mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-30 00:22:25 +00:00
Regle des acl sur can_view_all
This commit is contained in:
parent
c9a9324d0f
commit
81f9aeb7df
2 changed files with 23 additions and 18 deletions
|
@ -909,6 +909,19 @@ class Club(User):
|
||||||
related_name='club_members'
|
related_name='club_members'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def can_view_all(user_request, *args, **kwargs):
|
||||||
|
"""Check if an user can access to the list of every user objects
|
||||||
|
|
||||||
|
:param user_request: The user who wants to view the list.
|
||||||
|
:return: True if the user can view the list and an explanation message.
|
||||||
|
"""
|
||||||
|
if user_request.has_perms(('cableur',)):
|
||||||
|
return True, None
|
||||||
|
if user_request.is_class_adherent:
|
||||||
|
if user_request.adherent.club_administrator.all() or user_request.adherent.club_members.all():
|
||||||
|
return True, None
|
||||||
|
return False, u"Vous n'avez pas accès à la liste des utilisateurs."
|
||||||
|
|
||||||
def get_instance(clubid, *args, **kwargs):
|
def get_instance(clubid, *args, **kwargs):
|
||||||
"""Try to find an instance of `Club` with the given id.
|
"""Try to find an instance of `Club` with the given id.
|
||||||
|
|
||||||
|
@ -1427,7 +1440,8 @@ class Ban(models.Model):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
return True, None
|
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
|
||||||
|
de voir tous les bannissements"
|
||||||
|
|
||||||
def can_view(self, user_request, *args, **kwargs):
|
def can_view(self, user_request, *args, **kwargs):
|
||||||
"""Check if an user can view a Ban object.
|
"""Check if an user can view a Ban object.
|
||||||
|
@ -1527,7 +1541,8 @@ class Whitelist(models.Model):
|
||||||
:param user_request: The user who wants to view the list.
|
:param user_request: The user who wants to view the list.
|
||||||
:return: True if the user can view the list and an explanation message.
|
:return: True if the user can view the list and an explanation message.
|
||||||
"""
|
"""
|
||||||
return True, None
|
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
|
||||||
|
droit de voir les accès gracieux"
|
||||||
|
|
||||||
def can_view(self, user_request, *args, **kwargs):
|
def can_view(self, user_request, *args, **kwargs):
|
||||||
"""Check if an user can view a Whitelist object.
|
"""Check if an user can view a Whitelist object.
|
||||||
|
|
|
@ -189,16 +189,10 @@ def select_user_edit_form(request, user):
|
||||||
- droit
|
- droit
|
||||||
- type d'object
|
- type d'object
|
||||||
"""
|
"""
|
||||||
if not request.user.has_perms(('cableur',)):
|
if user.is_class_adherent:
|
||||||
if user.is_class_adherent:
|
user = AdherentForm(request.POST or None, instance=user.adherent)
|
||||||
user = AdherentForm(request.POST or None, instance=user.adherent)
|
elif user.is_class_club:
|
||||||
elif user.is_class_club:
|
user = ClubForm(request.POST or None, instance=user.club)
|
||||||
user = ClubForm(request.POST or None, instance=user.club)
|
|
||||||
else:
|
|
||||||
if user.is_class_adherent:
|
|
||||||
user = FullAdherentForm(request.POST or None, instance=user.adherent)
|
|
||||||
elif user.is_class_club:
|
|
||||||
user = FullClubForm(request.POST or None, instance=user.club)
|
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
|
||||||
|
@ -641,16 +635,12 @@ def index(request):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@can_view_all(Club)
|
||||||
def index_clubs(request):
|
def index_clubs(request):
|
||||||
""" Affiche l'ensemble des clubs, need droit cableur """
|
""" Affiche l'ensemble des clubs, need droit cableur """
|
||||||
options, _created = GeneralOption.objects.get_or_create()
|
options, _created = GeneralOption.objects.get_or_create()
|
||||||
pagination_number = options.pagination_number
|
pagination_number = options.pagination_number
|
||||||
if not request.user.has_perms(('cableur',)):
|
clubs_list = Club.objects.select_related('room')
|
||||||
clubs_list = Club.objects.filter(
|
|
||||||
Q(administrators=request.user.adherent) | Q(members=request.user.adherent)
|
|
||||||
).distinct().select_related('room')
|
|
||||||
else:
|
|
||||||
clubs_list = Club.objects.select_related('room')
|
|
||||||
clubs_list = SortTable.sort(
|
clubs_list = SortTable.sort(
|
||||||
clubs_list,
|
clubs_list,
|
||||||
request.GET.get('col'),
|
request.GET.get('col'),
|
||||||
|
|
Loading…
Reference in a new issue