mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-23 03:43:12 +00:00
Nouveau système has_perm sur users
This commit is contained in:
parent
8f6997ffd8
commit
61fb27e70b
3 changed files with 119 additions and 40 deletions
39
users/migrations/0065_auto_20171231_2053.py
Normal file
39
users/migrations/0065_auto_20171231_2053.py
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.10.7 on 2017-12-31 19:53
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0064_auto_20171231_0150'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='ban',
|
||||||
|
options={'permissions': (('view_ban', "Peut voir un objet ban quelqu'il soit"),)},
|
||||||
|
),
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='listright',
|
||||||
|
options={'permissions': (('view_listright', 'Peut voir un objet Group/ListRight'),)},
|
||||||
|
),
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='school',
|
||||||
|
options={'permissions': (('view_school', 'Peut voir un objet school'),)},
|
||||||
|
),
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='serviceuser',
|
||||||
|
options={'permissions': (('view_serviceuser', 'Peut voir un objet serviceuser'),)},
|
||||||
|
),
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='user',
|
||||||
|
options={'permissions': (('change_user_password', "Peut changer le mot de passe d'un user"), ('change_user_state', "Peut éditer l'etat d'un user"), ('change_user_force', 'Peut forcer un déménagement'), ('change_user_shell', "Peut éditer le shell d'un user"), ('change_user_groups', "Peut éditer les groupes d'un user ! Permission critique"), ('view_user', 'Peut voir un objet user quelquonque'))},
|
||||||
|
),
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='whitelist',
|
||||||
|
options={'permissions': (('view_whitelist', 'Peut voir un objet whitelist'),)},
|
||||||
|
),
|
||||||
|
]
|
118
users/models.py
118
users/models.py
|
@ -226,6 +226,16 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
|
||||||
|
|
||||||
objects = UserManager()
|
objects = UserManager()
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
permissions = (
|
||||||
|
("change_user_password", "Peut changer le mot de passe d'un user"),
|
||||||
|
("change_user_state", "Peut éditer l'etat d'un user"),
|
||||||
|
("change_user_force", "Peut forcer un déménagement"),
|
||||||
|
("change_user_shell", "Peut éditer le shell d'un user"),
|
||||||
|
("change_user_groups", "Peut éditer les groupes d'un user ! Permission critique"),
|
||||||
|
("view_user", "Peut voir un objet user quelquonque"),
|
||||||
|
)
|
||||||
|
|
||||||
@cached_property
|
@cached_property
|
||||||
def name(self):
|
def name(self):
|
||||||
"""Si il s'agit d'un adhérent, on renvoie le prénom"""
|
"""Si il s'agit d'un adhérent, on renvoie le prénom"""
|
||||||
|
@ -682,7 +692,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
|
||||||
if options.all_can_create:
|
if options.all_can_create:
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.add_user'), u"Vous n'avez pas le\
|
||||||
droit de créer un utilisateur"
|
droit de créer un utilisateur"
|
||||||
|
|
||||||
def can_edit(self, user_request, *args, **kwargs):
|
def can_edit(self, user_request, *args, **kwargs):
|
||||||
|
@ -695,43 +705,48 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
|
||||||
user_request has the 'cableur' right.
|
user_request has the 'cableur' right.
