fix routes

README.md

@@ -103,7 +103,10 @@ ou mieux, importer les utilisateurs de ScoDoc7 avec:
     flask user-db-import-scodoc7
 
 (la base `SCOUSERS` de ScoDoc7 n'est pas affectée, ScoDoc8 utilise une base séparée, nommée `SCO8USERS`).
- 
+
+Pour créer un utilisateur "super admin", c'est à dire admin dans tous les départements:
+
+    flask user-create admin1 SuperAdmin @all
 
 ### Bidouilles temporaires
 

app/scodoc/TrivialFormulator.py

@@ -9,7 +9,7 @@
    v 1.2
 """
 
-from types import BooleanType, StringType
+from types import BooleanType, StringType, UnicodeType
 
 
 def TrivialFormulator(
@@ -746,7 +746,7 @@ def dict2js(d):
                 v = "true"
             else:
                 v = "false"
-        elif type(v) == StringType:
+        elif type(v) == StringType or type(v) == UnicodeType:
             v = '"' + v + '"'
 
         r.append("%s: %s" % (k, v))

app/scodoc/sco_archives_etud.py

@@ -247,7 +247,7 @@ def etudarchive_generate_excel_sample(context, group_id=None, REQUEST=None):
 
 
 def etudarchive_import_files_form(context, group_id, REQUEST=None):
-    """Formualaire pour importation fichiers d'un groupe"""
+    """Formulaire pour importation fichiers d'un groupe"""
     H = [
         html_sco_header.sco_header(
             context, REQUEST, page_title="Import de fichiers associés aux étudiants"

app/scodoc/sco_bulletins.py

@@ -55,15 +55,16 @@ from app.scodoc import sco_bulletins_json
 from app.scodoc import sco_bulletins_xml
 from app.scodoc import sco_codes_parcours
 from app.scodoc import sco_core
+from app.scodoc import sco_etud
 from app.scodoc import sco_evaluations
 from app.scodoc import sco_formations
 from app.scodoc import sco_formsemestre
 from app.scodoc import sco_groups
-from app.scodoc import sco_photos
 from app.scodoc import sco_permissions_check
+from app.scodoc import sco_photos
 from app.scodoc import sco_preferences
 from app.scodoc import sco_pvjury
-from app.scodoc import sco_etud
+from app.scodoc import sco_users
 
 
 # ----- CLASSES DE BULLETINS DE NOTES

app/scodoc/sco_emails.py

@@ -28,6 +28,9 @@
 """Gestion des emails
 """
 
+from flask import request
+
+
 # XXX WIP: à ré-écrire pour ScoDoc 8 (étaient des méthodes de ZScoDoc)
 import os
 import time
@@ -83,7 +86,7 @@ def send_debug_alert(context, txt, REQUEST=None):
         return
     if REQUEST:
         txt = _report_request(context, REQUEST) + txt
-        URL = REQUEST.get("URL", "")
+        URL = REQUEST.URL
     else:
         URL = "send_debug_alert"
     msg = MIMEMultipart()
@@ -100,26 +103,26 @@ def send_debug_alert(context, txt, REQUEST=None):
 
 def _report_request(context, REQUEST, fmt="txt"):
     """string describing current request for bug reports"""
-    QUERY_STRING = REQUEST.get("QUERY_STRING", "")
+    QUERY_STRING = REQUEST.QUERY_STRING
     if QUERY_STRING:
         QUERY_STRING = "?" + QUERY_STRING
     if fmt == "txt":
-        REFERER = REQUEST.get("HTTP_REFERER", "")
-        HTTP_USER_AGENT = REQUEST.get("HTTP_USER_AGENT", "")
+        REFERER = request.referrer
+        HTTP_USER_AGENT = request.user_agent
     else:
         REFERER = "na"
         HTTP_USER_AGENT = "na"
 
     params = dict(
-        AUTHENTICATED_USER=REQUEST.get("AUTHENTICATED_USER", ""),
+        AUTHENTICATED_USER=REQUEST.AUTHENTICATED_USER,
         dt=time.asctime(),
-        URL=REQUEST.get("URL", ""),
+        URL=REQUEST.URL,
         QUERY_STRING=QUERY_STRING,
-        METHOD=REQUEST.get("REQUEST_METHOD", ""),
+        METHOD=request.method,
         REFERER=REFERER,
         HTTP_USER_AGENT=HTTP_USER_AGENT,
-        form=REQUEST.get("form", ""),
-        HTTP_X_FORWARDED_FOR=REQUEST.get("HTTP_X_FORWARDED_FOR", ""),
+        form=REQUEST.form,
+        HTTP_X_FORWARDED_FOR="?",
         svn_version=scu.get_svn_version(scu.SCO_SRC_DIR),
         SCOVERSION=VERSION.SCOVERSION,
     )

app/scodoc/sco_formsemestre_edit.py

@@ -27,6 +27,7 @@
 
 """Form choix modules / responsables et creation formsemestre
 """
+from flask import url_for, g
 from app.auth.models import User
 
