From 8135038edbd491e49f4382fc2684d716c4d2039f Mon Sep 17 00:00:00 2001 From: Emmanuel Viennet <emmanuel.viennet@gmail.com> Date: Tue, 5 Nov 2024 09:19:27 +0100 Subject: [PATCH] =?UTF-8?q?Restreint=20acc=C3=A8s=20aux=20saisies=20de=20n?= =?UTF-8?q?otes=20(admin=20et=20self)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/api/operations.py | 3 ++ app/scodoc/sco_etud.py | 3 -- app/templates/user_board/user_board.j2 | 46 ++++++++++++++------------ sco_version.py | 2 +- 4 files changed, 28 insertions(+), 26 deletions(-) diff --git a/app/api/operations.py b/app/api/operations.py index 51ba5c61..e8d87af9 100644 --- a/app/api/operations.py +++ b/app/api/operations.py @@ -48,6 +48,9 @@ def operations_user_notes(uid: int): ----- uid: l'id de l'utilisateur """ + # --- Permission: restreint au superadmin ou à l'utilisateur lui-même + if not app.current_user.is_administrator() and app.current_user.id != uid: + return {"error": "Permission denied"}, 403 start = int(app.request.args.get("start", 0)) length = min(int(app.request.args.get("length", 10)), MAX_QUERY_LENGTH) order = app.request.args.get("order[dir]", "desc") diff --git a/app/scodoc/sco_etud.py b/app/scodoc/sco_etud.py index fde98370..f74c3c42 100644 --- a/app/scodoc/sco_etud.py +++ b/app/scodoc/sco_etud.py @@ -137,9 +137,6 @@ _identiteEditor = ndb.EditableTable( ( "admission_id", "boursier", - "cas_allow_login", - "cas_allow_scodoc_login", - "cas_id", "civilite_etat_civil", "civilite", # 'M", "F", or "X" "code_ine", diff --git a/app/templates/user_board/user_board.j2 b/app/templates/user_board/user_board.j2 index 2832f951..ca256a87 100644 --- a/app/templates/user_board/user_board.j2 +++ b/app/templates/user_board/user_board.j2 @@ -115,31 +115,33 @@ div.scobox.saisies-notes { </div> {% endfor %} - - <div class="scobox saisies-notes"> - <div class="scobox-title"> - Dernières saisies de notes par {{user.get_prenomnom()}} - </div> - <table id="saisies-notes" class="display" style="width:100%"> - <thead> - <tr> - <th>Date</th> - <th>Évaluation</th> - <th>Étudiant</th> - <th>Note</th> - </tr> - </thead> - <tbody> - <!-- Data will be loaded dynamically via JavaScript --> - </tbody> - </table> + <div class="scobox saisies-notes"> + {% if current_user.is_administrator() or current_user.id == user.id %} + <div class="scobox-title"> + Dernières saisies de notes par {{user.get_prenomnom()}} + </div> + <table id="saisies-notes" class="display" style="width:100%"> + <thead> + <tr> + <th>Date</th> + <th>Évaluation</th> + <th>Étudiant</th> + <th>Note</th> + </tr> + </thead> + <tbody> + <!-- Data will be loaded dynamically via JavaScript --> + </tbody> + </table> + {% else %} + <div class="help"> + Vous n'avez pas les droits pour voir les notes de cet utilisateur. + </div> + {% endif %} + </div> </div> -</div> - - - {% endblock app_content %} diff --git a/sco_version.py b/sco_version.py index 2e58c9f1..8110b6d0 100644 --- a/sco_version.py +++ b/sco_version.py @@ -3,7 +3,7 @@ "Infos sur version ScoDoc" -SCOVERSION = "9.7.38" +SCOVERSION = "9.7.39" SCONAME = "ScoDoc" -- GitLab