diff --git a/app/scodoc/sco_permissions_check.py b/app/scodoc/sco_permissions_check.py
index 4145b7e062ab04debb99169e8ac8ef8eab20065c..a577135d6e03ec62ddfa6ed8cf56ab9667caa075 100644
--- a/app/scodoc/sco_permissions_check.py
+++ b/app/scodoc/sco_permissions_check.py
@@ -65,9 +65,9 @@ def check_access_diretud(formsemestre: FormSemestre):
return True, ""
-def can_handle_passwd(user: User, allow_admindepts=False) -> bool:
+def can_handle_passwd(user: User, allow_admin_depts=False) -> bool:
"""True if the current user can see or change passwd info of user.
- If allow_admindepts, allow Admin from all depts (so they can view users from other depts
+ If allow_admin_depts, allow Admin from all depts (so they can view users from other depts
and add roles to them).
user is a User instance.
"""
@@ -81,9 +81,17 @@ def can_handle_passwd(user: User, allow_admindepts=False) -> bool:
# If don't have permission in the current dept, abort
if not current_user.has_permission(Permission.UsersAdmin, g.scodoc_dept):
return False
+ # Si le compte est dans un département et que l'on est admin. user de ce dept:
+ if user.dept and current_user.has_permission(Permission.UsersAdmin, user.dept):
+ return True
# Now check that current_user can manage users from this departement
if not current_user.dept:
- return True # if no dept, can access users from all depts !
- if (current_user.dept == user.dept) or allow_admindepts:
+ # if no dept, and perm. admin on g.scodoc_dept, can access users from all depts !
+ return True
+ if (
+ current_user.dept
+ and ((current_user.dept == user.dept) or allow_admin_depts)
+ and current_user.has_permission(Permission.UsersAdmin, current_user.dept)
+ ):
return True
return False
diff --git a/app/scodoc/sco_users.py b/app/scodoc/sco_users.py
index db27e0c7669943740137ab5359acb1484d8e5c57..98076a588801660693b3101c1ea8c198332fcc29 100644
--- a/app/scodoc/sco_users.py
+++ b/app/scodoc/sco_users.py
@@ -163,7 +163,7 @@ def list_users(
rows = []
for u in users:
# Can current user modify this user ?
- can_modify = can_handle_passwd(u, allow_admindepts=True)
+ can_modify = can_handle_passwd(u, allow_admin_depts=True)
d = u.to_dict()
rows.append(d)
diff --git a/app/templates/auth/user_info_page.j2 b/app/templates/auth/user_info_page.j2
index 882b5370b699778a896ec50b748a9e61c6ea9965..6327542aa0b6bfbaf841cd1ba8fd3d4d8856e1e4 100644
--- a/app/templates/auth/user_info_page.j2
+++ b/app/templates/auth/user_info_page.j2
@@ -7,7 +7,13 @@
<div class="user_info">
<h2>Utilisateur: {{user.user_name}} ({{'actif' if user.active else 'fermé'}})</h2>
<div class="user_basics">
- <b>Login :</b> {{user.user_name}}<br>
+ <b>Login :</b> {{user.user_name}}
+ {% if ScoDocSiteConfig.is_cas_enabled() %}
+ (connexion via ce login ScoDoc
+ {% if user.cas_allow_scodoc_login %}autorisée{% else %}<span class="fontred">interdite</span>
+ {% endif %})
+ {% endif -%}
+ <br>
<b>CAS id:</b> {{user.cas_id or "(aucun)"}}
{% if ScoDocSiteConfig.is_cas_enabled() %}
(CAS {{'autorisé' if user.cas_allow_login else 'interdit'}} pour cet utilisateur)
diff --git a/app/views/users.py b/app/views/users.py
index 5659d5c4cf2b40f8e0f52871acecbefc1e9a5736..dd26a312895cd11b9999cb8f9fefe33952f44d5e 100644
--- a/app/views/users.py
+++ b/app/views/users.py
@@ -986,7 +986,7 @@ def user_info_page(user_name=None):
if user_name is not None: # scodoc7func converti en int !
user_name = str(user_name)
# peut-on divulguer ces infos ?
- if not can_handle_passwd(current_user, allow_admindepts=True):
+ if not can_handle_passwd(current_user, allow_admin_depts=True):
raise AccessDenied("Vous n'avez pas la permission de voir cette page")
dept = g.scodoc_dept