 import app.scodoc.notesdb as ndb
@@ -74,10 +75,13 @@ def formsemestre_createwithmodules(context, REQUEST=None):
             bodyOnLoad="init_tf_form('')",
         ),
         """<h2>Mise en place d'un semestre de formation</h2>""",
-        do_formsemestre_createwithmodules(context, REQUEST=REQUEST),
-        html_sco_header.sco_footer(context, REQUEST),
     ]
-    return "\n".join(H)
+    r = do_formsemestre_createwithmodules(context, REQUEST=REQUEST)
+    if isinstance(r, basestring):
+        H.append(r)
+    else:
+        return r  # response redirect
+    return "\n".join(H) + html_sco_header.sco_footer(context, REQUEST)
 
 
 def formsemestre_editwithmodules(context, REQUEST, formsemestre_id):
@@ -101,8 +105,12 @@ def formsemestre_editwithmodules(context, REQUEST, formsemestre_id):
             % scu.icontag("lock_img", border="0", title="Semestre verrouillé")
         )
     else:
-        H.append(do_formsemestre_createwithmodules(context, REQUEST=REQUEST, edit=1))
-        if not REQUEST.get("tf-submitted", False):
+        r = do_formsemestre_createwithmodules(context, REQUEST=REQUEST, edit=1)
+        if isinstance(r, basestring):
+            H.append(r)
+        else:
+            return r  # response redirect
+        if not REQUEST.form.get("tf-submitted", False):
             H.append(
                 """<p class="help">Seuls les modules cochés font partie de ce semestre. Pour les retirer, les décocher et appuyer sur le bouton "modifier".
 </p>
@@ -271,7 +279,10 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
                 "allowed_values": allowed_user_names,
                 "allow_null": False,  # il faut au moins un responsable de semestre
                 "text_suggest_options": {
-                    "script": "Users/get_user_list_xml?",
+                    "script": url_for(
+                        "users.get_user_list_xml", scodoc_dept=g.scodoc_dept
+                    )
+                    + "?",  # "Users/get_user_list_xml?",
                     "varname": "start",
                     "json": False,
                     "noresults": "Valeur invalide !",
@@ -289,7 +300,10 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
                 "allowed_values": allowed_user_names,
                 "allow_null": True,  # optionnel
                 "text_suggest_options": {
-                    "script": "Users/get_user_list_xml?",
+                    "script": url_for(
+                        "users.get_user_list_xml", scodoc_dept=g.scodoc_dept
+                    )
+                    + "?",
                     "varname": "start",
                     "json": False,
                     "noresults": "Valeur invalide !",
@@ -573,7 +587,10 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
                             "allowed_values": allowed_user_names,
                             "template": itemtemplate,
                             "text_suggest_options": {
-                                "script": "Users/get_user_list_xml?",
+                                "script": url_for(
+                                    "users.get_user_list_xml", scodoc_dept=g.scodoc_dept
+                                )
+                                + "?",
                                 "varname": "start",
                                 "json": False,
                                 "noresults": "Valeur invalide !",
@@ -934,7 +951,10 @@ def formsemestre_clone(context, formsemestre_id, REQUEST=None):
                 "allowed_values": allowed_user_names,
                 "allow_null": False,
                 "text_suggest_options": {
-                    "script": "Users/get_user_list_xml?",
+                    "script": url_for(
+                        "users.get_user_list_xml", scodoc_dept=g.scodoc_dept
+                    )
+                    + "?",
                     "varname": "start",
                     "json": False,
                     "noresults": "Valeur invalide !",

app/scodoc/sco_page_etud.py

@@ -102,7 +102,12 @@ def _menuScolarite(context, authuser, sem, etudid):
             "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and not locked,
         },
-        {"title": def_title, "endpoint": def_url, "enabled": def_enabled},
+        {
+            "title": def_title,
+            "endpoint": def_url,
+            "args": args,
+            "enabled": def_enabled,
+        },
         {
             "title": "Inscrire à un module optionnel (ou au sport)",
             "endpoint": "notes.formsemestre_inscription_option",
@@ -113,6 +118,7 @@ def _menuScolarite(context, authuser, sem, etudid):
         {
             "title": "Désinscrire (en cas d'erreur)",
             "endpoint": "notes.formsemestre_desinscription",
+            "args": args,
             "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and not locked,
         },
@@ -125,6 +131,7 @@ def _menuScolarite(context, authuser, sem, etudid):
         {
             "title": "Enregistrer un semestre effectué ailleurs",
             "endpoint": "notes.formsemestre_ext_create_form",
+            "args": args,
             "enabled": authuser.has_permission(Permission.ScoImplement),
         },
     ]

