Acl gérées cotée models, can_edit et can_view (vers les acl django...)

users/models.py

@@ -758,6 +758,21 @@ class User(AbstractBaseUser):
             num += 1
         return composed_pseudo(num)
 
+    def can_edit(self, user):
+        if self.is_class_club and user.is_class_adherent:
+            return self == user or user.has_perms(('cableur',))or\
+                user.adherent in self.club.administrators.all() 
+        else:
+            return self == user or user.has_perms(('cableur',))
+
+    def can_view(self, user):
+        if self.is_class_club and user.is_class_adherent:
+            return self == user or user.has_perms(('cableur',))or\
+                user.adherent in self.club.administrators.all() or\
+                user.adherent in self.club.members.all()
+        else:
+            return self == user or user.has_perms(('cableur',))
+
     def __str__(self):
         return self.pseudo
 

users/templates/users/sidebar.html

@@ -34,14 +34,17 @@ with this program; if not, write to the Free Software Foundation, Inc.,
             <i class="glyphicon glyphicon-plus"></i>
             Créer un club/association
         </a>
+   {% endif %}
+   {% if is_cableur %}
+	<a class="list-group-item list-group-item-info" href="{% url "users:index-clubs" %}">
+            <i class="glyphicon glyphicon-list"></i>
+            Clubs et assos
+        </a>
+ 
 	<a class="list-group-item list-group-item-info" href="{% url "users:index" %}">
             <i class="glyphicon glyphicon-list"></i>
             Adherents
         </a>
-	<a class="list-group-item list-group-item-info" href="{% url "users:index-clubs" %}">
-            <i class="glyphicon glyphicon-list"></i>
-            Clubs
-        </a>
 	<a class="list-group-item list-group-item-info" href="{% url "users:index-ban" %}">
             <i class="glyphicon glyphicon-list"></i>
             Bannissements

users/views.py

@@ -40,7 +40,7 @@ from django.shortcuts import get_object_or_404, render, redirect
 from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required, permission_required
-from django.db.models import ProtectedError
+from django.db.models import ProtectedError, Q
 from django.db import IntegrityError
 from django.utils import timezone
 from django.db import transaction
@@ -163,8 +163,7 @@ def edit_club_admin_members(request, clubid):
     except Club.DoesNotExist:
         messages.error(request, "Club inexistant")
         return redirect(reverse('users:index'))
-    if not request.user.has_perms(('cableur',))\
+    if not club_instance.can_edit(request.user):
-        and not request.user in club_instance.administrators.all():
         messages.error(request, "Vous ne pouvez pas accéder à ce menu")
         return redirect(reverse(
             'users:profil',
@@ -214,9 +213,8 @@ def edit_info(request, userid):
     except User.DoesNotExist:
         messages.error(request, "Utilisateur inexistant")
         return redirect(reverse('users:index'))
-    if not request.user.has_perms(('cableur',)) and user != request.user:
+    if not user.can_edit(request.user):
-        messages.error(request, "Vous ne pouvez pas modifier un autre\
+        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
-        user que vous sans droit cableur")
         return redirect(reverse(
             'users:profil',
             kwargs={'userid':str(request.user.id)}
@@ -279,9 +277,8 @@ def password(request, userid):
     except User.DoesNotExist:
         messages.error(request, "Utilisateur inexistant")
         return redirect(reverse('users'))
-    if not request.user.has_perms(('cableur',)) and user != request.user:
+    if not user.can_edit(request.user):
-        messages.error(request, "Vous ne pouvez pas modifier un\
+        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
-        autre user que vous sans droit cableur")
         return redirect(reverse(
             'users:profil',
             kwargs={'userid':str(request.user.id)}
@@ -722,11 +719,15 @@ def index(request):
 
 
 @login_required
-@permission_required('cableur')
 def index_clubs(request):
     """ Affiche l'ensemble des clubs, need droit cableur """
     options, _created = GeneralOption.objects.get_or_create()
     pagination_number = options.pagination_number
+    if not request.user.has_perms(('cableur',)):
+        clubs_list = Club.objects.filter(
+            Q(administrators=request.user.adherent) | Q(members=request.user.adherent)
+        ).distinct().select_related('room')
+    else:
         clubs_list = Club.objects.select_related('room')
     clubs_list = SortTable.sort(
         clubs_list,
@@ -853,10 +854,8 @@ def history(request, object_name, object_id):
         except User.DoesNotExist:
             messages.error(request, "Utilisateur inexistant")
             return redirect(reverse('users:index'))
-        if not request.user.has_perms(('cableur',)) and\
+        if not object_instance.can_view(request.user):
-                object_instance != request.user:
+            messages.error(request, "Vous ne pouvez pas afficher ce menu")
-            messages.error(request, "Vous ne pouvez pas afficher\
-            l'historique d'un autre user que vous sans droit cableur")
             return redirect(reverse(
                 'users:profil',
                 kwargs={'userid':str(request.user.id)}
@@ -947,9 +946,8 @@ def profil(request, userid):
     except User.DoesNotExist:
         messages.error(request, "Utilisateur inexistant")
         return redirect(reverse('users:index'))
-    if not request.user.has_perms(('cableur',)) and users != request.user:
+    if not users.can_view(request.user):
-        messages.error(request, "Vous ne pouvez pas afficher un autre user\
+        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
-        que vous sans droit cableur")
         return redirect(reverse(
             'users:profil',
             kwargs={'userid':str(request.user.id)}