diff --git a/app/api/operations.py b/app/api/operations.py index 51ba5c6189d79421ba41602d7faf1ef676907c9e..e8d87af905ad9a34985c33743b5e46922f872752 100644 --- a/app/api/operations.py +++ b/app/api/operations.py @@ -48,6 +48,9 @@ def operations_user_notes(uid: int): ----- uid: l'id de l'utilisateur """ + # --- Permission: restreint au superadmin ou à l'utilisateur lui-même + if not app.current_user.is_administrator() and app.current_user.id != uid: + return {"error": "Permission denied"}, 403 start = int(app.request.args.get("start", 0)) length = min(int(app.request.args.get("length", 10)), MAX_QUERY_LENGTH) order = app.request.args.get("order[dir]", "desc") diff --git a/app/scodoc/sco_etud.py b/app/scodoc/sco_etud.py index fde983703888fe3be2b498ceddd77b78fe08fbf4..f74c3c42105ec8453ed9e2071fba54e4e35bd618 100644 --- a/app/scodoc/sco_etud.py +++ b/app/scodoc/sco_etud.py @@ -137,9 +137,6 @@ _identiteEditor = ndb.EditableTable( ( "admission_id", "boursier", - "cas_allow_login", - "cas_allow_scodoc_login", - "cas_id", "civilite_etat_civil", "civilite", # 'M", "F", or "X" "code_ine", diff --git a/app/templates/user_board/user_board.j2 b/app/templates/user_board/user_board.j2 index 2832f95180ac2c6afdbcf2cc9f32bb11b9ac0e29..ca256a8782455f35dd7bf01b89b26fb642296e2a 100644 --- a/app/templates/user_board/user_board.j2 +++ b/app/templates/user_board/user_board.j2 @@ -115,31 +115,33 @@ div.scobox.saisies-notes { </div> {% endfor %} - - <div class="scobox saisies-notes"> - <div class="scobox-title"> - Dernières saisies de notes par {{user.get_prenomnom()}} - </div> - <table id="saisies-notes" class="display" style="width:100%"> - <thead> - <tr> - <th>Date</th> - <th>Évaluation</th> - <th>Étudiant</th> - <th>Note</th> - </tr> - </thead> - <tbody> - <!-- Data will be loaded dynamically via JavaScript --> - </tbody> - </table> + <div class="scobox saisies-notes"> + {% if current_user.is_administrator() or current_user.id == user.id %} + <div class="scobox-title"> + Dernières saisies de notes par {{user.get_prenomnom()}} + </div> + <table id="saisies-notes" class="display" style="width:100%"> + <thead> + <tr> + <th>Date</th> + <th>Évaluation</th> + <th>Étudiant</th> + <th>Note</th> + </tr> + </thead> + <tbody> + <!-- Data will be loaded dynamically via JavaScript --> + </tbody> + </table> + {% else %} + <div class="help"> + Vous n'avez pas les droits pour voir les notes de cet utilisateur. + </div> + {% endif %} + </div> </div> -</div> - - - {% endblock app_content %} diff --git a/sco_version.py b/sco_version.py index 2e58c9f14c108151ecee3cdec4a408db4ece747e..8110b6d018b207f579da34c38a96f06a8940edcb 100644 --- a/sco_version.py +++ b/sco_version.py @@ -3,7 +3,7 @@ "Infos sur version ScoDoc" -SCOVERSION = "9.7.38" +SCOVERSION = "9.7.39" SCONAME = "ScoDoc"