From 28ef82176f6bb8535b13221dfbc9f94deea7329c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Thu, 30 Nov 2017 20:38:16 +0000 Subject: [PATCH] Use @can_create and @can_edit on machines.models --- machines/models.py | 56 ++++---- machines/urls.py | 6 +- machines/views.py | 336 ++++++++------------------------------------- re2o/utils.py | 6 +- users/models.py | 4 +- 5 files changed, 95 insertions(+), 313 deletions(-) diff --git a/machines/models.py b/machines/models.py index f81fc41f..1f7b5ca9 100644 --- a/machines/models.py +++ b/machines/models.py @@ -58,9 +58,9 @@ class Machine(models.Model): def get_instance(machineid): return Machine.objects.get(pk=machineid) - def can_create(user_request, userid_dest): + def can_create(user_request, userid): try: - user = users.models.User.objects.get(pk=userid_dest) + user = users.models.User.objects.get(pk=userid) except users.models.User.DoesNotExist: return False, u"Utilisateur inexistant" options, created = preferences.models.OptionalMachine.objects.get_or_create() @@ -75,7 +75,7 @@ class Machine(models.Model): % max_lambdauser_interfaces return True, None - def can_edit(user_request, machine): + def can_edit(self, user_request): return True, None def __str__(self): @@ -106,7 +106,7 @@ class MachineType(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un type de machine" - def can_edit(user_request, machinetype): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des types de machine" return True, None @@ -221,14 +221,14 @@ class IpType(models.Model): self.clean() super(IpType, self).save(*args, **kwargs) - def get_instance(iptyeid): + def get_instance(iptypeid): return IpType.objects.get(pk=iptypeid) def can_create(user_request): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un type d'ip" - def can_edit(user_request, iptype): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des types d'ip" return True, None @@ -253,7 +253,7 @@ class Vlan(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un vlan" - def can_edit(user_request, vlan): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des vlans" return True, None @@ -299,7 +299,7 @@ class Nas(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un nas" - def can_edit(user_request, nas): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des nas" return True, None @@ -347,7 +347,7 @@ class SOA(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement SOA" - def can_edit(user_request, soa): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des enregistrements SOA" return True, None @@ -441,7 +441,7 @@ class Extension(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer une extension" - def can_edit(user_request, extension): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des extensions" return True, None @@ -478,7 +478,7 @@ class Mx(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement MX" - def can_edit(user_request, mx): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des enregstrements MX" return True, None @@ -506,7 +506,7 @@ class Ns(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement NS" - def can_edit(user_request, ns): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des enregistrements NS" return True, None @@ -530,7 +530,7 @@ class Txt(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement TXT" - def can_edit(user_request, txt): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des enregistrement TXT" return True, None @@ -595,7 +595,7 @@ class Srv(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement SRV" - def can_edit(user_request, srv): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des enregistrements SRV" return True, None @@ -720,9 +720,9 @@ class Interface(models.Model): def get_instance(interfaceid): return Interface.objects.get(pk=interfaceid) - def can_create(user_request, machineid_dest): + def can_create(user_request, machineid): try: - machine = Machine.objects.get(pk=machineid_dest) + machine = Machine.objects.get(pk=machineid) except Machine.DoesNotExist: return False, u"Machine inexistante" if not user_request.has_perms(('cableur',)): @@ -737,10 +737,10 @@ class Interface(models.Model): % max_lambdauser_interfaces return True, None - def can_edit(user_request, interface): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)) and \ not user_request.has_perms(('cableur',)) and \ - interface.machine.user != user_request: + self.machine.user != user_request: return False, u"Vous ne pouvez pas