mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-12-03 18:12:24 +00:00
Verouille toutes les vues avec des acl, un user sans droit peut uniquement se modifier lui et ses machines
This commit is contained in:
parent
2076051635
commit
6e587c7d94
2 changed files with 22 additions and 1 deletions
|
@ -55,6 +55,9 @@ def new_machine(request, userid):
|
|||
except User.DoesNotExist:
|
||||
messages.error(request, u"Utilisateur inexistant" )
|
||||
return redirect("/machines/")
|
||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||
messages.error(request, "Vous ne pouvez pas ajouter une machine à un autre user que vous sans droit")
|
||||
return redirect("/users/profil/" + str(request.user.id))
|
||||
machine = NewMachineForm(request.POST or None)
|
||||
interface = AddInterfaceForm(request.POST or None)
|
||||
if machine.is_valid() and interface.is_valid():
|
||||
|
@ -79,6 +82,9 @@ def edit_machine(request, interfaceid):
|
|||
except Interface.DoesNotExist:
|
||||
messages.error(request, u"Interface inexistante" )
|
||||
return redirect("/machines")
|
||||
if not request.user.has_perms(('cableur',)) and str(interface.machine.user.id)!=str(request.user.id):
|
||||
messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit")
|
||||
return redirect("/users/profil/" + str(request.user.id))
|
||||
machine_form = EditMachineForm(request.POST or None, instance=interface.machine)
|
||||
interface_form = EditInterfaceForm(request.POST or None, instance=interface)
|
||||
if machine_form.is_valid() and interface_form.is_valid():
|
||||
|
@ -95,6 +101,9 @@ def new_interface(request, machineid):
|
|||
except Machine.DoesNotExist:
|
||||
messages.error(request, u"Machine inexistante" )
|
||||
return redirect("/machines")
|
||||
if not request.user.has_perms(('cableur',)) and str(machine.user.id)!=str(request.user.id):
|
||||
messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit")
|
||||
return redirect("/users/profil/" + str(request.user.id))
|
||||
interface_form = AddInterfaceForm(request.POST or None)
|
||||
machine_form = EditMachineForm(request.POST or None, instance=machine)
|
||||
if interface_form.is_valid() and machine_form.is_valid():
|
||||
|
|
|
@ -104,6 +104,9 @@ def new_user(request):
|
|||
|
||||
@login_required
|
||||
def edit_info(request, userid):
|
||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
||||
return redirect("/users/profil/" + str(request.user.id))
|
||||
try:
|
||||
user = User.objects.get(pk=userid)
|
||||
except User.DoesNotExist:
|
||||
|
@ -137,13 +140,18 @@ def state(request, userid):
|
|||
return form({'userform': state}, 'users/user.html', request)
|
||||
|
||||
@login_required
|
||||
@permission_required('bureau')
|
||||
def password(request, userid):
|
||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
||||
return redirect("/users/profil/" + str(request.user.id))
|
||||
try:
|
||||
user = User.objects.get(pk=userid)
|
||||
except User.DoesNotExist:
|
||||
messages.error(request, "Utilisateur inexistant")
|
||||
return redirect("/users/")
|
||||
if not request.user.has_perms(('bureau',)) and str(userid)!=str(request.user.id) and Right.objects.filter(user=user):
|
||||
messages.error(request, "Il faut les droits bureau pour modifier le mot de passe d'un membre actif")
|
||||
return redirect("/users/profil/" + str(request.user.id))
|
||||
u_form = PassForm(request.POST or None)
|
||||
if u_form.is_valid():
|
||||
if u_form.cleaned_data['passwd1'] != u_form.cleaned_data['passwd2']:
|
||||
|
@ -303,6 +311,7 @@ def del_school(request):
|
|||
return form({'userform': school}, 'users/user.html', request)
|
||||
|
||||
@login_required
|
||||
@permission_required('cableur')
|
||||
def index(request):
|
||||
users_list = User.objects.order_by('pk')
|
||||
connexion = []
|
||||
|
@ -340,6 +349,9 @@ def index_school(request):
|
|||
|
||||
@login_required
|
||||
def profil(request, userid):
|
||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||
messages.error(request, "Vous ne pouvez pas afficher un autre user que vous sans droit cableur")
|
||||
return redirect("/users/profil/" + str(request.user.id))
|
||||
try:
|
||||
users = User.objects.get(pk=userid)
|
||||
except User.DoesNotExist:
|
||||
|
|
Loading…
Reference in a new issue