mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-25 22:22:26 +00:00
Regle des acl sur can_view_all
This commit is contained in:
parent
63948821d3
commit
375f3038da
2 changed files with 23 additions and 18 deletions
|
@ -909,6 +909,19 @@ class Club(User):
|
|||
related_name='club_members'
|
||||
)
|
||||
|
||||
def can_view_all(user_request, *args, **kwargs):
|
||||
"""Check if an user can access to the list of every user objects
|
||||
|
||||
:param user_request: The user who wants to view the list.
|
||||
:return: True if the user can view the list and an explanation message.
|
||||
"""
|
||||
if user_request.has_perms(('cableur',)):
|
||||
return True, None
|
||||
if user_request.is_class_adherent:
|
||||
if user_request.adherent.club_administrator.all() or user_request.adherent.club_members.all():
|
||||
return True, None
|
||||
return False, u"Vous n'avez pas accès à la liste des utilisateurs."
|
||||
|
||||
def get_instance(clubid, *args, **kwargs):
|
||||
"""Try to find an instance of `Club` with the given id.
|
||||
|
||||
|
@ -1427,7 +1440,8 @@ class Ban(models.Model):
|
|||
:param user_request: The user who wants to view the list.
|
||||
:return: True if the user can view the list and an explanation message.
|
||||
"""
|
||||
return True, None
|
||||
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
|
||||
de voir tous les bannissements"
|
||||
|
||||
def can_view(self, user_request, *args, **kwargs):
|
||||
"""Check if an user can view a Ban object.
|
||||
|
@ -1527,7 +1541,8 @@ class Whitelist(models.Model):
|
|||
:param user_request: The user who wants to view the list.
|
||||
:return: True if the user can view the list and an explanation message.
|
||||
"""
|
||||
return True, None
|
||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
||||
droit de voir les accès gracieux"
|
||||
|
||||
def can_view(self, user_request, *args, **kwargs):
|
||||
"""Check if an user can view a Whitelist object.
|
||||
|
|
|
@ -189,16 +189,10 @@ def select_user_edit_form(request, user):
|
|||
- droit
|
||||
- type d'object
|
||||
"""
|
||||
if not request.user.has_perms(('cableur',)):
|
||||
if user.is_class_adherent:
|
||||
user = AdherentForm(request.POST or None, instance=user.adherent)
|
||||
elif user.is_class_club:
|
||||
user = ClubForm(request.POST or None, instance=user.club)
|
||||
else:
|
||||
if user.is_class_adherent:
|
||||
user = FullAdherentForm(request.POST or None, instance=user.adherent)
|
||||
elif user.is_class_club:
|
||||
user = FullClubForm(request.POST or None, instance=user.club)
|
||||
if user.is_class_adherent:
|
||||
user = AdherentForm(request.POST or None, instance=user.adherent)
|
||||
elif user.is_class_club:
|
||||
user = ClubForm(request.POST or None, instance=user.club)
|
||||
return user
|
||||
|
||||
|
||||
|
@ -641,16 +635,12 @@ def index(request):
|
|||
|
||||
|
||||
@login_required
|
||||
@can_view_all(Club)
|
||||
def index_clubs(request):
|
||||
""" Affiche l'ensemble des clubs, need droit cableur """
|
||||
options, _created = GeneralOption.objects.get_or_create()
|
||||
pagination_number = options.pagination_number
|
||||
if not request.user.has_perms(('cableur',)):
|
||||
clubs_list = Club.objects.filter(
|
||||
Q(administrators=request.user.adherent) | Q(members=request.user.adherent)
|
||||
).distinct().select_related('room')
|
||||
else:
|
||||
clubs_list = Club.objects.select_related('room')
|
||||
clubs_list = Club.objects.select_related('room')
|
||||
clubs_list = SortTable.sort(
|
||||
clubs_list,
|
||||
request.GET.get('col'),
|
||||
|
|
Loading…
Reference in a new issue