rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-24 20:33:11 +00:00
Code Issues Releases Wiki Activity

Change default for msg on acl

Browse source
This commit is contained in:
detraz 2019-03-17 23:26:50 +01:00
parent 3e03fc0c49
commit 3ab860fccd
2 changed files with 69 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
re2o/mixins.py
View file

@ -104,13 +104,10 @@ class AclMixin(object):
un object un object
:param user_request: instance utilisateur qui fait la requête :param user_request: instance utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec""" :return: soit True, soit False avec la raison de l'échec"""
return ( if user_request.has_perm(cls.get_modulename() + '.add_' + cls.get_classname()):
user_request.has_perm( return True, None
cls.get_modulename() + '.add_' + cls.get_classname() else:
), return False, _("You don't have the right to create a %s object.") % cls.get_classname()
(_("You don't have the right to create a %s object.")
% cls.get_classname())
)
def can_edit(self, user_request, *_args, **_kwargs): def can_edit(self, user_request, *_args, **_kwargs):
"""Verifie que l'user a les bons droits pour editer """Verifie que l'user a les bons droits pour editer
@ -118,13 +115,10 @@ class AclMixin(object):
:param self: Instance à editer :param self: Instance à editer
:param user_request: Utilisateur qui fait la requête :param user_request: Utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec""" :return: soit True, soit False avec la raison de l'échec"""
return ( if user_request.has_perm(self.get_modulename() + '.change_' + self.get_classname()):
user_request.has_perm( return True, None
self.get_modulename() + '.change_' + self.get_classname() else:
), return False, _("You don't have the right to edit a %s object.") % self.get_classname()
(_("You don't have the right to edit a %s object.")
% self.get_classname())
)
def can_delete(self, user_request, *_args, **_kwargs): def can_delete(self, user_request, *_args, **_kwargs):
"""Verifie que l'user a les bons droits pour delete """Verifie que l'user a les bons droits pour delete
@ -132,13 +126,10 @@ class AclMixin(object):
:param self: Instance à delete :param self: Instance à delete
:param user_request: Utilisateur qui fait la requête :param user_request: Utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec""" :return: soit True, soit False avec la raison de l'échec"""
return ( if user_request.has_perm(self.get_modulename() + '.delete_' + self.get_classname()):
user_request.has_perm( return True, None
self.get_modulename() + '.delete_' + self.get_classname() else:
), return False, _("You don't have the right to delete a %s object.") % self.get_classname()
(_("You don't have the right to delete a %s object.")
% self.get_classname())
)
@classmethod @classmethod
def can_view_all(cls, user_request, *_args, **_kwargs): def can_view_all(cls, user_request, *_args, **_kwargs):
@ -146,13 +137,10 @@ class AclMixin(object):
droit particulier view objet correspondant droit particulier view objet correspondant
:param user_request: instance user qui fait l'edition :param user_request: instance user qui fait l'edition
:return: True ou False avec la raison de l'échec le cas échéant""" :return: True ou False avec la raison de l'échec le cas échéant"""
return ( if user_request.has_perm(cls.get_modulename() + '.view_' + cls.get_classname()):
user_request.has_perm( return True, None
cls.get_modulename() + '.view_' + cls.get_classname() else:
), return False, _("You don't have the right to view every %s object.") % cls.get_classname()
(_("You don't have the right to view every %s object.")
% cls.get_classname())
)
def can_view(self, user_request, *_args, **_kwargs): def can_view(self, user_request, *_args, **_kwargs):
"""Vérifie qu'on peut bien voir cette instance particulière avec """Vérifie qu'on peut bien voir cette instance particulière avec
@ -160,11 +148,8 @@ class AclMixin(object):
:param self: instance à voir :param self: instance à voir
:param user_request: instance user qui fait l'edition :param user_request: instance user qui fait l'edition
:return: True ou False avec la raison de l'échec le cas échéant""" :return: True ou False avec la raison de l'échec le cas échéant"""
return ( if user_request.has_perm(self.get_modulename() + '.view_' + self.get_classname()):
user_request.has_perm( return True, None
self.get_modulename() + '.view_' + self.get_classname() else:
), return False, _("You don't have the right to view a %s object.") % self.get_classname()
(_("You don't have the right to view a %s object.")
% self.get_classname())
)