|
||||||
"""
|
"""
|
||||||
if self.is_class_club and user_request.is_class_adherent:
|
if self.is_class_club and user_request.is_class_adherent:
|
||||||
if self == user_request or user_request.has_perms(('cableur',)) or\
|
if self == user_request or user_request.has_perm('users.change_user') or\
|
||||||
user_request.adherent in self.club.administrators.all():
|
user_request.adherent in self.club.administrators.all():
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous n'avez pas le droit d'éditer ce club"
|
return False, u"Vous n'avez pas le droit d'éditer ce club"
|
||||||
else:
|
else:
|
||||||
if self == user_request or user_request.has_perms(('cableur',)):
|
if self == user_request or user_request.has_perm('users.change_user'):
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
||||||
|
|
||||||
def can_change_password(self, user_request, *args, **kwargs):
|
def can_change_password(self, user_request, *args, **kwargs):
|
||||||
if self.is_class_club and user_request.is_class_adherent:
|
if self.is_class_club and user_request.is_class_adherent:
|
||||||
if self == user_request or user_request.has_perms(('cableur',)) or\
|
if self == user_request or user_request.has_perm('users.change_user_password') or\
|
||||||
user_request.adherent in self.club.administrators.all():
|
user_request.adherent in self.club.administrators.all():
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous n'avez pas le droit d'éditer ce club"
|
return False, u"Vous n'avez pas le droit d'éditer ce club"
|
||||||
else:
|
else:
|
||||||
if self == user_request or user_request.has_perms(('bureau',)):
|
if self == user_request or user_request.has_perm('users.change_user_groups'):
|
||||||
|
# Peut éditer les groupes d'un user, c'est un privilège élevé, True
|
||||||
return True, None
|
return True, None
|
||||||
elif user_request.has_perms(('cableur',)) and not Right.objects.filter(user=self):
|
elif user_request.has_perm('users.change_user') and not self.groups.all():
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def can_change_state(user_request, *args, **kwargs):
|
def can_change_state(user_request, *args, **kwargs):
|
||||||
return user_request.has_perms(('bureau',)), "Droit bureau requis pour changer l'état"
|
return user_request.has_perm('users.change_user_state'), "Droit requis pour changer l'état"
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def can_change_shell(user_request, *args, **kwargs):
|
def can_change_shell(user_request, *args, **kwargs):
|
||||||
return user_request.has_perms(('cableur',)), "Droit requis pour changer le shell"
|
return user_request.has_perm('users.change_user_shell'), "Droit requis pour changer le shell"
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def can_change_force(user_request, *args, **kwargs):
|
def can_change_force(user_request, *args, **kwargs):
|
||||||
return user_request.has_perms(('cableur',)), "Droit requis pour forcer le déménagement"
|
return user_request.has_perm('users.change_user_force'), "Droit requis pour forcer le déménagement"
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def can_change_groups(user_request, *args, **kwargs):
|
||||||
|
return user_request.has_perm('users.change_user_groups'), "Droit requis pour éditer les groupes de l'user"
|
||||||
|
|
||||||
def can_delete(self, user_request, *args, **kwargs):
|
def can_delete(self, user_request, *args, **kwargs):
|
||||||
"""Check if an user can delete an user object.
|
"""Check if an user can delete an user object.
|
||||||
|
@ -740,7 +755,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
|
||||||
:param user_request: The user who requests deletion.
|
:param user_request: The user who requests deletion.
|
||||||
:return: True if user_request has the right 'bureau', and a message.
|
:return: True if user_request has the right 'bureau', and a message.
|
||||||
"""
|
"""
|
||||||
if user_request.has_perms(('bureau',)):
|
if user_request.has_perm('users.delete_user'):
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous ne pouvez pas supprimer cet utilisateur."
|
return False, u"Vous ne pouvez pas supprimer cet utilisateur."
|
||||||
|
@ -751,7 +766,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
if user_request.has_perms(('cableur',)):
|
if user_request.has_perm('users.view_user'):
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous n'avez pas accès à la liste des utilisateurs."
|
return False, u"Vous n'avez pas accès à la liste des utilisateurs."
|
||||||
|
@ -765,14 +780,14 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
|
||||||
text
|
text
|
||||||
"""
|
"""
|
||||||
if self.is_class_club and user_request.is_class_adherent:
|
if self.is_class_club and user_request.is_class_adherent:
|
||||||
if self == user_request or user_request.has_perms(('cableur',)) or\
|
if self == user_request or user_request.has_perm('users.view_user') or\
|
||||||
user_request.adherent in self.club.administrators.all() or\
|
user_request.adherent in self.club.administrators.all() or\
|
||||||
user_request.adherent in self.club.members.all():
|