éditer une machine\ d'un autre user que vous sans droit" return True, None @@ -847,9 +847,9 @@ class Domain(models.Model): def get_instance(domainid): return Domain.objects.get(pk=domainid) - def can_create(user_request, interfaceid_dest): + def can_create(user_request, interfaceid): try: - interface = Interface.objects.get(pk=interfaceid_dest) + interface = Interface.objects.get(pk=interfaceid) except Interface.DoesNotExist: return False, u"Interface inexistante" if not user_request.has_perms(('cableur',)): @@ -868,10 +868,10 @@ class Domain(models.Model): % max_lambdauser_aliases return True, None - def can_edit(user_request, domain): + def can_edit(self, user_request): if not user_request.has_perms(('cableur',)) and ( - domain.cname is None or \ - domain.cname.interface_parent.machine.user != user_request + self.cname is None or \ + self.cname.interface_parent.machine.user != user_request ): return False, u"Vous ne pouvez pas ajouter un alias à une machine\ d'un autre user que vous sans droit" @@ -910,7 +910,7 @@ class IpList(models.Model): def can_create(user_request): return True, None - def can_edit(user_request, iplist): + def can_edit(self, user_request): return True, None def __str__(self): @@ -960,7 +960,7 @@ class Service(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un service" - def can_edit(user_request, service): + def can_edit(self, user_request): if not user_request.has_perms(('infra',)): return False, u"Vous n'avez pas le droit d'éditer des services" return True, None @@ -1011,7 +1011,7 @@ class Service_link(models.Model): def can_create(user_request): return True, None - def can_edit(user_request, servicelink): + def can_edit(self, user_request): return True, None def __str__(self): @@ -1034,7 +1034,7 @@ class OuverturePortList(models.Model): return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\ d'ouvrir un port" - def can_edit(user_request, ouvertureportlist): + def can_edit(self, user_request): if not user_request.has_perms(('bureau',)): return False, u"Vous n'avez pas le droit d'éditer des ouvertures de port" return True, None @@ -1115,7 +1115,7 @@ class OuverturePort(models.Model): def can_create(user_request): return True, None - def can_edit(user_request, ouvertureport): + def can_edit(self, user_request): return True, None def __str__(self): diff --git a/machines/urls.py b/machines/urls.py index c024cf56..1bece2f6 100644 --- a/machines/urls.py +++ b/machines/urls.py @@ -61,7 +61,7 @@ urlpatterns = [ url(r'^del_srv/$', views.del_srv, name='del-srv'), url(r'^index_extension/$', views.index_extension, name='index-extension'), url(r'^add_alias/(?P[0-9]+)$', views.add_alias, name='add-alias'), - url(r'^edit_alias/(?P[0-9]+)$', views.edit_alias, name='edit-alias'), + url(r'^edit_alias/(?P[0-9]+)$', views.edit_alias, name='edit-alias'), url(r'^del_alias/(?P[0-9]+)$', views.del_alias, name='del-alias'), url(r'^index_alias/(?P[0-9]+)$', views.index_alias, name='index-alias'), url(r'^add_service/$', views.add_service, name='add-service'), @@ -104,8 +104,8 @@ urlpatterns = [ url(r'^rest/service_servers/$', views.service_servers, name='service-servers'), url(r'^rest/ouverture_ports/$', views.ouverture_ports, name='ouverture-ports'), url(r'index_portlist/$', views.index_portlist, name='index-portlist'), - url(r'^edit_portlist/(?P[0-9]+)$', views.edit_portlist, name='edit-portlist'), - url(r'^del_portlist/(?P[0-9]+)$', views.del_portlist, name='del-portlist'), + url(r'^edit_portlist/(?P[0-9]+)$', views.edit_portlist, name='edit-portlist'), + url(r'^del_portlist/(?P[0-9]+)$', views.del_portlist, name='del-portlist'), url(r'^add_portlist/$', views.add_portlist, name='add-portlist'), url(r'^port_config/(?P[0-9]+)$', views.configure_ports, name='port-config'), diff --git a/machines/views.py b/machines/views.py index 44c8d066..32bfc712 100644 --- a/machines/views.py +++ b/machines/views.py @@ -123,7 +123,9 @@ from re2o.utils import ( all_active_assigned_interfaces, all_has_access, filter_active_interfaces, - SortTable + SortTable, + can_create, + can_edit ) from re2o.views import form @@ -210,20 +212,12 @@ def generate_ipv4_mbf_param( form, is_type_tt ): return i_mbf_param @login_required +@can_create(Machine) def new_machine(request, userid): """ Fonction de creation d'une machine. Cree l'objet machine, le sous objet interface et l'objet domain à partir de model forms. Trop complexe, devrait être simplifié""" - can, reason = Machine.can_create(request.user, userid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - # No need to check if userid exist, already done in can_create user = User.objects.get(pk=userid) machine = NewMachineForm(request.POST or None) interface = AddInterfaceForm( @@ -270,26 +264,18 @@ def new_machine(request, userid): ) @login_required -def edit_interface(request, interfaceid): +@can_edit(Interface) +def edit_interface(request, interface_instance, interfaceid): """ Edition d'une interface. Distingue suivant les droits les valeurs de interfaces et machines que l'user peut modifier infra permet de modifier le propriétaire""" - can, reason = Interface.can_edit(request.user, interfaceid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - interface = Interface.objects.get(pk=interfaceid) if not request.user.has_perms(('infra',)): - machine_form = BaseEditMachineForm(request.POST or None, instance=interface.machine) - interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface, infra=False) + machine_form = BaseEditMachineForm(request.POST or None, instance=interface_instance.machine) + interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface_instance, infra=False) else: - machine_form = EditMachineForm(request.POST or None, instance=interface.machine) - interface_form = EditInterfaceForm(request.POST or None, instance=interface) - domain_form = DomainForm(request.POST or None, instance=interface.domain) + machine_form = EditMachineForm(request.POST or None, instance=interface_instance.machine) + interface_form = EditInterfaceForm(request.POST or None, instance=interface_instance) + domain_form = DomainForm(request.POST or None, instance=interface_instance.domain) if machine_form.is_valid() and interface_form.is_valid() and domain_form.is_valid(): new_machine = machine_form.save(commit=False) new_interface = interface_form.save(commit=False) @@ -309,7 +295,7 @@ def edit_interface(request, interfaceid): messages.success(request, "La machine a été modifiée") return redirect(reverse( 'users:profil', - kwargs={'userid':str(interface.machine.user.id)} + kwargs={'userid':str(interface_instance.machine.user.id)} )) i_mbf_param = generate_ipv4_mbf_param( interface_form, False ) return form({'machineform': machine_form, 'interfaceform': interface_form, 'domainform': domain_form, 'i_mbf_param': i_mbf_param}, 'machines/machine.html', request) @@ -341,18 +327,10 @@ def del_machine(request, machineid): return form({'objet': machine, 'objet_name': 'machine'}, 'machines/delete.html', request) @login_required +@can_create(Interface) def new_interface(request, machineid): """ Ajoute une interface et son domain associé à une machine existante""" - can, reason = Interface.can_create(request.user, machineid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - # No need to check if machineid exist, already done in can_create machine = Machine.objects.get(pk=machineid) interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',))) domain_form = DomainForm(request.POST or None) @@ -409,17 +387,10 @@ def del_interface(request, interfaceid): return form({'objet': interface, 'objet_name': 'interface'}, 'machines/delete.html', request) @login_required +@can_create(IpType) def add_iptype(request): """ Ajoute un range d'ip. Intelligence dans le models, fonction views minimaliste""" - can, reason = IpType.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - iptype = IpTypeForm(request.POST or None) if iptype.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -431,18 +402,10 @@ def add_iptype(request): return form({'iptypeform': iptype}, 'machines/machine.html', request) @login_required -def edit_iptype(request, iptypeid): +@can_edit(IpType) +def edit_iptype(request, iptype_instance, iptypeid): """ Edition d'un range. Ne permet pas de le redimensionner pour éviter l'incohérence""" - - can, reason = IpType.can_edit(request.user, iptypeid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - iptype_instance = IpType.objects.get(pk=iptypeid) iptype = EditIpTypeForm(request.POST or None, instance=iptype_instance) if iptype.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -472,16 +435,9 @@ def del_iptype(request): return form({'iptypeform': iptype}, 'machines/machine.html', request) @login_required +@can_create(MachineType) def add_machinetype(request): - can, reason = MachineType.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - machinetype = MachineTypeForm(request.POST or None) if machinetype.