATION EN COURS => MODULE DESACTIVE !
@ -81,7 +82,7 @@ def sidebar(REQUEST):
 <ul class="insidebar">"""
        % params,
    ]
-    if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
+    if current_user.has_permission(Permission.ScoEntrepriseChange):
        H.append(
            """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_create" class="sidebar">Nouvelle entreprise</a> </li>"""
            % params
@ -106,9 +107,7 @@ def sidebar(REQUEST):
    <li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_list?entreprise_id=%(entreprise_id)s" class="sidebar">Corresp.</a></li>"""
                % params
            )  # """
-            if REQUEST.AUTHENTICATED_USER.has_permission(
+            if current_user.has_permission(Permission.ScoEntrepriseChange):
                Permission.ScoEntrepriseChange
            ):
                H.append(
                    """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau Corresp.</a></li>"""
                    % params
@ -117,9 +116,7 @@ def sidebar(REQUEST):
                """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_list?entreprise_id=%(entreprise_id)s" class="sidebar">Contacts</a></li>"""
                % params
            )
-            if REQUEST.AUTHENTICATED_USER.has_permission(
+            if current_user.has_permission(Permission.ScoEntrepriseChange):
                Permission.ScoEntrepriseChange
            ):
                H.append(
                    """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau "contact"</a></li>"""
                    % params
@ -128,7 +125,7 @@ def sidebar(REQUEST):
    #
    H.append("""<br/><br/>%s""" % scu.icontag("entreprise_side_img"))
-    if not REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
+    if not current_user.has_permission(Permission.ScoEntrepriseChange):
        H.append("""<br/><em>(Lecture seule)</em>""")
    H.append("""</div> </div> <!-- end of sidebar -->""")
    return "".join(H)
@ -303,7 +300,7 @@ def entreprise_contact_list(entreprise_id=None, format="html", REQUEST=None):
    H.append(tab.html())
-    if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
+    if current_user.has_permission(Permission.ScoEntrepriseChange):
        if entreprise_id:
            H.append(
                """<p class="entreprise_create"><a class="entreprise_create" href="entreprise_contact_create?entreprise_id=%(entreprise_id)s">nouveau "contact"</a></p>
@ -409,7 +406,7 @@ def entreprise_correspondant_list(
    H.append(tab.html())
-    if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoEntrepriseChange):
+    if current_user.has_permission(Permission.ScoEntrepriseChange):
        H.append(
            """<p class="entreprise_create"><a class="entreprise_create" href="entreprise_correspondant_create?entreprise_id=%(entreprise_id)s">Ajouter un correspondant dans l'entreprise %(nom)s</a></p>
            """
@ -517,14 +514,12 @@ def entreprise_contact_edit(entreprise_contact_id, REQUEST=None):
        cancelbutton="Annuler",
        initvalues=c,
        submitlabel="Modifier les valeurs",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
+        readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
            Permission.ScoEntrepriseChange
        ),
    )
    if tf[0] == 0:
        H.append(tf[1])
-        if REQUEST.AUTHENTICATED_USER.has_permission(
+        if current_user.has_permission(
            Permission.ScoEntrepriseChange,
        ):
            H.append(
@ -643,9 +638,7 @@ def entreprise_correspondant_edit(entreprise_corresp_id, REQUEST=None):
        cancelbutton="Annuler",
        initvalues=c,
        submitlabel="Modifier les valeurs",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
+        readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
            Permission.ScoEntrepriseChange
        ),
    )
    if tf[0] == 0:
        H.append(tf[1])
@ -752,9 +745,7 @@ def entreprise_contact_create(entreprise_id, REQUEST=None):
        ),
        cancelbutton="Annuler",
        submitlabel="Ajouter ce contact",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
+        readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
            Permission.ScoEntrepriseChange
        ),
    )
    if tf[0] == 0:
        H.append(tf[1])
@ -791,7 +782,7 @@ def entreprise_contact_delete(entreprise_contact_id, REQUEST=None):
        initvalues=c,
        submitlabel="Confirmer la suppression",
        cancelbutton="Annuler",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange),
+        readonly=not current_user.has_permission(ScoEntrepriseChange),
    )
    if tf[0] == 0:
        H.append(tf[1])
@ -894,9 +885,7 @@ def entreprise_correspondant_create(entreprise_id, REQUEST=None):
        ),
        cancelbutton="Annuler",
        submitlabel="Ajouter ce correspondant",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
+        readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
            Permission.ScoEntrepriseChange
        ),
    )
    if tf[0] == 0:
        H.append(tf[1])
@ -928,9 +917,7 @@ def entreprise_correspondant_delete(entreprise_corresp_id, REQUEST=None):
        initvalues=c,
        submitlabel="Confirmer la suppression",
        cancelbutton="Annuler",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
+        readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
            Permission.ScoEntrepriseChange
        ),
    )
    if tf[0] == 0:
        H.append(tf[1])