user_request.adherent in self.club.members.all():
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous n'avez pas le droit de voir ce club"
|
return False, u"Vous n'avez pas le droit de voir ce club"
|
||||||
else:
|
else:
|
||||||
if self == user_request or user_request.has_perms(('cableur',)):
|
if self == user_request or user_request.has_perm('users.view_user'):
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
|
return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
|
||||||
|
@ -830,7 +845,7 @@ class Club(User):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
if user_request.has_perms(('cableur',)):
|
if user_request.has_perm('users.view_user'):
|
||||||
return True, None
|
return True, None
|
||||||
if user_request.is_class_adherent:
|
if user_request.is_class_adherent:
|
||||||
if user_request.adherent.club_administrator.all() or user_request.adherent.club_members.all():
|
if user_request.adherent.club_administrator.all() or user_request.adherent.club_members.all():
|
||||||
|
@ -900,6 +915,11 @@ class ServiceUser(AbstractBaseUser):
|
||||||
USERNAME_FIELD = 'pseudo'
|
USERNAME_FIELD = 'pseudo'
|
||||||
objects = UserManager()
|
objects = UserManager()
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
permissions = (
|
||||||
|
("view_serviceuser", "Peut voir un objet serviceuser"),
|
||||||
|
)
|
||||||
|
|
||||||
def ldap_sync(self):
|
def ldap_sync(self):
|
||||||
""" Synchronisation du ServiceUser dans sa version ldap"""
|
""" Synchronisation du ServiceUser dans sa version ldap"""
|
||||||
try:
|
try:
|
||||||
|
@ -945,7 +965,7 @@ class ServiceUser(AbstractBaseUser):
|
||||||
if options.all_can_create:
|
if options.all_can_create:
|
||||||
return True, None
|
return True, None
|
||||||
else:
|
else:
|
||||||
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\
|
return user_request.has_perm('users.add_serviceuser'), u"Vous n'avez pas le droit de\
|
||||||
créer un service user"
|
créer un service user"
|
||||||
|
|
||||||
def can_edit(self, user_request, *args, **kwargs):
|
def can_edit(self, user_request, *args, **kwargs):
|
||||||
|
@ -955,7 +975,7 @@ class ServiceUser(AbstractBaseUser):
|
||||||
:param user_request: The user who requests to edit self.
|
:param user_request: The user who requests to edit self.
|
||||||
:return: a message and a boolean which is True if edition is granted.
|
:return: a message and a boolean which is True if edition is granted.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\
|
return user_request.has_perm('users.change_serviceuser'), u"Vous n'avez pas le droit d'éditer\
|
||||||
les services users"
|
les services users"
|
||||||
|
|
||||||
def can_delete(self, user_request, *args, **kwargs):
|
def can_delete(self, user_request, *args, **kwargs):
|
||||||
|
@ -965,7 +985,7 @@ class ServiceUser(AbstractBaseUser):
|
||||||
:param user_request: The user who requests deletion.
|
:param user_request: The user who requests deletion.
|
||||||
:return: True if user_request has the right 'infra', and a message.
|
:return: True if user_request has the right 'infra', and a message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\
|
return user_request.has_perm('users.delete_serviceuser'), u"Vous n'avez pas le droit de\
|
||||||
supprimer un service user"
|
supprimer un service user"
|
||||||
|
|
||||||
def can_view_all(user_request, *args, **kwargs):
|
def can_view_all(user_request, *args, **kwargs):
|
||||||
|
@ -974,7 +994,7 @@ class ServiceUser(AbstractBaseUser):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\
|
return user_request.has_perm('users.view_serviceuser'), u"Vous n'avez pas le droit de\
|
||||||
voir un service user"
|
voir un service user"
|
||||||
|
|
||||||
def can_view(self, user_request, *args, **kwargs):
|
def can_view(self, user_request, *args, **kwargs):
|
||||||
|
@ -985,7 +1005,7 @@ class ServiceUser(AbstractBaseUser):
|
||||||
:return: A boolean telling if the acces is granted and an explanation
|
:return: A boolean telling if the acces is granted and an explanation
|
||||||
text
|
text
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\
|
return user_request.has_perm('users.view_serviceuser'), u"Vous n'avez pas le droit de\
|
||||||
voir un service user"
|
voir un service user"
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
@ -1011,6 +1031,11 @@ class School(models.Model):
|
||||||
|
|
||||||
name = models.CharField(max_length=255)
|
name = models.CharField(max_length=255)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
permissions = (
|
||||||
|
("view_school", "Peut voir un objet school"),
|
||||||
|
)
|
||||||
|
|
||||||
def get_instance(schoolid, *args, **kwargs):
|
def get_instance(schoolid, *args, **kwargs):
|
||||||
return School.objects.get(pk=schoolid)
|
return School.objects.get(pk=schoolid)
|
||||||
|
|
||||||
|
@ -1020,7 +1045,7 @@ class School(models.Model):
|
||||||
:param user_request: The user who wants to create a user object.
|
:param user_request: The user who wants to create a user object.
|
||||||
:return: a message and a boolean which is True if the user can create.
