From 8833f5fe3b03ae17c1a0a341a1ee7bf8e50a3d57 Mon Sep 17 00:00:00 2001 From: chirac Date: Sat, 9 Jul 2016 19:51:37 +0200 Subject: [PATCH] Restreint les champs possibles pour les users non cableurs --- machines/forms.py | 12 ++++++++++++ machines/views.py | 29 ++++++++++++++++++----------- users/models.py | 19 +++++++++---------- users/views.py | 7 +++++-- 4 files changed, 44 insertions(+), 23 deletions(-) diff --git a/machines/forms.py b/machines/forms.py index cf62788e..009db045 100644 --- a/machines/forms.py +++ b/machines/forms.py @@ -17,6 +17,10 @@ class NewMachineForm(EditMachineForm): class Meta(EditMachineForm.Meta): fields = ['type','name'] +class BaseEditMachineForm(EditMachineForm): + class Meta(EditMachineForm.Meta): + fields = ['type','name','active'] + class EditInterfaceForm(ModelForm): class Meta: model = Interface @@ -39,6 +43,14 @@ class NewInterfaceForm(EditInterfaceForm): class Meta(EditInterfaceForm.Meta): fields = ['mac_address','dns','details'] +class BaseEditInterfaceForm(EditInterfaceForm): + class Meta(EditInterfaceForm.Meta): + fields = ['ipv4','mac_address','dns','details'] + + def __init__(self, *args, **kwargs): + super(BaseEditInterfaceForm, self).__init__(*args, **kwargs) + self.fields['ipv4'].empty_label = "Assignation automatique de l'ipv4" + class MachineTypeForm(ModelForm): class Meta: model = MachineType diff --git a/machines/views.py b/machines/views.py index bd60fe1f..3b1501aa 100644 --- a/machines/views.py +++ b/machines/views.py @@ -9,7 +9,7 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required, permission_required from django.db.models import ProtectedError -from .forms import NewMachineForm, EditMachineForm, EditInterfaceForm, AddInterfaceForm, NewInterfaceForm, MachineTypeForm, DelMachineTypeForm, ExtensionForm, DelExtensionForm +from .forms import NewMachineForm, EditMachineForm, EditInterfaceForm, AddInterfaceForm, NewInterfaceForm, MachineTypeForm, DelMachineTypeForm, ExtensionForm, DelExtensionForm, BaseEditInterfaceForm, BaseEditMachineForm from .models import Machine, Interface, IpList, MachineType, Extension from users.models import User @@ -82,16 +82,20 @@ def edit_machine(request, interfaceid): except Interface.DoesNotExist: messages.error(request, u"Interface inexistante" ) return redirect("/machines") - if not request.user.has_perms(('cableur',)) and str(interface.machine.user.id)!=str(request.user.id): - messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit") - return redirect("/users/profil/" + str(request.user.id)) - machine_form = EditMachineForm(request.POST or None, instance=interface.machine) - interface_form = EditInterfaceForm(request.POST or None, instance=interface) + if not request.user.has_perms(('cableur',)): + if str(interface.machine.user.id)!=str(request.user.id): + messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit") + return redirect("/users/profil/" + str(request.user.id)) + machine_form = BaseEditMachineForm(request.POST or None, instance=interface.machine) + interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface) + else: + machine_form = EditMachineForm(request.POST or None, instance=interface.machine) + interface_form = EditInterfaceForm(request.POST or None, instance=interface) if machine_form.is_valid() and interface_form.is_valid(): machine_form.save() interface_form.save() messages.success(request, "La machine a été modifiée") - return redirect("/machines/") + return redirect("/users/profil/" + str(interface.machine.user.id)) return form({'machineform': machine_form, 'interfaceform': interface_form}, 'machines/machine.html', request) @login_required @@ -101,11 +105,14 @@ def new_interface(request, machineid): except Machine.DoesNotExist: messages.error(request, u"Machine inexistante" ) return redirect("/machines") - if not request.user.has_perms(('cableur',)) and str(machine.user.id)!=str(request.user.id): - messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit") - return redirect("/users/profil/" + str(request.user.id)) + if not request.user.has_perms(('cableur',)): + if str(machine.user.id)!=str(request.user.id): + messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit") + return redirect("/users/profil/" + str(request.user.id)) + machine_form = BaseEditMachineForm(request.POST or None, instance=machine) + else: + machine_form = EditMachineForm(request.POST or None, instance=machine) interface_form = AddInterfaceForm(request.POST or None) - machine_form = EditMachineForm(request.POST or None, instance=machine) if interface_form.is_valid() and machine_form.is_valid(): machine_form.save() new_interface = interface_form.save(commit=False) diff --git a/users/models.py b/users/models.py index 107ecaaf..297f71d4 100644 --- a/users/models.py +++ b/users/models.py @@ -207,12 +207,9 @@ class Whitelist(models.Model): def __str__(self): return str(self.user) + ' ' + str(self.raison) - -class InfoForm(ModelForm): - force = forms.BooleanField(label="Forcer le déménagement ?", initial=False, required=False) - +class BaseInfoForm(ModelForm): def __init__(self, *args, **kwargs): - super(InfoForm, self).__init__(*args, **kwargs) + super(BaseInfoForm, self).__init__(*args, **kwargs) self.fields['name'].label = 'Nom' self.fields['surname'].label = 'Prénom' self.fields['school'].label = 'Établissement' @@ -221,11 +218,6 @@ class InfoForm(ModelForm): self.fields['room'].empty_label = "Pas de chambre" self.fields['school'].empty_label = "Séléctionner un établissement" - def clean_force(self): - if self.cleaned_data.get('force', False): - remove_user_room(self.cleaned_data.get('room')) - return - class Meta: model = User fields = [ @@ -238,6 +230,13 @@ class InfoForm(ModelForm): 'room', ] +class InfoForm(BaseInfoForm): + force = forms.BooleanField(label="Forcer le déménagement ?", initial=False, required=False) + + def clean_force(self): + if self.cleaned_data.get('force', False): + remove_user_room(self.cleaned_data.get('room')) + return class UserForm(InfoForm): class Meta(InfoForm.Meta): diff --git a/users/views.py b/users/views.py index a0611348..976c4f56 100644 --- a/users/views.py +++ b/users/views.py @@ -12,7 +12,7 @@ from django.utils import timezone from users.models import User, Right, Ban, Whitelist, School from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm -from users.models import InfoForm, StateForm, RightForm, SchoolForm +from users.models import InfoForm, BaseInfoForm, StateForm, RightForm, SchoolForm from cotisations.models import Facture from machines.models import Machine, Interface from users.forms import PassForm @@ -112,7 +112,10 @@ def edit_info(request, userid): except User.DoesNotExist: messages.error(request, "Utilisateur inexistant") return redirect("/users/") - user = InfoForm(request.POST or None, instance=user) + if not request.user.has_perms(('cableur',)): + user = BaseInfoForm(request.POST or None, instance=user) + else: + user = InfoForm(request.POST or None, instance=user) if user.is_valid(): user.save() messages.success(request, "L'user a bien été modifié")