91
users/models.py
View file

@ -858,6 +858,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
user_request one of its member, or if user_request is self, or if user_request one of its member, or if user_request is self, or if
user_request has the 'cableur' right. user_request has the 'cableur' right.
""" """
if self.state == self.STATE_FULL_ARCHIVE:
return False, _("You can't edit a full archived user. Please set active before.")
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if (self == user_request or if (self == user_request or
user_request.has_perm('users.change_user') or user_request.has_perm('users.change_user') or
@ -942,10 +944,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:returns: a message and a boolean which is True if the user has :returns: a message and a boolean which is True if the user has
the right to change a state the right to change a state
""" """
return ( if user_request.has_perm('users.change_user_state'):
user_request.has_perm('users.change_user_state'), return True, None
_("Permission required to change the state.") else:
) return False, _("Permission required to change the state.")
def can_change_shell(self, user_request, *_args, **_kwargs): def can_change_shell(self, user_request, *_args, **_kwargs):
""" Check if a user can change a shell """ Check if a user can change a shell
@ -968,10 +970,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:returns: a message and a boolean which is True if the user has :returns: a message and a boolean which is True if the user has
the right to change a redirection the right to change a redirection
""" """
return ( if OptionalUser.get_cached_value('local_email_accounts_enabled'):
OptionalUser.get_cached_value('local_email_accounts_enabled'), return True, None
_("Local email accounts must be enabled.") else:
) return False, _("Local email accounts must be enabled.")
@staticmethod @staticmethod
def can_change_local_email_enabled(user_request, *_args, **_kwargs): def can_change_local_email_enabled(user_request, *_args, **_kwargs):
@ -981,10 +983,11 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:returns: a message and a boolean which is True if the user has :returns: a message and a boolean which is True if the user has
the right to change internal address the right to change internal address
""" """
return ( if OptionalUser.get_cached_value('local_email_accounts_enabled'):
OptionalUser.get_cached_value('local_email_accounts_enabled'), return True, None
_("Local email accounts must be enabled.") else:
) return False, _("Local email accounts must be enabled.")
@staticmethod @staticmethod
def can_change_force(user_request, *_args, **_kwargs): def can_change_force(user_request, *_args, **_kwargs):
@ -994,10 +997,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:returns: a message and a boolean which is True if the user has :returns: a message and a boolean which is True if the user has
the right to change a force the right to change a force
""" """
return ( if user_request.has_perm('users.change_user_force'):
user_request.has_perm('users.change_user_force'), return True, None
_("Permission required to force the move.") else:
) return False, _("Permission required to force the move.")
@staticmethod @staticmethod
def can_change_groups(user_request, *_args, **_kwargs): def can_change_groups(user_request, *_args, **_kwargs):
@ -1007,10 +1010,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:returns: a message and a boolean which is True if the user has :returns: a message and a boolean which is True if the user has
the right to change a group the right to change a group
""" """
return ( if user_request.has_perm('users.change_user_groups'):
user_request.has_perm('users.change_user_groups'), return True, None
_("Permission required to edit the user's groups of rights.") else:
) return False, _("Permission required to edit the user's groups of rights.")
@staticmethod @staticmethod
def can_change_is_superuser(user_request, *_args, **_kwargs): def can_change_is_superuser(user_request, *_args, **_kwargs):
@ -1019,10 +1022,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:param user_request: The user who request :param user_request: The user who request
:returns: a message and a boolean which is True if permission is granted. :returns: a message and a boolean which is True if permission is granted.
""" """
return ( if user_request.is_superuser:
user_request.is_superuser, return True, None
_("'superuser' right required to edit the superuser flag.") else:
) return False, _("'superuser' right required to edit the superuser flag.")
