diff --git a/re2o/mixins.py b/re2o/mixins.py index f3858428..b3273807 100644 --- a/re2o/mixins.py +++ b/re2o/mixins.py @@ -104,13 +104,10 @@ class AclMixin(object): un object :param user_request: instance utilisateur qui fait la requête :return: soit True, soit False avec la raison de l'échec""" - return ( - user_request.has_perm( - cls.get_modulename() + '.add_' + cls.get_classname() - ), - (_("You don't have the right to create a %s object.") - % cls.get_classname()) - ) + if user_request.has_perm(cls.get_modulename() + '.add_' + cls.get_classname()): + return True, None + else: + return False, _("You don't have the right to create a %s object.") % cls.get_classname() def can_edit(self, user_request, *_args, **_kwargs): """Verifie que l'user a les bons droits pour editer @@ -118,13 +115,10 @@ class AclMixin(object): :param self: Instance à editer :param user_request: Utilisateur qui fait la requête :return: soit True, soit False avec la raison de l'échec""" - return ( - user_request.has_perm( - self.get_modulename() + '.change_' + self.get_classname() - ), - (_("You don't have the right to edit a %s object.") - % self.get_classname()) - ) + if user_request.has_perm(self.get_modulename() + '.change_' + self.get_classname()): + return True, None + else: + return False, _("You don't have the right to edit a %s object.") % self.get_classname() def can_delete(self, user_request, *_args, **_kwargs): """Verifie que l'user a les bons droits pour delete @@ -132,13 +126,10 @@ class AclMixin(object): :param self: Instance à delete :param user_request: Utilisateur qui fait la requête :return: soit True, soit False avec la raison de l'échec""" - return ( - user_request.has_perm( - self.get_modulename() + '.delete_' + self.get_classname() - ), - (_("You don't have the right to delete a %s object.") - % self.get_classname()) - ) + if user_request.has_perm(self.get_modulename() + '.delete_' + self.get_classname()): + return True, None + else: + return False, _("You don't have the right to delete a %s object.") % self.get_classname() @classmethod def can_view_all(cls, user_request, *_args, **_kwargs): @@ -146,13 +137,10 @@ class AclMixin(object): droit particulier view objet correspondant :param user_request: instance user qui fait l'edition :return: True ou False avec la raison de l'échec le cas échéant""" - return ( - user_request.has_perm( - cls.get_modulename() + '.view_' + cls.get_classname() - ), - (_("You don't have the right to view every %s object.") - % cls.get_classname()) - ) + if user_request.has_perm(cls.get_modulename() + '.view_' + cls.get_classname()): + return True, None + else: + return False, _("You don't have the right to view every %s object.") % cls.get_classname() def can_view(self, user_request, *_args, **_kwargs): """Vérifie qu'on peut bien voir cette instance particulière avec @@ -160,11 +148,8 @@ class AclMixin(object): :param self: instance à voir :param user_request: instance user qui fait l'edition :return: True ou False avec la raison de l'échec le cas échéant""" - return ( - user_request.has_perm( - self.get_modulename() + '.view_' + self.get_classname() - ), - (_("You don't have the right to view a %s object.") - % self.get_classname()) - ) + if user_request.has_perm(self.get_modulename() + '.view_' + self.get_classname()): + return True, None + else: + return False, _("You don't have the right to view a %s object.") % self.get_classname() diff --git a/users/models.py b/users/models.py index 823d1f7f..a4fe411f 100755 --- a/users/models.py +++ b/users/models.py @@ -858,6 +858,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, user_request one of its member, or if user_request is self, or if user_request has the 'cableur' right. """ + if self.state == self.STATE_FULL_ARCHIVE: + return False, _("You can't edit a full archived user. Please set active before.") if self.is_class_club and user_request.is_class_adherent: if (self == user_request or user_request.has_perm('users.change_user') or @@ -942,10 +944,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a state """ - return ( - user_request.has_perm('users.change_user_state'), - _("Permission required to change the state.") - ) + if user_request.has_perm('users.change_user_state'): + return True, None + else: + return False, _("Permission required to change the state.") def can_change_shell(self, user_request, *_args, **_kwargs): """ Check if a user can change a shell @@ -968,10 +970,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a redirection """ - return ( - OptionalUser.get_cached_value('local_email_accounts_enabled'), - _("Local email accounts must be enabled.") - ) + if OptionalUser.get_cached_value('local_email_accounts_enabled'): + return True, None + else: + return False, _("Local email accounts must be enabled.") @staticmethod def can_change_local_email_enabled(user_request, *_args, **_kwargs): @@ -981,10 +983,11 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change internal address """ - return ( - OptionalUser.get_cached_value('local_email_accounts_enabled'), - _("Local email accounts must be enabled.") - ) + if OptionalUser.get_cached_value('local_email_accounts_enabled'): + return True, None + else: + return False, _("Local email accounts must be enabled.") + @staticmethod def can_change_force(user_request, *_args, **_kwargs): @@ -994,10 +997,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a force """ - return ( - user_request.has_perm('users.change_user_force'), - _("Permission required to force the move.") - ) + if user_request.has_perm('users.change_user_force'): + return True, None + else: + return False, _("Permission required to force the move.") @staticmethod def can_change_groups(user_request, *_args, **_kwargs): @@ -1007,10 +1010,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a group """ - return ( - user_request.has_perm('users.change_user_groups'), - _("Permission required to edit the user's groups of rights.") - ) + if user_request.has_perm('users.change_user_groups'): + return True, None + else: + return False, _("Permission required to edit the user's groups of rights.") @staticmethod def can_change_is_superuser(user_request, *_args, **_kwargs): @@ -1019,10 +1022,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :param user_request: The user who request :returns: a message and a boolean which is True if permission is granted. """ - return ( - user_request.is_superuser, - _("'superuser' right required to edit the superuser flag.") - ) + if user_request.is_superuser: + return True, None + else: + return False, _("'superuser' right required to edit the superuser flag.") def can_view(self, user_request, *_args, **_kwargs): """Check if an user can view an user object. @@ -1032,18 +1035,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :return: A boolean telling if the acces is granted and an explanation text """ + extra_msg = None + if self.state == self.STATE_FULL_ARCHIVE and self != user_request: + extra_msg = _("Warning, this user is not active. ") + if not self.can_change_state(user_request): + extra_msg = _("Warning, this user is not active. Please contact your network administrator") if self.is_class_club and user_request.is_class_adherent: if (self == user_request or user_request.has_perm('users.view_user') or user_request.adherent in self.club.administrators.all() or user_request.adherent in self.club.members.all()): - return True, None + return True, extra_msg else: return False, _("You don't have the right to view this club.") else: if (self == user_request or user_request.has_perm('users.view_user')): - return True, None + return True, extra_msg else: return False, (_("You don't have the right to view another" " user.")) @@ -1056,10 +1064,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :return: True if the user can view the list and an explanation message. """ - return ( - user_request.has_perm('users.view_user'), - _("You don't have the right to view the list of users.") - ) + if user_request.has_perm('users.view_user'): + return True, None + else: + return False, _("You don't have the right to view the list of users.") def can_delete(self, user_request, *_args, **_kwargs): """Check if an user can delete an user object. @@ -1069,10 +1077,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :return: True if user_request has the right 'bureau', and a message. """ - return ( - user_request.has_perm('users.delete_user'), - _("You don't have the right to delete this user.") - ) + if user_request.has_perm('users.delete_user'): + return True, None + else: + return False, _("You don't have the right to delete this user.") def __init__(self, *args, **kwargs): super(User, self).__init__(*args, **kwargs) @@ -1163,11 +1171,10 @@ class Adherent(User): if (OptionalUser.get_cached_value('all_can_create_adherent') or OptionalUser.get_cached_value('self_adhesion')): return True, None + elif user_request.has_perm('users.add_user'): + return True, None else: - return ( - user_request.has_perm('users.add_user'), - _("You don't have the right to create a user.") - ) + return False, _("You don't have the right to create a user.") def clean(self, *args, **kwargs): """Format the GPG fingerprint""" @@ -1218,11 +1225,10 @@ class Club(User): else: if OptionalUser.get_cached_value('all_can_create_club'): return True, None + elif user_request.has_perm('users.add_user'): + return True, None else: - return ( - user_request.has_perm('users.add_user'), - _("You don't have the right to create a club.") - ) + return False, _("You don't have the right to create a club.") @staticmethod def can_view_all(user_request, *_args, **_kwargs): @@ -1634,6 +1640,7 @@ def whitelist_post_save(**kwargs): whitelist = kwargs['instance'] user = whitelist.user user.ldap_sync(base=False, access_refresh=True, mac_refresh=False) + user.set_active() is_created = kwargs['created'] regen('mailing') if is_created: