8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 11:23:10 +00:00

Nouveau système has_perm sur users

This commit is contained in:
Gabriel Detraz 2017-12-31 20:53:38 +01:00 committed by root
parent 69266829aa
commit 59c9a9d098
3 changed files with 119 additions and 40 deletions

View file

@ -0,0 +1,39 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2017-12-31 19:53
from __future__ import unicode_literals
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('users', '0064_auto_20171231_0150'),
]
operations = [
migrations.AlterModelOptions(
name='ban',
options={'permissions': (('view_ban', "Peut voir un objet ban quelqu'il soit"),)},
),
migrations.AlterModelOptions(
name='listright',
options={'permissions': (('view_listright', 'Peut voir un objet Group/ListRight'),)},
),
migrations.AlterModelOptions(
name='school',
options={'permissions': (('view_school', 'Peut voir un objet school'),)},
),
migrations.AlterModelOptions(
name='serviceuser',
options={'permissions': (('view_serviceuser', 'Peut voir un objet serviceuser'),)},
),
migrations.AlterModelOptions(
name='user',
options={'permissions': (('change_user_password', "Peut changer le mot de passe d'un user"), ('change_user_state', "Peut éditer l'etat d'un user"), ('change_user_force', 'Peut forcer un déménagement'), ('change_user_shell', "Peut éditer le shell d'un user"), ('change_user_groups', "Peut éditer les groupes d'un user ! Permission critique"), ('view_user', 'Peut voir un objet user quelquonque'))},
),
migrations.AlterModelOptions(
name='whitelist',
options={'permissions': (('view_whitelist', 'Peut voir un objet whitelist'),)},
),
]

View file

@ -226,6 +226,16 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
objects = UserManager() objects = UserManager()
class Meta:
permissions = (
("change_user_password", "Peut changer le mot de passe d'un user"),
("change_user_state", "Peut éditer l'etat d'un user"),
("change_user_force", "Peut forcer un déménagement"),
("change_user_shell", "Peut éditer le shell d'un user"),
("change_user_groups", "Peut éditer les groupes d'un user ! Permission critique"),
("view_user", "Peut voir un objet user quelquonque"),
)
@cached_property @cached_property
def name(self): def name(self):
"""Si il s'agit d'un adhérent, on renvoie le prénom""" """Si il s'agit d'un adhérent, on renvoie le prénom"""
@ -682,7 +692,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
if options.all_can_create: if options.all_can_create:
return True, None return True, None
else: else:
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.add_user'), u"Vous n'avez pas le\
droit de créer un utilisateur" droit de créer un utilisateur"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
@ -695,43 +705,48 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
user_request has the 'cableur' right. user_request has the 'cableur' right.
""" """
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\ if self == user_request or user_request.has_perm('users.change_user') or\
user_request.adherent in self.club.administrators.all(): user_request.adherent in self.club.administrators.all():
return True, None return True, None
else: else:
return False, u"Vous n'avez pas le droit d'éditer ce club" return False, u"Vous n'avez pas le droit d'éditer ce club"
else: else:
if self == user_request or user_request.has_perms(('cableur',)): if self == user_request or user_request.has_perm('users.change_user'):
return True, None return True, None
else: else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même" return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def can_change_password(self, user_request, *args, **kwargs): def can_change_password(self, user_request, *args, **kwargs):
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\ if self == user_request or user_request.has_perm('users.change_user_password') or\
user_request.adherent in self.club.administrators.all(): user_request.adherent in self.club.administrators.all():
return True, None return True, None
else: else:
return False, u"Vous n'avez pas le droit d'éditer ce club" return False, u"Vous n'avez pas le droit d'éditer ce club"
else: else:
if self == user_request or user_request.has_perms(('bureau',)): if self == user_request or user_request.has_perm('users.change_user_groups'):
# Peut éditer les groupes d'un user, c'est un privilège élevé, True
return True, None return True, None
elif user_request.has_perms(('cableur',)) and not Right.objects.filter(user=self): elif user_request.has_perm('users.change_user') and not self.groups.all():
return True, None return True, None
else: else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même" return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
@staticmethod @staticmethod
def can_change_state(user_request, *args, **kwargs): def can_change_state(user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), "Droit bureau requis pour changer l'état" return user_request.has_perm('users.change_user_state'), "Droit requis pour changer l'état"
@staticmethod @staticmethod
def can_change_shell(user_request, *args, **kwargs): def can_change_shell(user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), "Droit requis pour changer le shell" return user_request.has_perm('users.change_user_shell'), "Droit requis pour changer le shell"
@staticmethod @staticmethod
def can_change_force(user_request, *args, **kwargs): def can_change_force(user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), "Droit requis pour forcer le déménagement" return user_request.has_perm('users.change_user_force'), "Droit requis pour forcer le déménagement"
@staticmethod
def can_change_groups(user_request, *args, **kwargs):
return user_request.has_perm('users.change_user_groups'), "Droit requis pour éditer les groupes de l'user"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
"""Check if an user can delete an user object. """Check if an user can delete an user object.
@ -740,7 +755,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
:param user_request: The user who requests deletion. :param user_request: The user who requests deletion.
:return: True if user_request has the right 'bureau', and a message. :return: True if user_request has the right 'bureau', and a message.
""" """
if user_request.has_perms(('bureau',)): if user_request.has_perm('users.delete_user'):
return True, None return True, None
else: else:
return False, u"Vous ne pouvez pas supprimer cet utilisateur." return False, u"Vous ne pouvez pas supprimer cet utilisateur."
@ -751,7 +766,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
:param user_request: The user who wants to view the list. :param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message. :return: True if the user can view the list and an explanation message.
""" """
if user_request.has_perms(('cableur',)): if user_request.has_perm('users.view_user'):
return True, None return True, None
else: else:
return False, u"Vous n'avez pas accès à la liste des utilisateurs." return False, u"Vous n'avez pas accès à la liste des utilisateurs."
@ -765,14 +780,14 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
text text
""" """
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\ if self == user_request or user_request.has_perm('users.view_user') or\
user_request.adherent in self.club.administrators.all() or\ user_request.adherent in self.club.administrators.all() or\
user_request.adherent in self.club.members.all(): user_request.adherent in self.club.members.all():
return True, None return True, None
else: else:
return False, u"Vous n'avez pas le droit de voir ce club" return False, u"Vous n'avez pas le droit de voir ce club"
else: else:
if self == user_request or user_request.has_perms(('cableur',)): if self == user_request or user_request.has_perm('users.view_user'):
return True, None return True, None
else: else:
return False, u"Vous ne pouvez voir un autre utilisateur que vous même" return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
@ -830,7 +845,7 @@ class Club(User):
:param user_request: The user who wants to view the list. :param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message. :return: True if the user can view the list and an explanation message.
""" """
if user_request.has_perms(('cableur',)): if user_request.has_perm('users.view_user'):
return True, None return True, None
if user_request.is_class_adherent: if user_request.is_class_adherent:
if user_request.adherent.club_administrator.all() or user_request.adherent.club_members.all(): if user_request.adherent.club_administrator.all() or user_request.adherent.club_members.all():
@ -900,6 +915,11 @@ class ServiceUser(AbstractBaseUser):
USERNAME_FIELD = 'pseudo' USERNAME_FIELD = 'pseudo'
objects = UserManager() objects = UserManager()
class Meta:
permissions = (
("view_serviceuser", "Peut voir un objet serviceuser"),
)
def ldap_sync(self): def ldap_sync(self):
""" Synchronisation du ServiceUser dans sa version ldap""" """ Synchronisation du ServiceUser dans sa version ldap"""
try: try:
@ -945,7 +965,7 @@ class ServiceUser(AbstractBaseUser):
if options.all_can_create: if options.all_can_create:
return True, None return True, None
else: else:
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\ return user_request.has_perm('users.add_serviceuser'), u"Vous n'avez pas le droit de\
créer un service user" créer un service user"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
@ -955,7 +975,7 @@ class ServiceUser(AbstractBaseUser):
:param user_request: The user who requests to edit self. :param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted. :return: a message and a boolean which is True if edition is granted.
""" """
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\ return user_request.has_perm('users.change_serviceuser'), u"Vous n'avez pas le droit d'éditer\
les services users" les services users"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
@ -965,7 +985,7 @@ class ServiceUser(AbstractBaseUser):
:param user_request: The user who requests deletion. :param user_request: The user who requests deletion.
:return: True if user_request has the right 'infra', and a message. :return: True if user_request has the right 'infra', and a message.
""" """
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\ return user_request.has_perm('users.delete_serviceuser'), u"Vous n'avez pas le droit de\
supprimer un service user" supprimer un service user"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
@ -974,7 +994,7 @@ class ServiceUser(AbstractBaseUser):
:param user_request: The user who wants to view the list. :param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message. :return: True if the user can view the list and an explanation message.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\ return user_request.has_perm('users.view_serviceuser'), u"Vous n'avez pas le droit de\
voir un service user" voir un service user"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
@ -985,7 +1005,7 @@ class ServiceUser(AbstractBaseUser):
:return: A boolean telling if the acces is granted and an explanation :return: A boolean telling if the acces is granted and an explanation
text text
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\ return user_request.has_perm('users.view_serviceuser'), u"Vous n'avez pas le droit de\
voir un service user" voir un service user"
def __str__(self): def __str__(self):
@ -1011,6 +1031,11 @@ class School(models.Model):
name = models.CharField(max_length=255) name = models.CharField(max_length=255)
class Meta:
permissions = (
("view_school", "Peut voir un objet school"),
)
def get_instance(schoolid, *args, **kwargs): def get_instance(schoolid, *args, **kwargs):
return School.objects.get(pk=schoolid) return School.objects.get(pk=schoolid)
@ -1020,7 +1045,7 @@ class School(models.Model):
:param user_request: The user who wants to create a user object. :param user_request: The user who wants to create a user object.
:return: a message and a boolean which is True if the user can create. :return: a message and a boolean which is True if the user can create.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.add_school'), u"Vous n'avez pas le\
droit de créer des écoles" droit de créer des écoles"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
@ -1030,7 +1055,7 @@ class School(models.Model):
:param user_request: The user who requests to edit self. :param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted. :return: a message and a boolean which is True if edition is granted.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.change_school'), u"Vous n'avez pas le\
droit d'éditer des écoles" droit d'éditer des écoles"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
@ -1040,7 +1065,7 @@ class School(models.Model):
:param user_request: The user who requests deletion. :param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message. :return: True if deletion is granted, and a message.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.delete_school'), u"Vous n'avez pas le\
droit de supprimer des écoles" droit de supprimer des écoles"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
@ -1049,7 +1074,7 @@ class School(models.Model):
:param user_request: The user who wants to view the list. :param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message. :return: True if the user can view the list and an explanation message.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.view_school'), u"Vous n'avez pas le\
droit de voir les écoles" droit de voir les écoles"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
@ -1060,7 +1085,7 @@ class School(models.Model):
:return: A boolean telling if the acces is granted and an explanation :return: A boolean telling if the acces is granted and an explanation
text text
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.view_school'), u"Vous n'avez pas le\
droit de voir les écoles" droit de voir les écoles"
def __str__(self): def __str__(self):
@ -1091,6 +1116,11 @@ class ListRight(Group):
blank=True blank=True
) )
class Meta:
permissions = (
("view_listright", "Peut voir un objet Group/ListRight"),
)
def get_instance(listrightid, *args, **kwargs): def get_instance(listrightid, *args, **kwargs):
return ListRight.objects.get(pk=listrightid) return ListRight.objects.get(pk=listrightid)
@ -1100,7 +1130,7 @@ class ListRight(Group):
:param user_request: The user who wants to create a ListRight object. :param user_request: The user who wants to create a ListRight object.
:return: a message and a boolean which is True if the user can create. :return: a message and a boolean which is True if the user can create.
""" """
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.add_listright'), u"Vous n'avez pas le droit\
de créer des groupes de droits" de créer des groupes de droits"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
@ -1110,7 +1140,7 @@ class ListRight(Group):
:param user_request: The user who requests to edit self. :param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted. :return: a message and a boolean which is True if edition is granted.
""" """
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.change_listright'), u"Vous n'avez pas le droit\
d'éditer des groupes de droits" d'éditer des groupes de droits"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
@ -1120,7 +1150,7 @@ class ListRight(Group):
:param user_request: The user who requests deletion. :param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message. :return: True if deletion is granted, and a message.
""" """
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.delete_listright'), u"Vous n'avez pas le droit\
de supprimer des groupes de droits" de supprimer des groupes de droits"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
@ -1129,7 +1159,7 @@ class ListRight(Group):
:param user_request: The user who wants to view the list. :param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message. :return: True if the user can view the list and an explanation message.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.view_listright'), u"Vous n'avez pas le droit\
de voir les groupes de droits" de voir les groupes de droits"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
@ -1140,7 +1170,7 @@ class ListRight(Group):
:return: A boolean telling if the acces is granted and an explanation :return: A boolean telling if the acces is granted and an explanation
text text
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.view_listright'), u"Vous n'avez pas le droit\
de voir les groupes de droits" de voir les groupes de droits"
def __str__(self): def __str__(self):
@ -1211,6 +1241,11 @@ class Ban(models.Model):
date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S') date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S')
state = models.IntegerField(choices=STATES, default=STATE_HARD) state = models.IntegerField(choices=STATES, default=STATE_HARD)
class Meta:
permissions = (
("view_ban", "Peut voir un objet ban quelqu'il soit"),
)
def notif_ban(self): def notif_ban(self):
""" Prend en argument un objet ban, envoie un mail de notification """ """ Prend en argument un objet ban, envoie un mail de notification """
general_options, _created = GeneralOption.objects.get_or_create() general_options, _created = GeneralOption.objects.get_or_create()
@ -1244,7 +1279,7 @@ class Ban(models.Model):
:param user_request: The user who wants to create a Ban object. :param user_request: The user who wants to create a Ban object.
:return: a message and a boolean which is True if the user can create. :return: a message and a boolean which is True if the user can create.
""" """
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit de\ return user_request.has_perm('users.add_ban'), u"Vous n'avez pas le droit de\
créer des bannissements" créer des bannissements"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
@ -1254,7 +1289,7 @@ class Ban(models.Model):
:param user_request: The user who requests to edit self. :param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted. :return: a message and a boolean which is True if edition is granted.
""" """
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.change_ban'), u"Vous n'avez pas le droit\
d'éditer des bannissements" d'éditer des bannissements"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
@ -1264,7 +1299,7 @@ class Ban(models.Model):
:param user_request: The user who requests deletion. :param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message. :return: True if deletion is granted, and a message.
""" """
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.delete_ban'), u"Vous n'avez pas le droit\
de supprimer des bannissements" de supprimer des bannissements"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
@ -1273,7 +1308,7 @@ class Ban(models.Model):
:param user_request: The user who wants to view the list. :param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message. :return: True if the user can view the list and an explanation message.
""" """
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\ return user_request.has_perm('users.view_ban'), u"Vous n'avez pas le droit\
de voir tous les bannissements" de voir tous les bannissements"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
@ -1284,7 +1319,7 @@ class Ban(models.Model):
:return: A boolean telling if the acces is granted and an explanation :return: A boolean telling if the acces is granted and an explanation
text text
""" """
if not user_request.has_perms(('cableur',)) and\ if not user_request.has_perm('users.view_ban') and\
self.user != user_request: self.user != user_request:
return False, u"Vous n'avez pas le droit de voir les bannissements\ return False, u"Vous n'avez pas le droit de voir les bannissements\
autre que les vôtres" autre que les vôtres"
@ -1333,6 +1368,11 @@ class Whitelist(models.Model):
date_start = models.DateTimeField(auto_now_add=True) date_start = models.DateTimeField(auto_now_add=True)
date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S') date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S')
class Meta:
permissions = (
("view_whitelist", "Peut voir un objet whitelist"),
)
def is_active(self): def is_active(self):
return self.date_end > DT_NOW return self.date_end > DT_NOW
@ -1345,7 +1385,7 @@ class Whitelist(models.Model):
:param user_request: The user who wants to create a Whitelist object. :param user_request: The user who wants to create a Whitelist object.
:return: a message and a boolean which is True if the user can create. :return: a message and a boolean which is True if the user can create.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.add_whitelist'), u"Vous n'avez pas le\
droit de créer des accès gracieux" droit de créer des accès gracieux"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
@ -1355,7 +1395,7 @@ class Whitelist(models.Model):
:param user_request: The user who requests to edit self. :param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted. :return: a message and a boolean which is True if edition is granted.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.change_whitelist'), u"Vous n'avez pas le\
droit d'éditer des accès gracieux" droit d'éditer des accès gracieux"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
@ -1365,7 +1405,7 @@ class Whitelist(models.Model):
:param user_request: The user who requests deletion. :param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message. :return: True if deletion is granted, and a message.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.delete_whitelist'), u"Vous n'avez pas le\
droit de supprimer des accès gracieux" droit de supprimer des accès gracieux"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
@ -1374,7 +1414,7 @@ class Whitelist(models.Model):
:param user_request: The user who wants to view the list. :param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message. :return: True if the user can view the list and an explanation message.
""" """
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perm('users.view_whitelist'), u"Vous n'avez pas le\
droit de voir les accès gracieux" droit de voir les accès gracieux"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
@ -1385,7 +1425,7 @@ class Whitelist(models.Model):
:return: A boolean telling if the acces is granted and an explanation :return: A boolean telling if the acces is granted and an explanation
text text
""" """
if not user_request.has_perms(('cableur',)) and\ if not user_request.has_perm('users.view_whitelist') and\
self.user != user_request: self.user != user_request:
return False, u"Vous n'avez pas le droit de voir les accès\ return False, u"Vous n'avez pas le droit de voir les accès\
gracieux autre que les vôtres" gracieux autre que les vôtres"

View file

@ -243,7 +243,7 @@ def state(request, user, userid):
@login_required @login_required
@can_edit(User) @can_edit(User, 'groups')
def groups(request, user, userid): def groups(request, user, userid):
group = GroupForm(request.POST or None, instance=user) group = GroupForm(request.POST or None, instance=user)
if group.is_valid(): if group.is_valid():