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -493,17 +449,9 @@ def add_machinetype(request): return form({'machinetypeform': machinetype}, 'machines/machine.html', request) @login_required -def edit_machinetype(request, machinetypeid): +@can_edit(MachineType) +def edit_machinetype(request, machinetype_instance, machinetypeid): - can, reason = MachineType.can_edit(request.user, machinetypeid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - machinetype_instance = MachineType.objects.get(pk=machinetypeid) machinetype = MachineTypeForm(request.POST or None, instance=machinetype_instance) if machinetype.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -532,16 +480,9 @@ def del_machinetype(request): return form({'machinetypeform': machinetype}, 'machines/machine.html', request) @login_required +@can_create(Extension) def add_extension(request): - can, reason = Extension.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - extension = ExtensionForm(request.POST or None) if extension.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -553,17 +494,9 @@ def add_extension(request): return form({'extensionform': extension}, 'machines/machine.html', request) @login_required -def edit_extension(request, extensionid): +@can_edit(Extension) +def edit_extension(request, extension_instance, extensionid): - can, reason = Extension.can_edit(request.user, extensionid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - extension_instance = Extension.objects.get(pk=extensionid) extension = ExtensionForm(request.POST or None, instance=extension_instance) if extension.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -592,16 +525,9 @@ def del_extension(request): return form({'extensionform': extension}, 'machines/machine.html', request) @login_required +@can_create(SOA) def add_soa(request): - can, reason = SOA.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - soa = SOAForm(request.POST or None) if soa.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -613,17 +539,9 @@ def add_soa(request): return form({'soaform': soa}, 'machines/machine.html', request) @login_required -def edit_soa(request, soaid): +@can_edit(SOA) +def edit_soa(request, soa_instance, soaid): - can, reason = SOA.can_edit(request.user, soaid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - soa_instance = SOA.objects.get(pk=soaid) soa = SOAForm(request.POST or None, instance=soa_instance) if soa.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -652,16 +570,9 @@ def del_soa(request): return form({'soaform': soa}, 'machines/machine.html', request) @login_required +@can_create(Mx) def add_mx(request): - can, reason = Mx.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - mx = MxForm(request.POST or None) if mx.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -673,17 +584,9 @@ def add_mx(request): return form({'mxform': mx}, 'machines/machine.html', request) @login_required -def edit_mx(request, mxid): +@can_edit(Mx) +def edit_mx(request, mx_instance, mxid): - can, reason = Mx.can_edit(request.user, mxid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - mx_instance = Mx.objects.get(pk=mxid) mx = MxForm(request.POST or None, instance=mx_instance) if mx.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -712,16 +615,9 @@ def del_mx(request): return form({'mxform': mx}, 'machines/machine.html', request) @login_required +@can_create(Ns) def add_ns(request): - can, reason = Ns.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - ns = NsForm(request.POST or None) if ns.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -733,17 +629,9 @@ def add_ns(request): return form({'nsform': ns}, 'machines/machine.html', request) @login_required -def edit_ns(request, nsid): +@can_edit(Ns) +def edit_ns(request, ns_instance, nsid): - can, reason = Ns.can_edit(request.user, nsid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - ns_instance = Ns.objects.get(pk=nsid) ns = NsForm(request.POST or None, instance=ns_instance) if ns.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -772,16 +660,9 @@ def del_ns(request): return form({'nsform': ns}, 'machines/machine.html', request) @login_required +@can_create(Txt) def add_txt(request): - can, reason = Txt.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - txt = TxtForm(request.POST or None) if txt.