@ -984,9 +971,7 @@ def entreprise_delete(entreprise_id, REQUEST=None):
        initvalues=E,
        submitlabel="Confirmer la suppression",
        cancelbutton="Annuler",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
+        readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
            Permission.ScoEntrepriseChange
        ),
    )
    if tf[0] == 0:
        H.append(tf[1])
@ -1081,9 +1066,7 @@ def entreprise_create(REQUEST=None):
        ),
        cancelbutton="Annuler",
        submitlabel="Ajouter cette entreprise",
-        readonly=not REQUEST.AUTHENTICATED_USER.has_permission(
+        readonly=not current_user.has_permission(Permission.ScoEntrepriseChange),
            Permission.ScoEntrepriseChange
        ),
    )
    if tf[0] == 0:
        return "\n".join(H) + tf[1] + entreprise_footer(REQUEST)
@ -1099,7 +1082,7 @@ security.declareProtected(ScoEntrepriseView, "entreprise_edit")
 def entreprise_edit(entreprise_id, REQUEST=None, start=1):
    """Form. edit entreprise"""
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    readonly = not authuser.has_permission(Permission.ScoEntrepriseChange)
    F = sco_entreprises.do_entreprise_list(args={"entreprise_id": entreprise_id})[0]
    H = [
--- a/app/views/notes.py
+++ b/app/views/notes.py
@ -406,7 +406,7 @@ sco_publish(
 def index_html(REQUEST=None):
    "Page accueil formations"
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoChangeFormation)
+    editable = current_user.has_permission(Permission.ScoChangeFormation)
    H = [
        html_sco_header.sco_header(page_title="Programmes formations"),
@ -2010,8 +2010,7 @@ def formsemestre_validation_etud(
    "Enregistre choix jury pour un étudiant"
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
@ -2043,8 +2042,7 @@ def formsemestre_validation_etud_manu(
    "Enregistre choix jury pour un étudiant"
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
@ -2069,8 +2067,7 @@ def formsemestre_validate_previous_ue(formsemestre_id, etudid=None, REQUEST=None
    "Form. saisie UE validée hors ScoDoc"
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
    return sco_formsemestre_validation.formsemestre_validate_previous_ue(
@ -2094,8 +2091,7 @@ def formsemestre_ext_edit_ue_validations(formsemestre_id, etudid=None, REQUEST=N
    "Form. edition UE semestre extérieur"
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
    return sco_formsemestre_exterieurs.formsemestre_ext_edit_ue_validations(
@ -2118,8 +2114,7 @@ def etud_ue_suppress_validation(etudid, formsemestre_id, ue_id, REQUEST=None):
    """Suppress a validation (ue_id, etudid) and redirect to formsemestre"""
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
    return sco_formsemestre_validation.etud_ue_suppress_validation(
@ -2135,8 +2130,7 @@ def formsemestre_validation_auto(formsemestre_id, REQUEST):
    "Formulaire saisie automatisee des decisions d'un semestre"
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
@ -2153,8 +2147,7 @@ def do_formsemestre_validation_auto(formsemestre_id, REQUEST):
    "Formulaire saisie automatisee des decisions d'un semestre"
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
@ -2173,8 +2166,7 @@ def formsemestre_validation_suppress_etud(
    """Suppression des decisions de jury pour un etudiant."""
    if not sco_permissions_check.can_validate_sem(formsemestre_id):
        return scu.confirm_dialog(
-            message="<p>Opération non autorisée pour %s</h2>"
+            message="<p>Opération non autorisée pour %s</h2>" % current_user,
            % REQUEST.AUTHENTICATED_USER,
            dest_url=scu.ScoURL(),
        )
    if not dialog_confirmed:
@ -2510,7 +2502,7 @@ def check_form_integrity(formation_id, fix=False, REQUEST=None):
        log("check_form_integrity: formation_id=%s\ninconsistencies:" % formation_id)
        log(txt)
        # Notify by e-mail
-        sendAlarm("Notes: formation incoherente !", txt)
+        send_scodoc_alarm("Notes: formation incoherente !", txt)
    else:
        txth = "OK"
        log("ok")
--- a/app/views/scolar.py
+++ b/app/views/scolar.py
@ -1967,7 +1967,7 @@ def import_generate_admission_sample(REQUEST, formsemestre_id):
@scodoc7func
 def form_students_import_infos_admissions(REQUEST, formsemestre_id=None):
    "formulaire import xls"
-    authuser = REQUEST.AUTHENTICATED_USER
+    authuser = current_user
    F = html_sco_header.sco_footer()
    if not authuser.has_permission(Permission.ScoEtudInscrit):
        # autorise juste l'export
--- a/app/views/users.py
+++ b/app/views/users.py
@ -546,7 +546,7 @@ def import_users_form(REQUEST=None):
    if tf[0] == 0:
        return "\n".join(H) + tf[1] + "</li></ol>" + help + F
    elif tf[0] == -1:
-        return flask.redirect(back_url)
+        return flask.redirect(url_for("scolar.index_html", docodc_dept=g.scodoc_dept))
    else:
        # IMPORT
        ok, diag, nb_created = sco_import_users.import_excel_file(tf[2]["xlsfile"])
@ -654,8 +654,8 @@ def change_password(user_name, password, password2, REQUEST):
    if not can_handle_passwd(u):
        # access denied
        log(
-            "change_password: access denied (authuser=%s, user_name=%s, ip=%s)"
+            "change_password: access denied (authuser=%s, user_name=%s)"
-            % (REQUEST.AUTHENTICATED_USER, user_name, REQUEST.REMOTE_ADDR)
+            % (current_user, user_name)
        )
        raise AccessDenied("vous n'avez pas la permission de changer ce mot de passe")
    H = []