8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 11:23:10 +00:00

Acl gérées cotée models, can_edit et can_view (vers les acl django...)

This commit is contained in:
Gabriel Detraz 2017-11-21 05:24:39 +01:00 committed by root
parent 394ada93e5
commit 772fdcaa1b
3 changed files with 39 additions and 23 deletions

View file

@ -758,6 +758,21 @@ class User(AbstractBaseUser):
num += 1 num += 1
return composed_pseudo(num) return composed_pseudo(num)
def can_edit(self, user):
if self.is_class_club and user.is_class_adherent:
return self == user or user.has_perms(('cableur',))or\
user.adherent in self.club.administrators.all()
else:
return self == user or user.has_perms(('cableur',))
def can_view(self, user):
if self.is_class_club and user.is_class_adherent:
return self == user or user.has_perms(('cableur',))or\
user.adherent in self.club.administrators.all() or\
user.adherent in self.club.members.all()
else:
return self == user or user.has_perms(('cableur',))
def __str__(self): def __str__(self):
return self.pseudo return self.pseudo

View file

@ -25,7 +25,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% block sidebar %} {% block sidebar %}
{% if is_cableur %} {% if is_cableur %}
<a class="list-group-item list-group-item-success" href="{% url "users:new-user" %}"> <a class="list-group-item list-group-item-success" href="{% url "users:new-user" %}">
<i class="glyphicon glyphicon-plus"></i> <i class="glyphicon glyphicon-plus"></i>
Créer un adhérent Créer un adhérent
@ -34,14 +34,17 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<i class="glyphicon glyphicon-plus"></i> <i class="glyphicon glyphicon-plus"></i>
Créer un club/association Créer un club/association
</a> </a>
{% endif %}
{% if is_cableur %}
<a class="list-group-item list-group-item-info" href="{% url "users:index-clubs" %}">
<i class="glyphicon glyphicon-list"></i>
Clubs et assos
</a>
<a class="list-group-item list-group-item-info" href="{% url "users:index" %}"> <a class="list-group-item list-group-item-info" href="{% url "users:index" %}">
<i class="glyphicon glyphicon-list"></i> <i class="glyphicon glyphicon-list"></i>
Adherents Adherents
</a> </a>
<a class="list-group-item list-group-item-info" href="{% url "users:index-clubs" %}">
<i class="glyphicon glyphicon-list"></i>
Clubs
</a>
<a class="list-group-item list-group-item-info" href="{% url "users:index-ban" %}"> <a class="list-group-item list-group-item-info" href="{% url "users:index-ban" %}">
<i class="glyphicon glyphicon-list"></i> <i class="glyphicon glyphicon-list"></i>
Bannissements Bannissements

View file

@ -40,7 +40,7 @@ from django.shortcuts import get_object_or_404, render, redirect
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.decorators import login_required, permission_required from django.contrib.auth.decorators import login_required, permission_required
from django.db.models import ProtectedError from django.db.models import ProtectedError, Q
from django.db import IntegrityError from django.db import IntegrityError
from django.utils import timezone from django.utils import timezone
from django.db import transaction from django.db import transaction
@ -163,8 +163,7 @@ def edit_club_admin_members(request, clubid):
except Club.DoesNotExist: except Club.DoesNotExist:
messages.error(request, "Club inexistant") messages.error(request, "Club inexistant")
return redirect(reverse('users:index')) return redirect(reverse('users:index'))
if not request.user.has_perms(('cableur',))\ if not club_instance.can_edit(request.user):
and not request.user in club_instance.administrators.all():
messages.error(request, "Vous ne pouvez pas accéder à ce menu") messages.error(request, "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
@ -214,9 +213,8 @@ def edit_info(request, userid):
except User.DoesNotExist: except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users:index')) return redirect(reverse('users:index'))
if not request.user.has_perms(('cableur',)) and user != request.user: if not user.can_edit(request.user):
messages.error(request, "Vous ne pouvez pas modifier un autre\ messages.error(request, "Vous ne pouvez pas accéder à ce menu")
user que vous sans droit cableur")
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
@ -279,9 +277,8 @@ def password(request, userid):
except User.DoesNotExist: except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users')) return redirect(reverse('users'))
if not request.user.has_perms(('cableur',)) and user != request.user: if not user.can_edit(request.user):
messages.error(request, "Vous ne pouvez pas modifier un\ messages.error(request, "Vous ne pouvez pas accéder à ce menu")
autre user que vous sans droit cableur")
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
@ -722,12 +719,16 @@ def index(request):
@login_required @login_required
@permission_required('cableur')
def index_clubs(request): def index_clubs(request):
""" Affiche l'ensemble des clubs, need droit cableur """ """ Affiche l'ensemble des clubs, need droit cableur """
options, _created = GeneralOption.objects.get_or_create() options, _created = GeneralOption.objects.get_or_create()
pagination_number = options.pagination_number pagination_number = options.pagination_number
clubs_list = Club.objects.select_related('room') if not request.user.has_perms(('cableur',)):
clubs_list = Club.objects.filter(
Q(administrators=request.user.adherent) | Q(members=request.user.adherent)
).distinct().select_related('room')
else:
clubs_list = Club.objects.select_related('room')
clubs_list = SortTable.sort( clubs_list = SortTable.sort(
clubs_list, clubs_list,
request.GET.get('col'), request.GET.get('col'),
@ -853,10 +854,8 @@ def history(request, object_name, object_id):
except User.DoesNotExist: except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users:index')) return redirect(reverse('users:index'))
if not request.user.has_perms(('cableur',)) and\ if not object_instance.can_view(request.user):
object_instance != request.user: messages.error(request, "Vous ne pouvez pas afficher ce menu")
messages.error(request, "Vous ne pouvez pas afficher\
l'historique d'un autre user que vous sans droit cableur")
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
@ -947,9 +946,8 @@ def profil(request, userid):
except User.DoesNotExist: except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users:index')) return redirect(reverse('users:index'))
if not request.user.has_perms(('cableur',)) and users != request.user: if not users.can_view(request.user):
messages.error(request, "Vous ne pouvez pas afficher un autre user\ messages.error(request, "Vous ne pouvez pas accéder à ce menu")
que vous sans droit cableur")
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}