8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 19:33:11 +00:00

Create can_delete and can_view decorators and use them where it's possible

This commit is contained in:
Maël Kervella 2017-12-09 01:15:11 +00:00 committed by root
parent 876021ae12
commit 048bcfad26
5 changed files with 86 additions and 68 deletions

View file

@ -43,7 +43,7 @@ from users.models import User
from re2o.settings import LOGO_PATH from re2o.settings import LOGO_PATH
from re2o import settings from re2o import settings
from re2o.views import form from re2o.views import form
from re2o.utils import SortTable, can_create, can_edit from re2o.utils import SortTable, can_create, can_edit, can_delete, can_view
from preferences.models import OptionalUser, AssoOption, GeneralOption from preferences.models import OptionalUser, AssoOption, GeneralOption
from .models import Facture, Article, Vente, Paiement, Banque from .models import Facture, Article, Vente, Paiement, Banque
from .forms import ( from .forms import (
@ -284,19 +284,10 @@ def edit_facture(request, facture, factureid):
@login_required @login_required
@permission_required('cableur') @can_delete(Facture)
def del_facture(request, factureid): def del_facture(request, facture, factureid):
"""Suppression d'une facture. Supprime en cascade les ventes """Suppression d'une facture. Supprime en cascade les ventes
et cotisations filles""" et cotisations filles"""
try:
facture = Facture.objects.get(pk=factureid)
except Facture.DoesNotExist:
messages.error(request, u"Facture inexistante")
return redirect(reverse('cotisations:index'))
if facture.control or not facture.valid:
messages.error(request, "Vous ne pouvez pas editer une facture\
controlée ou invalidée par le trésorier")
return redirect(reverse('cotisations:index'))
if request.method == "POST": if request.method == "POST":
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
facture.delete() facture.delete()

View file

@ -837,7 +837,7 @@ class Interface(models.Model):
d'un autre user que vous sans droit" d'un autre user que vous sans droit"
return True, None return True, None
def can_delete(self, user_resquest, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
if not user_request.has_perms(('cableur',)) and self.machine.user != user_request: if not user_request.has_perms(('cableur',)) and self.machine.user != user_request:
return False, u"Vous ne pouvez pas éditer une machine d'un autre\ return False, u"Vous ne pouvez pas éditer une machine d'un autre\
user que vous sans droit" user que vous sans droit"
@ -1177,8 +1177,12 @@ class OuverturePortList(models.Model):
return True, None return True, None
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\ if not user_request.has_perms(('bureau',)):
de supprimer une ouverture de port" return False, u"Vous n'avez pas le droit de supprimer une ouverture\
de port"
if self.interface_set.all():
return False, u"Cette liste de ports est utilisée"
return True, None
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\

View file

@ -125,7 +125,9 @@ from re2o.utils import (
filter_active_interfaces, filter_active_interfaces,
SortTable, SortTable,
can_create, can_create,
can_edit can_edit,
can_delete,
can_view
) )
from re2o.views import form from re2o.views import form
@ -213,12 +215,12 @@ def generate_ipv4_mbf_param( form, is_type_tt ):
@login_required @login_required
@can_create(Machine) @can_create(Machine)
def new_machine(request, userid): @can_edit(User)
def new_machine(request, user, userid):
""" Fonction de creation d'une machine. Cree l'objet machine, """ Fonction de creation d'une machine. Cree l'objet machine,
le sous objet interface et l'objet domain à partir de model forms. le sous objet interface et l'objet domain à partir de model forms.
Trop complexe, devrait être simplifié""" Trop complexe, devrait être simplifié"""
user = User.objects.get(pk=userid)
machine = NewMachineForm(request.POST or None) machine = NewMachineForm(request.POST or None)
interface = AddInterfaceForm( interface = AddInterfaceForm(
request.POST or None, request.POST or None,
@ -328,10 +330,10 @@ def del_machine(request, machineid):
@login_required @login_required
@can_create(Interface) @can_create(Interface)
def new_interface(request, machineid): @can_edit(Machine)
def new_interface(request, machine, machineid):
""" Ajoute une interface et son domain associé à une machine existante""" """ Ajoute une interface et son domain associé à une machine existante"""
machine = Machine.objects.get(pk=machineid)
interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',))) interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',)))
domain_form = DomainForm(request.POST or None) domain_form = DomainForm(request.POST or None)
if interface_form.is_valid(): if interface_form.is_valid():
@ -358,20 +360,9 @@ def new_interface(request, machineid):
return form({'interfaceform': interface_form, 'domainform': domain_form, 'i_mbf_param': i_mbf_param}, 'machines/machine.html', request) return form({'interfaceform': interface_form, 'domainform': domain_form, 'i_mbf_param': i_mbf_param}, 'machines/machine.html', request)
@login_required @login_required
def del_interface(request, interfaceid): @can_delete(Interface)
def del_interface(request, interface, interfaceid):
""" Supprime une interface. Domain objet en mode cascade""" """ Supprime une interface. Domain objet en mode cascade"""
try:
interface = Interface.objects.get(pk=interfaceid)
except Interface.DoesNotExist:
messages.error(request, u"Interface inexistante" )
return redirect(reverse('machines:index'))
if not request.user.has_perms(('cableur',)):
if interface.machine.user != request.user:
messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit")
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
if request.method == "POST": if request.method == "POST":
machine = interface.machine machine = interface.machine
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -751,9 +742,9 @@ def del_srv(request):
@login_required @login_required
@can_create(Domain) @can_create(Domain)
def add_alias(request, interfaceid): @can_edit(Interface)
def add_alias(request, interface, interfaceid):
interface = Interface.objects.get(pk=interfaceid)
alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',))) alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',)))
if alias.is_valid(): if alias.is_valid():
alias = alias.save(commit=False) alias = alias.save(commit=False)
@ -787,18 +778,8 @@ def edit_alias(request, domain_instance, domainid):
return form({'aliasform': alias}, 'machines/machine.html', request) return form({'aliasform': alias}, 'machines/machine.html', request)
@login_required @login_required
def del_alias(request, interfaceid): @can_edit(Interface)
try: def del_alias(request, interface, interfaceid):
interface = Interface.objects.get(pk=interfaceid)
except Interface.DoesNotExist:
messages.error(request, u"Interface inexistante" )
return redirect(reverse('machines:index'))
if not request.user.has_perms(('cableur',)) and interface.machine.user != request.user:
messages.error(request, "Vous ne pouvez pas ajouter un alias à une machine d'un autre user que vous sans droit")
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
alias = DelAliasForm(request.POST or None, interface=interface) alias = DelAliasForm(request.POST or None, interface=interface)
if alias.is_valid(): if alias.is_valid():
alias_dels = alias.cleaned_data['alias'] alias_dels = alias.cleaned_data['alias']
@ -1191,16 +1172,8 @@ def edit_portlist(request, ouvertureportlist_instance, ouvertureportlistid):
return form({'port_list' : port_list, 'ports' : port_formset}, 'machines/edit_portlist.html', request) return form({'port_list' : port_list, 'ports' : port_formset}, 'machines/edit_portlist.html', request)
@login_required @login_required
@permission_required('bureau') @can_delete(OuverturePortList)
def del_portlist(request, ouvertureportlistid): def del_portlist(request, port_list_instance, ouvertureportlistid):
try:
port_list_instance = OuverturePortList.objects.get(pk=ouvertureportlistid)
except OuverturePortList.DoesNotExist:
messages.error(request, "Liste de ports inexistante")
return redirect(reverse('machines:index-portlist'))
if port_list_instance.interface_set.all():
messages.error(request, "Cette liste de ports est utilisée")
return redirect(reverse('machines:index-portlist'))
port_list_instance.delete() port_list_instance.delete()
messages.success(request, "La liste de ports a été supprimée") messages.success(request, "La liste de ports a été supprimée")
return redirect(reverse('machines:index-portlist')) return redirect(reverse('machines:index-portlist'))

View file

@ -72,9 +72,9 @@ def can_create(model):
def can_edit(model): def can_edit(model):
"""Decorator to check if an user can edit a model. """Decorator to check if an user can edit a model.
It tries to get an instance of the model, using It tries to get an instance of the model, using
`model.get_instance(*args, **kwargs)` and assumes that the model has a method `model.get_instance(*args, **kwargs)` and assumes that the model has a
`can_create(user)` which returns `true` if the user can create this kind method `can_edit(user)` which returns `true` if the user can edit this
of models. kind of models.
""" """
def decorator(view): def decorator(view):
def wrapper(request, *args, **kwargs): def wrapper(request, *args, **kwargs):
@ -96,6 +96,59 @@ def can_edit(model):
return decorator return decorator
def can_delete(model):
"""Decorator to check if an user can delete a model.
It tries to get an instance of the model, using
`model.get_instance(*args, **kwargs)` and assumes that the model has a
method `can_delete(user)` which returns `true` if the user can delete this
kind of models.
"""
def decorator(view):
def wrapper(request, *args, **kwargs):
try:
instance = model.get_instance(*args, **kwargs)
except model.DoesNotExist:
messages.error(request, u"Entrée inexistante")
return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)}
))
can, msg = instance.can_delete(request.user)
if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)}
))
return view(request, instance, *args, **kwargs)
return wrapper
return decorator
def can_view(model):
"""Decorator to check if an user can view a model.
It tries to get an instance of the model, using
`model.get_instance(*args, **kwargs)` and assumes that the model has a
method `can_view(user)` which returns `true` if the user can view this
kind of models.
"""
def decorator(view):
def wrapper(request, *args, **kwargs):
try:
instance = model.get_instance(*args, **kwargs)
except model.DoesNotExist:
messages.error(request, u"Entrée inexistante")
return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)}
))
can, msg = instance.can_view(request.user)
if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)}
))
return view(request, instance, *args, **kwargs)
return wrapper
return decorator
def all_adherent(search_time=DT_NOW): def all_adherent(search_time=DT_NOW):
""" Fonction renvoyant tous les users adherents. Optimisee pour n'est """ Fonction renvoyant tous les users adherents. Optimisee pour n'est

View file

@ -92,7 +92,9 @@ from machines.models import Machine
from preferences.models import OptionalUser, GeneralOption from preferences.models import OptionalUser, GeneralOption
from re2o.views import form from re2o.views import form
from re2o.utils import all_has_access, SortTable, can_create, can_edit from re2o.utils import (
all_has_access, SortTable, can_create, can_edit, can_delete, can_view
)
def password_change_action(u_form, user, request, req=False): def password_change_action(u_form, user, request, req=False):
""" Fonction qui effectue le changeemnt de mdp bdd""" """ Fonction qui effectue le changeemnt de mdp bdd"""
@ -303,14 +305,9 @@ def edit_serviceuser(request, user, userid):
@login_required @login_required
@permission_required('infra') @can_delete(ServiceUser)
def del_serviceuser(request, userid): def del_serviceuser(request, user, userid):
"""Suppression d'un ou plusieurs serviceusers""" """Suppression d'un ou plusieurs serviceusers"""
try:
user = ServiceUser.objects.get(pk=userid)
except ServiceUser.DoesNotExist:
messages.error(request, u"Utilisateur inexistant")
return redirect(reverse('users:index'))
if request.method == "POST": if request.method == "POST":
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
user.delete() user.delete()