|
:return: a message and a boolean which is True if the user can create.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.add_school'), u"Vous n'avez pas le\
|
||||||
droit de créer des écoles"
|
droit de créer des écoles"
|
||||||
|
|
||||||
def can_edit(self, user_request, *args, **kwargs):
|
def can_edit(self, user_request, *args, **kwargs):
|
||||||
|
@ -1030,7 +1055,7 @@ class School(models.Model):
|
||||||
:param user_request: The user who requests to edit self.
|
:param user_request: The user who requests to edit self.
|
||||||
:return: a message and a boolean which is True if edition is granted.
|
:return: a message and a boolean which is True if edition is granted.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.change_school'), u"Vous n'avez pas le\
|
||||||
droit d'éditer des écoles"
|
droit d'éditer des écoles"
|
||||||
|
|
||||||
def can_delete(self, user_request, *args, **kwargs):
|
def can_delete(self, user_request, *args, **kwargs):
|
||||||
|
@ -1040,7 +1065,7 @@ class School(models.Model):
|
||||||
:param user_request: The user who requests deletion.
|
:param user_request: The user who requests deletion.
|
||||||
:return: True if deletion is granted, and a message.
|
:return: True if deletion is granted, and a message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.delete_school'), u"Vous n'avez pas le\
|
||||||
droit de supprimer des écoles"
|
droit de supprimer des écoles"
|
||||||
|
|
||||||
def can_view_all(user_request, *args, **kwargs):
|
def can_view_all(user_request, *args, **kwargs):
|
||||||
|
@ -1049,7 +1074,7 @@ class School(models.Model):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.view_school'), u"Vous n'avez pas le\
|
||||||
droit de voir les écoles"
|
droit de voir les écoles"
|
||||||
|
|
||||||
def can_view(self, user_request, *args, **kwargs):
|
def can_view(self, user_request, *args, **kwargs):
|
||||||
|
@ -1060,7 +1085,7 @@ class School(models.Model):
|
||||||
:return: A boolean telling if the acces is granted and an explanation
|
:return: A boolean telling if the acces is granted and an explanation
|
||||||
text
|
text
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.view_school'), u"Vous n'avez pas le\
|
||||||
droit de voir les écoles"
|
droit de voir les écoles"
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
@ -1091,6 +1116,11 @@ class ListRight(Group):
|
||||||
blank=True
|
blank=True
|
||||||
)
|
)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
permissions = (
|
||||||
|
("view_listright", "Peut voir un objet Group/ListRight"),
|
||||||
|
)
|
||||||
|
|
||||||
def get_instance(listrightid, *args, **kwargs):
|
def get_instance(listrightid, *args, **kwargs):
|
||||||
return ListRight.objects.get(pk=listrightid)
|
return ListRight.objects.get(pk=listrightid)
|
||||||
|
|
||||||
|
@ -1100,7 +1130,7 @@ class ListRight(Group):
|
||||||
:param user_request: The user who wants to create a ListRight object.
|
:param user_request: The user who wants to create a ListRight object.
|
||||||
:return: a message and a boolean which is True if the user can create.
|
:return: a message and a boolean which is True if the user can create.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.add_listright'), u"Vous n'avez pas le droit\
|
||||||
de créer des groupes de droits"
|
de créer des groupes de droits"
|
||||||
|
|
||||||
def can_edit(self, user_request, *args, **kwargs):
|
def can_edit(self, user_request, *args, **kwargs):
|
||||||
|
@ -1110,7 +1140,7 @@ class ListRight(Group):
|
||||||
:param user_request: The user who requests to edit self.
|
:param user_request: The user who requests to edit self.
|
||||||
:return: a message and a boolean which is True if edition is granted.
|
:return: a message and a boolean which is True if edition is granted.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.change_listright'), u"Vous n'avez pas le droit\
|
||||||
d'éditer des groupes de droits"
|
d'éditer des groupes de droits"
|
||||||
|
|
||||||
def can_delete(self, user_request, *args, **kwargs):
|
def can_delete(self, user_request, *args, **kwargs):
|
||||||
|
@ -1120,7 +1150,7 @@ class ListRight(Group):
|
||||||
:param user_request: The user who requests deletion.
|
:param user_request: The user who requests deletion.
|
||||||
:return: True if deletion is granted, and a message.