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -793,17 +674,9 @@ def add_txt(request): return form({'txtform': txt}, 'machines/machine.html', request) @login_required -def edit_txt(request, txtid): +@can_edit(Txt) +def edit_txt(request, txt_instance, txtid): - can, reason = Txt.can_edit(request.user, txtid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - txt_instance = Txt.objects.get(pk=txtid) txt = TxtForm(request.POST or None, instance=txt_instance) if txt.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -832,16 +705,9 @@ def del_txt(request): return form({'txtform': txt}, 'machines/machine.html', request) @login_required +@can_create(Srv) def add_srv(request): - can, reason = Srv.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - srv = SrvForm(request.POST or None) if srv.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -853,17 +719,9 @@ def add_srv(request): return form({'srvform': srv}, 'machines/machine.html', request) @login_required -def edit_srv(request, srvid): +@can_edit(Srv) +def edit_srv(request, srv_instance, srvid): - can, reason = Srv.can_edit(request.user, srvid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - srv_instance = Srv.objects.get(pk=srvid) srv = SrvForm(request.POST or None, instance=srv_instance) if srv.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -892,17 +750,9 @@ def del_srv(request): return form({'srvform': srv}, 'machines/machine.html', request) @login_required +@can_create(Domain) def add_alias(request, interfaceid): - can, reason = Domain.can_create(request.user, interfaceid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - # No need to check if interfaceid exist, already done in can_create interface = Interface.objects.get(pk=interfaceid) alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',))) if alias.is_valid(): @@ -920,27 +770,19 @@ def add_alias(request, interfaceid): return form({'aliasform': alias}, 'machines/machine.html', request) @login_required -def edit_alias(request, aliasid): +@can_edit(Domain) +def edit_alias(request, domain_instance, domainid): - can, reason = Domain.can_edit(request.user, aliasid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - alias_instance = Domain.objects.get(pk=aliasid) - alias = AliasForm(request.POST or None, instance=alias_instance, infra=request.user.has_perms(('infra',))) + alias = AliasForm(request.POST or None, instance=domain_instance, infra=request.user.has_perms(('infra',))) if alias.is_valid(): with transaction.atomic(), reversion.create_revision(): - alias_instance = alias.save() + domain_instance = alias.save() reversion.set_user(request.user) reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in alias.changed_data)) messages.success(request, "Alias modifié") return redirect(reverse( 'machines:index-alias', - kwargs={'interfaceid':str(alias_instance.cname.interface_parent.id)} + kwargs={'interfaceid':str(domain_instance.cname.interface_parent.id)} )) return form({'aliasform': alias}, 'machines/machine.html', request) @@ -976,16 +818,9 @@ def del_alias(request, interfaceid): @login_required +@can_create(Service) def add_service(request): - can, reason = Service.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - service = ServiceForm(request.POST or None) if service.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -997,17 +832,9 @@ def add_service(request): return form({'serviceform': service}, 'machines/machine.html', request) @login_required -def edit_service(request, serviceid): +@can_edit(Service) +def edit_service(request, service_instance, serviceid): - can, reason = Service.can_edit(request.user, serviceid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - service_instance = Service.objects.get(pk=serviceid) service = ServiceForm(request.POST or None, instance=service_instance) if service.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1036,16 +863,9 @@ def del_service(request): return form({'serviceform': service}, 'machines/machine.html', request) @login_required +@can_create(Vlan) def add_vlan(request): - can, reason = Vlan.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - vlan = VlanForm(request.POST or None) if vlan.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1057,17 +877,9 @@ def add_vlan(request): return form({'vlanform': vlan}, 'machines/machine.html', request) @login_required -def edit_vlan(request, vlanid): +@can_edit(Vlan) +def edit_vlan(request, vlan_instance, vlanid): - can, reason = Vlan.can_edit(request.user, vlanid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - vlan_instance = Vlan.objects.get(pk=vlanid) vlan = VlanForm(request.POST or None, instance=vlan_instance) if vlan.