From eb7830dfadcc8358495f5d1e870f4bb8a0ac992b Mon Sep 17 00:00:00 2001
From: chapeau <corentin@canebier.fr>
Date: Sun, 29 Nov 2020 17:21:28 +0100
Subject: [PATCH 1/2] patch

---
 preferences/views.py | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/preferences/views.py b/preferences/views.py
index 077fd105..5b5f6b03 100644
--- a/preferences/views.py
+++ b/preferences/views.py
@@ -96,7 +96,8 @@ def edit_options_template_function(request, section, forms, models):
         return redirect(reverse("preferences:display-options"))
 
     options_instance, _created = model.objects.get_or_create()
-    _is_allowed_to_edit, msg, permissions = options_instance.can_edit(request.user)
+    _is_allowed_to_edit, msg, permissions = options_instance.can_edit(
+        request.user)
     if not _is_allowed_to_edit:
         messages.error(request, acl_error_message(msg, permissions))
         return redirect(reverse("index"))
@@ -150,7 +151,7 @@ def display_options(request):
     optionnal_templates_list = [
         app.preferences.views.aff_preferences(request)
         for app in optionnal_apps
-        if hasattr(app.preferences.views, "aff_preferences")
+        if hasattr(app, "preferences") and hasattr(app.preferences.views, "aff_preferences")
     ]
 
     return form(
@@ -301,7 +302,8 @@ def add_radiuskey(request):
 @can_edit(RadiusKey)
 def edit_radiuskey(request, radiuskey_instance, **_kwargs):
     """View used to edit RADIUS keys."""
-    radiuskey = RadiusKeyForm(request.POST or None, instance=radiuskey_instance)
+    radiuskey = RadiusKeyForm(request.POST or None,
+                              instance=radiuskey_instance)
     if radiuskey.is_valid():
         radiuskey.save()
         messages.success(request, _("The RADIUS key was edited."))
@@ -344,10 +346,11 @@ def add_switchmanagementcred(request):
     switchmanagementcred = SwitchManagementCredForm(request.POST or None)
     if switchmanagementcred.is_valid():
         switchmanagementcred.save()
-        messages.success(request, _("The switch management credentials were added."))
+        messages.success(request, _(
+            "The switch management credentials were added."))
         return redirect(reverse("preferences:display-options"))
     return form(
-        {"preferenceform": switchmanagementcred, "action_name": _("Add"),},
+        {"preferenceform": switchmanagementcred, "action_name": _("Add"), },
         "preferences/preferences.html",
         request,
     )
@@ -361,7 +364,8 @@ def edit_switchmanagementcred(request, switchmanagementcred_instance, **_kwargs)
     )
     if switchmanagementcred.is_valid():
         switchmanagementcred.save()
-        messages.success(request, _("The switch management credentials were edited."))
+        messages.success(request, _(
+            "The switch management credentials were edited."))
         return redirect(reverse("preferences:display-options"))
     return form(
         {"preferenceform": switchmanagementcred, "action_name": _("Edit")},
@@ -410,7 +414,7 @@ def add_mailcontact(request):
         messages.success(request, _("The contact email address was created."))
         return redirect(reverse("preferences:display-options"))
     return form(
-        {"preferenceform": mailcontact, "action_name": _("Add"),},
+        {"preferenceform": mailcontact, "action_name": _("Add"), },
         "preferences/preferences.html",
         request,
     )
@@ -438,12 +442,14 @@ def edit_mailcontact(request, mailcontact_instance, **_kwargs):
 @can_delete_set(MailContact)
 def del_mailcontact(request, instances):
     """View used to delete one or several contact email addresses."""
-    mailcontacts = DelMailContactForm(request.POST or None, instances=instances)
+    mailcontacts = DelMailContactForm(
+        request.POST or None, instances=instances)
     if mailcontacts.is_valid():
         mailcontacts_dels = mailcontacts.cleaned_data["mailcontacts"]
         for mailcontacts_del in mailcontacts_dels:
             mailcontacts_del.delete()
-            messages.success(request, _("The contact email adress was deleted."))
+            messages.success(request, _(
+                "The contact email adress was deleted."))
         return redirect(reverse("preferences:display-options"))
     return form(
         {"preferenceform": mailcontacts, "action_name": _("Delete")},

From 9ff03d8c42ddbb7de9f672f683087f73ae0fc2ca Mon Sep 17 00:00:00 2001
From: chapeau <corentin@canebier.fr>
Date: Sun, 29 Nov 2020 18:19:46 +0100
Subject: [PATCH 2/2] lets be sure that api permissions wont trigger on
 functional views

---
 api/permissions.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/permissions.py b/api/permissions.py
index 1983bdc8..3ee61f33 100644
--- a/api/permissions.py
+++ b/api/permissions.py
@@ -239,6 +239,9 @@ class AutodetectACLPermission(permissions.BasePermission):
         if getattr(view, "_ignore_model_permissions", False):
             return True
 
+        if not getattr(view, "queryset", getattr(view, "get_queryset", None)):
+            return True
+
         if not request.user or not request.user.is_authenticated:
             return False
 
@@ -273,7 +276,8 @@ class AutodetectACLPermission(permissions.BasePermission):
             # they have read permissions to see 403, or not, and simply see
             # a 404 response.
 
-            SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
+            SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
+                            "POST", "PUT", "PATCH", "DELETE")
 
             if request.method in SAFE_METHODS:
                 # Read permissions already checked and failed, no need