|
:return: True if deletion is granted, and a message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.delete_listright'), u"Vous n'avez pas le droit\
|
||||||
de supprimer des groupes de droits"
|
de supprimer des groupes de droits"
|
||||||
|
|
||||||
def can_view_all(user_request, *args, **kwargs):
|
def can_view_all(user_request, *args, **kwargs):
|
||||||
|
@ -1129,7 +1159,7 @@ class ListRight(Group):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.view_listright'), u"Vous n'avez pas le droit\
|
||||||
de voir les groupes de droits"
|
de voir les groupes de droits"
|
||||||
|
|
||||||
def can_view(self, user_request, *args, **kwargs):
|
def can_view(self, user_request, *args, **kwargs):
|
||||||
|
@ -1140,7 +1170,7 @@ class ListRight(Group):
|
||||||
:return: A boolean telling if the acces is granted and an explanation
|
:return: A boolean telling if the acces is granted and an explanation
|
||||||
text
|
text
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.view_listright'), u"Vous n'avez pas le droit\
|
||||||
de voir les groupes de droits"
|
de voir les groupes de droits"
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
@ -1211,6 +1241,11 @@ class Ban(models.Model):
|
||||||
date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S')
|
date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S')
|
||||||
state = models.IntegerField(choices=STATES, default=STATE_HARD)
|
state = models.IntegerField(choices=STATES, default=STATE_HARD)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
permissions = (
|
||||||
|
("view_ban", "Peut voir un objet ban quelqu'il soit"),
|
||||||
|
)
|
||||||
|
|
||||||
def notif_ban(self):
|
def notif_ban(self):
|
||||||
""" Prend en argument un objet ban, envoie un mail de notification """
|
""" Prend en argument un objet ban, envoie un mail de notification """
|
||||||
general_options, _created = GeneralOption.objects.get_or_create()
|
general_options, _created = GeneralOption.objects.get_or_create()
|
||||||
|
@ -1244,7 +1279,7 @@ class Ban(models.Model):
|
||||||
:param user_request: The user who wants to create a Ban object.
|
:param user_request: The user who wants to create a Ban object.
|
||||||
:return: a message and a boolean which is True if the user can create.
|
:return: a message and a boolean which is True if the user can create.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit de\
|
return user_request.has_perm('users.add_ban'), u"Vous n'avez pas le droit de\
|
||||||
créer des bannissements"
|
créer des bannissements"
|
||||||
|
|
||||||
def can_edit(self, user_request, *args, **kwargs):
|
def can_edit(self, user_request, *args, **kwargs):
|
||||||
|
@ -1254,7 +1289,7 @@ class Ban(models.Model):
|
||||||
:param user_request: The user who requests to edit self.
|
:param user_request: The user who requests to edit self.
|
||||||
:return: a message and a boolean which is True if edition is granted.
|
:return: a message and a boolean which is True if edition is granted.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.change_ban'), u"Vous n'avez pas le droit\
|
||||||
d'éditer des bannissements"
|
d'éditer des bannissements"
|
||||||
|
|
||||||
def can_delete(self, user_request, *args, **kwargs):
|
def can_delete(self, user_request, *args, **kwargs):
|
||||||
|
@ -1264,7 +1299,7 @@ class Ban(models.Model):
|
||||||
:param user_request: The user who requests deletion.
|
:param user_request: The user who requests deletion.
|
||||||
:return: True if deletion is granted, and a message.
|
:return: True if deletion is granted, and a message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.delete_ban'), u"Vous n'avez pas le droit\
|
||||||
de supprimer des bannissements"
|
de supprimer des bannissements"
|
||||||
|
|
||||||
def can_view_all(user_request, *args, **kwargs):
|
def can_view_all(user_request, *args, **kwargs):
|
||||||
|
@ -1273,7 +1308,7 @@ class Ban(models.Model):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
|
return user_request.has_perm('users.view_ban'), u"Vous n'avez pas le droit\
|
||||||
de voir tous les bannissements"
|
de voir tous les bannissements"
|
||||||
|
|
||||||
def can_view(self, user_request, *args, **kwargs):
|
def can_view(self, user_request, *args, **kwargs):
|
||||||
|
@ -1284,7 +1319,7 @@ class Ban(models.Model):
|
||||||
:return: A boolean telling if the acces is granted and an explanation
|
:return: A boolean telling if the acces is granted and an explanation
|
||||||
text
|
text
|
||||||
"""
|
"""
|
||||||
if not user_request.has_perms(('cableur',)) and\
|
if not user_request.has_perm('users.view_ban') and\
|
||||||
self.user != user_request:
|
self.user != user_request:
|
||||||
return False, u"Vous n'avez pas le droit de voir les bannissements\
|
return False, u"Vous n'avez pas le droit de voir les bannissements\
|
||||||
autre que les vôtres"
|
autre que les vôtres"
|
||||||
|
@ -1333,6 +1368,11 @@ class Whitelist(models.Model):
|
||||||
date_start = models.DateTimeField(auto_now_add=True)
|
date_start = models.DateTimeField(auto_now_add=True)
|
||||||
date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S')
|
date_end = models.DateTimeField(help_text='%d/%m/%y %H:%M:%S')
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
permissions = (
|
||||||
|
("view_whitelist", "Peut voir un objet whitelist"),
|
||||||
|
)
|
||||||
|
|
||||||
def is_active(self):
|
def is_active(self):
|
||||||
return self.date_end > DT_NOW
|
return self.date_end > DT_NOW
|
||||||
|
|
||||||
|
@ -1345,7 +1385,7 @@ class Whitelist(models.Model):
|
||||||
:param user_request: The user who wants to create a Whitelist object.
