From 60d31a5e6fb49dddd1c697cbad2e80f9aad84a1e Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Fri, 17 Jan 2025 20:06:20 +0100
Subject: [PATCH] =?UTF-8?q?User:=20am=C3=A9liore=20d=C3=A9termination=20dr?=
=?UTF-8?q?oit=20modif=20mot=20de=20passe=20+=20affichage?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
app/scodoc/sco_permissions_check.py | 16 ++++++++++++----
app/scodoc/sco_users.py | 2 +-
app/templates/auth/user_info_page.j2 | 8 +++++++-
app/views/users.py | 2 +-
4 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/app/scodoc/sco_permissions_check.py b/app/scodoc/sco_permissions_check.py
index 4145b7e0..a577135d 100644
--- a/app/scodoc/sco_permissions_check.py
+++ b/app/scodoc/sco_permissions_check.py
@@ -65,9 +65,9 @@ def check_access_diretud(formsemestre: FormSemestre):
return True, ""
-def can_handle_passwd(user: User, allow_admindepts=False) -> bool:
+def can_handle_passwd(user: User, allow_admin_depts=False) -> bool:
"""True if the current user can see or change passwd info of user.
- If allow_admindepts, allow Admin from all depts (so they can view users from other depts
+ If allow_admin_depts, allow Admin from all depts (so they can view users from other depts
and add roles to them).
user is a User instance.
"""
@@ -81,9 +81,17 @@ def can_handle_passwd(user: User, allow_admindepts=False) -> bool:
# If don't have permission in the current dept, abort
if not current_user.has_permission(Permission.UsersAdmin, g.scodoc_dept):
return False
+ # Si le compte est dans un département et que l'on est admin. user de ce dept:
+ if user.dept and current_user.has_permission(Permission.UsersAdmin, user.dept):
+ return True
# Now check that current_user can manage users from this departement
if not current_user.dept:
- return True # if no dept, can access users from all depts !
- if (current_user.dept == user.dept) or allow_admindepts:
+ # if no dept, and perm. admin on g.scodoc_dept, can access users from all depts !
+ return True
+ if (
+ current_user.dept
+ and ((current_user.dept == user.dept) or allow_admin_depts)
+ and current_user.has_permission(Permission.UsersAdmin, current_user.dept)
+ ):
return True
return False
diff --git a/app/scodoc/sco_users.py b/app/scodoc/sco_users.py
index db27e0c7..98076a58 100644
--- a/app/scodoc/sco_users.py
+++ b/app/scodoc/sco_users.py
@@ -163,7 +163,7 @@ def list_users(
rows = []
for u in users:
# Can current user modify this user ?
- can_modify = can_handle_passwd(u, allow_admindepts=True)
+ can_modify = can_handle_passwd(u, allow_admin_depts=True)
d = u.to_dict()
rows.append(d)
diff --git a/app/templates/auth/user_info_page.j2 b/app/templates/auth/user_info_page.j2
index 882b5370..6327542a 100644
--- a/app/templates/auth/user_info_page.j2
+++ b/app/templates/auth/user_info_page.j2
@@ -7,7 +7,13 @@
<div class="user_info">
<h2>Utilisateur: {{user.user_name}} ({{'actif' if user.active else 'fermé'}})</h2>
<div class="user_basics">
- <b>Login :</b> {{user.user_name}}<br>
+ <b>Login :</b> {{user.user_name}}
+ {% if ScoDocSiteConfig.is_cas_enabled() %}
+ (connexion via ce login ScoDoc
+ {% if user.cas_allow_scodoc_login %}autorisée{% else %}<span class="fontred">interdite</span>
+ {% endif %})
+ {% endif -%}
+ <br>
<b>CAS id:</b> {{user.cas_id or "(aucun)"}}
{% if ScoDocSiteConfig.is_cas_enabled() %}
(CAS {{'autorisé' if user.cas_allow_login else 'interdit'}} pour cet utilisateur)
diff --git a/app/views/users.py b/app/views/users.py
index 5659d5c4..dd26a312 100644
--- a/app/views/users.py
+++ b/app/views/users.py
@@ -986,7 +986,7 @@ def user_info_page(user_name=None):
if user_name is not None: # scodoc7func converti en int !
user_name = str(user_name)
# peut-on divulguer ces infos ?
- if not can_handle_passwd(current_user, allow_admindepts=True):
+ if not can_handle_passwd(current_user, allow_admin_depts=True):
raise AccessDenied("Vous n'avez pas la permission de voir cette page")
dept = g.scodoc_dept
--
GitLab