app/scodoc/sco_roles_default.py

@@ -30,7 +30,7 @@ SCO_ROLES_DEFAULTS = {
         p.ScoEtudChangeAdr,
     ),
     # Admin est le chef du département, pas le "super admin"
-    # on dit donc lister toutes ses permissions:
+    # on doit donc lister toutes ses permissions:
     "Admin": (
         p.ScoObservateur,
         p.ScoView,
@@ -54,5 +54,6 @@ SCO_ROLES_DEFAULTS = {
     ),
     # Super Admin est un root: création/suppression de départements
     # _tous_ les droits
+    # Afin d'avoir tous les droits, il ne doit pas être asscoié à un département
     "SuperAdmin": p.ALL_PERMISSIONS,
 }

app/views/notes.py

@@ -36,7 +36,7 @@ import datetime
 import jaxml
 import pprint
 
-from flask import g
+from flask import url_for, g
 from flask import current_app
 
 from config import Config
@@ -230,6 +230,7 @@ sco_publish(
     "/formsemestre_editwithmodules",
     sco_formsemestre_edit.formsemestre_editwithmodules,
     Permission.ScoView,
+    methods=["GET", "POST"],
 )
 
 sco_publish(
@@ -759,7 +760,10 @@ def edit_enseignants_form(context, REQUEST, moduleimpl_id):
                 "allowed_values": allowed_user_names,
                 "allow_null": False,
                 "text_suggest_options": {
-                    "script": "Users/get_user_list_xml?",
+                    "script": url_for(
+                        "users.get_user_list_xml", scodoc_dept=g.scodoc_dept
+                    )
+                    + "?",
                     "varname": "start",
                     "json": False,
                     "noresults": "Valeur invalide !",
@@ -849,7 +853,10 @@ def edit_moduleimpl_resp(context, REQUEST, moduleimpl_id):
                 "allowed_values": allowed_user_names,
                 "allow_null": False,
                 "text_suggest_options": {
-                    "script": "Users/get_user_list_xml?",
+                    "script": url_for(
+                        "users.get_user_list_xml", scodoc_dept=g.scodoc_dept
+                    )
+                    + "?",
                     "varname": "start",
                     "json": False,
                     "noresults": "Valeur invalide !",
@@ -1421,6 +1428,7 @@ sco_publish(
     "/formsemestre_inscription_option",
     sco_formsemestre_inscriptions.formsemestre_inscription_option,
     Permission.ScoEtudInscrit,
+    methods=["GET", "POST"],
 )
 sco_publish(
     "/do_moduleimpl_incription_options",

app/views/scolar.py

@@ -915,7 +915,7 @@ def _do_dem_or_def_etud(
         return REQUEST.RESPONSE.redirect("ficheEtud?etudid=" + etudid)
 
 
-@bp.route("/doCancelDem")
+@bp.route("/doCancelDem", methods=["GET", "POST"])
 @permission_required(Permission.ScoEtudInscrit)
 @scodoc7func(context)
 def doCancelDem(
@@ -937,7 +937,7 @@ def doCancelDem(
     )
 
 
-@bp.route("/doCancelDef")
+@bp.route("/doCancelDef", methods=["GET", "POST"])
 @permission_required(Permission.ScoEtudInscrit)
 @scodoc7func(context)
 def doCancelDef(

app/views/users.py

@@ -470,7 +470,7 @@ def get_user_list_xml(context, dept=None, start="", limit=25, REQUEST=None):
     userlist = [
         user
         for user in userlist
-        if scu.suppress_accents(scu.strlower(user.nom)).startswith(start)
+        if scu.suppress_accents(scu.strlower(user.nom or "")).startswith(start)
     ]
     if REQUEST:
         REQUEST.RESPONSE.setHeader("content-type", scu.XML_MIMETYPE)
@@ -478,7 +478,7 @@ def get_user_list_xml(context, dept=None, start="", limit=25, REQUEST=None):
     doc.results()
     for user in userlist[:limit]:
         doc._push()
-        doc.rs(user["nomplogin"], id=user["user_id"], info="")
+        doc.rs(user.get_nomplogin(), id=user.id, info="")
         doc._pop()
     return repr(doc)
 

scodoc.py

@@ -85,16 +85,18 @@ def _clear_users_db():
 @click.argument("username")
 @click.argument("role")
 @click.argument("dept")
-def user_create(username, role, dept):
+def user_create(username, role, dept):  # user-create
     "Create a new user"
     r = Role.get_named_role(role)
     if not r:
-        sys.stderr.write("user_create: role {r} does not exists".format(r=r))
+        sys.stderr.write("user_create: role {r} does not exists\n".format(r=role))
         return 1
     u = User.query.filter_by(user_name=username).first()
     if u:
-        sys.stderr.write("user_create: user {u} already exists".format(u=u))
+        sys.stderr.write("user_create: user {u} already exists\n".format(u=u))
         return 2
+    if dept == "@all":
+        dept = None
     u = User(user_name=username, dept=dept)
     u.add_role(r, dept)
     db.session.add(u)
@@ -109,7 +111,7 @@ def user_create(username, role, dept):
 @app.cli.command()
 @click.argument("username")
 @click.password_option()
-def user_password(username, password=None):
+def user_password(username, password=None):  # user-password
     "Set (or change) user's password"
     if not password:
         sys.stderr.write("user_password: missing password")