|
:param user_request: The user who wants to create a Whitelist object.
|
||||||
:return: a message and a boolean which is True if the user can create.
|
:return: a message and a boolean which is True if the user can create.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.add_whitelist'), u"Vous n'avez pas le\
|
||||||
droit de créer des accès gracieux"
|
droit de créer des accès gracieux"
|
||||||
|
|
||||||
def can_edit(self, user_request, *args, **kwargs):
|
def can_edit(self, user_request, *args, **kwargs):
|
||||||
|
@ -1355,7 +1395,7 @@ class Whitelist(models.Model):
|
||||||
:param user_request: The user who requests to edit self.
|
:param user_request: The user who requests to edit self.
|
||||||
:return: a message and a boolean which is True if edition is granted.
|
:return: a message and a boolean which is True if edition is granted.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.change_whitelist'), u"Vous n'avez pas le\
|
||||||
droit d'éditer des accès gracieux"
|
droit d'éditer des accès gracieux"
|
||||||
|
|
||||||
def can_delete(self, user_request, *args, **kwargs):
|
def can_delete(self, user_request, *args, **kwargs):
|
||||||
|
@ -1365,7 +1405,7 @@ class Whitelist(models.Model):
|
||||||
:param user_request: The user who requests deletion.
|
:param user_request: The user who requests deletion.
|
||||||
:return: True if deletion is granted, and a message.
|
:return: True if deletion is granted, and a message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.delete_whitelist'), u"Vous n'avez pas le\
|
||||||
droit de supprimer des accès gracieux"
|
droit de supprimer des accès gracieux"
|
||||||
|
|
||||||
def can_view_all(user_request, *args, **kwargs):
|
def can_view_all(user_request, *args, **kwargs):
|
||||||
|
@ -1374,7 +1414,7 @@ class Whitelist(models.Model):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
return user_request.has_perm('users.view_whitelist'), u"Vous n'avez pas le\
|
||||||
droit de voir les accès gracieux"
|
droit de voir les accès gracieux"
|
||||||
|
|
||||||
def can_view(self, user_request, *args, **kwargs):
|
def can_view(self, user_request, *args, **kwargs):
|
||||||
|
@ -1385,7 +1425,7 @@ class Whitelist(models.Model):
|
||||||
:return: A boolean telling if the acces is granted and an explanation
|
:return: A boolean telling if the acces is granted and an explanation
|
||||||
text
|
text
|
||||||
"""
|
"""
|
||||||
if not user_request.has_perms(('cableur',)) and\
|
if not user_request.has_perm('users.view_whitelist') and\
|
||||||
self.user != user_request:
|
self.user != user_request:
|
||||||
return False, u"Vous n'avez pas le droit de voir les accès\
|
return False, u"Vous n'avez pas le droit de voir les accès\
|
||||||
gracieux autre que les vôtres"
|
gracieux autre que les vôtres"
|
||||||
|
|
|
@ -243,7 +243,7 @@ def state(request, user, userid):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@can_edit(User)
|
@can_edit(User, 'groups')
|
||||||
def groups(request, user, userid):
|
def groups(request, user, userid):
|
||||||
group = GroupForm(request.POST or None, instance=user)
|
group = GroupForm(request.POST or None, instance=user)
|
||||||
if group.is_valid():
|
if group.is_valid():
|
||||||
|
|
Loading…
Reference in a new issue