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1096,16 +908,9 @@ def del_vlan(request): return form({'vlanform': vlan}, 'machines/machine.html', request) @login_required +@can_create(Nas) def add_nas(request): - can, reason = Nas.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - nas = NasForm(request.POST or None) if nas.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1117,17 +922,9 @@ def add_nas(request): return form({'nasform': nas}, 'machines/machine.html', request) @login_required -def edit_nas(request, nasid): +@can_edit(Nas) +def edit_nas(request, nas_instance, nasid): - can, reason = Nas.can_edit(request.user, nasid) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - nas_instance = Nas.objects.get(pk=nasid) nas = NasForm(request.POST or None, instance=nas_instance) if nas.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1369,18 +1166,10 @@ def index_portlist(request): return render(request, "machines/index_portlist.html", {'port_list':port_list}) @login_required -def edit_portlist(request, pk): +@can_edit(OuverturePortList) +def edit_portlist(request, ouvertureportlist_instance, ouvertureportlistid): - can, reason = OuverturePortList.can_edit(request.user, pk) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - - port_list_instance = OuverturePortList.objects.get(pk=pk) - port_list = EditOuverturePortListForm(request.POST or None, instance=port_list_instance) + port_list = EditOuverturePortListForm(request.POST or None, instance=ouvertureportlist_instance) port_formset = modelformset_factory( OuverturePort, fields=('begin','end','protocole','io'), @@ -1388,7 +1177,7 @@ def edit_portlist(request, pk): can_delete=True, min_num=1, validate_min=True, - )(request.POST or None, queryset=port_list_instance.ouvertureport_set.all()) + )(request.POST or None, queryset=ouvertureportlist_instance.ouvertureport_set.all()) if port_list.is_valid() and port_formset.is_valid(): pl = port_list.save() instances = port_formset.save(commit=False) @@ -1403,9 +1192,9 @@ def edit_portlist(request, pk): @login_required @permission_required('bureau') -def del_portlist(request, pk): +def del_portlist(request, ouvertureportlistid): try: - port_list_instance = OuverturePortList.objects.get(pk=pk) + port_list_instance = OuverturePortList.objects.get(pk=ouvertureportlistid) except OuverturePortList.DoesNotExist: messages.error(request, "Liste de ports inexistante") return redirect(reverse('machines:index-portlist')) @@ -1417,16 +1206,9 @@ def del_portlist(request, pk): return redirect(reverse('machines:index-portlist')) @login_required +@can_create(OuverturePortList) def add_portlist(request): - can, reason = OuverturePortList.can_create(request.user) - if not can: - messages.error(request, reason) - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - port_list = EditOuverturePortListForm(request.POST or None) port_formset = modelformset_factory( OuverturePort, diff --git a/re2o/utils.py b/re2o/utils.py index 866af9df..1f8143cb 100644 --- a/re2o/utils.py +++ b/re2o/utils.py @@ -57,8 +57,8 @@ def can_create(model): of models. """ def decorator(view): - def wrapper(request,*args, **kwargs): - can, msg = model.can_create(request.user) + def wrapper(request, *args, **kwargs): + can, msg = model.can_create(request.user, *args, **kwargs) if not can: messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") return redirect(reverse('users:profil', @@ -85,7 +85,7 @@ def can_edit(model): return redirect(reverse('users:profil', kwargs={'userid':str(request.user.id)} )) - can, msg = model.can_edit(instance, request.user) + can, msg = instance.can_edit(request.user) if not can: messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") return redirect(reverse('users:profil', diff --git a/users/models.py b/users/models.py index 9606482d..59d356a9 100644 --- a/users/models.py +++ b/users/models.py @@ -935,7 +935,7 @@ class ServiceUser(AbstractBaseUser): return user.has_perms(('infra',)), u"Vous n'avez pas le droit de\ créer un service user" - def can_edit(instance, user): + def can_edit(self, user): return user.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\ les services users" @@ -1119,7 +1119,7 @@ class Ban(models.Model): def __str__(self): return str(self.user) + ' ' + str(self.raison) - def can_create(user): + def can_create(user, userid): return user.has_perms(('bofh',)), u"Vous n'avez pas le droit de\ créer des bannissement"