def can_view(self, user_request, *_args, **_kwargs): def can_view(self, user_request, *_args, **_kwargs):
"""Check if an user can view an user object. """Check if an user can view an user object.
@ -1032,18 +1035,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:return: A boolean telling if the acces is granted and an explanation :return: A boolean telling if the acces is granted and an explanation
text text
""" """
extra_msg = None
if self.state == self.STATE_FULL_ARCHIVE and self != user_request:
extra_msg = _("Warning, this user is not active. ")
if not self.can_change_state(user_request):
extra_msg = _("Warning, this user is not active. Please contact your network administrator")
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if (self == user_request or if (self == user_request or
user_request.has_perm('users.view_user') or user_request.has_perm('users.view_user') or
user_request.adherent in self.club.administrators.all() or user_request.adherent in self.club.administrators.all() or
user_request.adherent in self.club.members.all()): user_request.adherent in self.club.members.all()):
return True, None return True, extra_msg
else: else:
return False, _("You don't have the right to view this club.") return False, _("You don't have the right to view this club.")
else: else:
if (self == user_request or if (self == user_request or
user_request.has_perm('users.view_user')): user_request.has_perm('users.view_user')):
return True, None return True, extra_msg
else: else:
return False, (_("You don't have the right to view another" return False, (_("You don't have the right to view another"
" user.")) " user."))
@ -1056,10 +1064,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:return: True if the user can view the list and an explanation :return: True if the user can view the list and an explanation
message. message.
""" """
return ( if user_request.has_perm('users.view_user'):
user_request.has_perm('users.view_user'), return True, None
_("You don't have the right to view the list of users.") else:
) return False, _("You don't have the right to view the list of users.")
def can_delete(self, user_request, *_args, **_kwargs): def can_delete(self, user_request, *_args, **_kwargs):
"""Check if an user can delete an user object. """Check if an user can delete an user object.
@ -1069,10 +1077,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
:return: True if user_request has the right 'bureau', and a :return: True if user_request has the right 'bureau', and a
message. message.
""" """
return ( if user_request.has_perm('users.delete_user'):
user_request.has_perm('users.delete_user'), return True, None
_("You don't have the right to delete this user.") else:
) return False, _("You don't have the right to delete this user.")
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super(User, self).__init__(*args, **kwargs) super(User, self).__init__(*args, **kwargs)
@ -1163,11 +1171,10 @@ class Adherent(User):
if (OptionalUser.get_cached_value('all_can_create_adherent') or if (OptionalUser.get_cached_value('all_can_create_adherent') or
OptionalUser.get_cached_value('self_adhesion')): OptionalUser.get_cached_value('self_adhesion')):
return True, None return True, None
elif user_request.has_perm('users.add_user'):
return True, None
else: else:
return ( return False, _("You don't have the right to create a user.")
user_request.has_perm('users.add_user'),
_("You don't have the right to create a user.")
)
def clean(self, *args, **kwargs): def clean(self, *args, **kwargs):
"""Format the GPG fingerprint""" """Format the GPG fingerprint"""
@ -1218,11 +1225,10 @@ class Club(User):
else: else:
if OptionalUser.get_cached_value('all_can_create_club'): if OptionalUser.get_cached_value('all_can_create_club'):
return True, None return True, None
elif user_request.has_perm('users.add_user'):
return True, None
else: else:
return ( return False, _("You don't have the right to create a club.")
user_request.has_perm('users.add_user'),
_("You don't have the right to create a club.")
)
@staticmethod @staticmethod
def can_view_all(user_request, *_args, **_kwargs): def can_view_all(user_request, *_args, **_kwargs):
@ -1634,6 +1640,7 @@ def whitelist_post_save(**kwargs):
whitelist = kwargs['instance'] whitelist = kwargs['instance']
user = whitelist.user user = whitelist.user
user.ldap_sync(base=False, access_refresh=True, mac_refresh=False) user.ldap_sync(base=False, access_refresh=True, mac_refresh=False)
user.set_active()
is_created = kwargs['created'] is_created = kwargs['created']
regen('mailing') regen('mailing')
if is_created: if is_created: