8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-23 03:43:12 +00:00

helpful acl messages for users.models

This commit is contained in:
Hugo Levy-Falk 2019-09-06 01:09:13 +02:00
parent eaf9609024
commit 90defb5fcc

View file

@ -864,29 +864,38 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
if (self == user_request or if (self == user_request or
user_request.has_perm('users.change_user') or user_request.has_perm('users.change_user') or
user_request.adherent in self.club.administrators.all()): user_request.adherent in self.club.administrators.all()):
return True, None return True, None, None
else: else:
return False, _("You don't have the right to edit this club.") return False, _("You don't have the right to edit this club."), ('users.change_user',)
else: else:
if self == user_request: if self == user_request:
return True, None return True, None, None
elif user_request.has_perm('users.change_all_users'): elif user_request.has_perm('users.change_all_users'):
return True, None return True, None, None
elif user_request.has_perm('users.change_user'): elif user_request.has_perm('users.change_user'):
if self.groups.filter(listright__critical=True): if self.groups.filter(listright__critical=True):
return False, (_("User with critical rights, can't be" return (
" edited.")) False,
_("User with critical rights, can't be edited. "),
('users.change_all_users',)
)
elif self == AssoOption.get_cached_value('utilisateur_asso'): elif self == AssoOption.get_cached_value('utilisateur_asso'):
return False, (_("Impossible to edit the organisation's" return (
" user without the 'change_all_users'" False,
" right.")) _("Impossible to edit the organisation's"
" user without the 'change_all_users' right."),
('users.change_all_users', )
)
else: else:
return True, None return True, None, None
elif user_request.has_perm('users.change_all_users'): elif user_request.has_perm('users.change_all_users'):
return True, None return True, None, None
else: else:
return False, (_("You don't have the right to edit another" return (
" user.")) False,
_("You don't have the right to edit another user."),
('users.change_user', 'users.change_all_users')
)
def can_change_password(self, user_request, *_args, **_kwargs): def can_change_password(self, user_request, *_args, **_kwargs):
"""Check if a user can change a user's password """Check if a user can change a user's password
@ -901,21 +910,28 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
if (self == user_request or if (self == user_request or
user_request.has_perm('users.change_user_password') or user_request.has_perm('users.change_user_password') or
user_request.adherent in self.club.administrators.all()): user_request.adherent in self.club.administrators.all()):
return True, None return True, None, None
else: else:
return False, _("You don't have the right to edit this club.") return (
False,
_("You don't have the right to edit this club."),
('users.change_user_password',)
)
else: else:
if (self == user_request or if (self == user_request or
user_request.has_perm('users.change_user_groups')): user_request.has_perm('users.change_user_groups')):
# Peut éditer les groupes d'un user, # Peut éditer les groupes d'un user,
# c'est un privilège élevé, True # c'est un privilège élevé, True
return True, None return True, None, None
elif (user_request.has_perm('users.change_user') and elif (user_request.has_perm('users.change_user') and
not self.groups.all()): not self.groups.all()):
return True, None return True, None, None
else: else:
return False, (_("You don't have the right to edit another" return (
" user.")) False,
_("You don't have the right to edit another user."),
('users.change_user_groups', 'users.change_user')
)
def check_selfpasswd(self, user_request, *_args, **_kwargs): def check_selfpasswd(self, user_request, *_args, **_kwargs):
""" Returns (True, None) if user_request is self, else returns """ Returns (True, None) if user_request is self, else returns
@ -932,9 +948,13 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
if not ((self.pk == user_request.pk and OptionalUser.get_cached_value('self_change_room')) if not ((self.pk == user_request.pk and OptionalUser.get_cached_value('self_change_room'))
or user_request.has_perm('users.change_user')): or user_request.has_perm('users.change_user')):
return False, _("Permission required to change the room.") return (
False,
_("Permission required to change the room."),
('users.change_user',)
)
else: else:
return True, None return True, None, None
@staticmethod @staticmethod
def can_change_state(user_request, *_args, **_kwargs): def can_change_state(user_request, *_args, **_kwargs):
@ -946,7 +966,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
user_request.has_perm('users.change_user_state'), user_request.has_perm('users.change_user_state'),
_("Permission required to change the state.") _("Permission required to change the state."),
('users.change_user_state',)
) )
def can_change_shell(self, user_request, *_args, **_kwargs): def can_change_shell(self, user_request, *_args, **_kwargs):
@ -958,9 +979,13 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
if not ((self.pk == user_request.pk and OptionalUser.get_cached_value('self_change_shell')) if not ((self.pk == user_request.pk and OptionalUser.get_cached_value('self_change_shell'))
or user_request.has_perm('users.change_user_shell')): or user_request.has_perm('users.change_user_shell')):
return False, _("Permission required to change the shell.") return (
False,
_("Permission required to change the shell."),
('users.change_user_shell',)
)
else: else:
return True, None return True, None, None
@staticmethod @staticmethod
def can_change_local_email_redirect(user_request, *_args, **_kwargs): def can_change_local_email_redirect(user_request, *_args, **_kwargs):
@ -972,7 +997,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
OptionalUser.get_cached_value('local_email_accounts_enabled'), OptionalUser.get_cached_value('local_email_accounts_enabled'),
_("Local email accounts must be enabled.") _("Local email accounts must be enabled."),
None
) )
@staticmethod @staticmethod
@ -985,7 +1011,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
OptionalUser.get_cached_value('local_email_accounts_enabled'), OptionalUser.get_cached_value('local_email_accounts_enabled'),
_("Local email accounts must be enabled.") _("Local email accounts must be enabled."),
None
) )
@staticmethod @staticmethod
@ -998,7 +1025,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
user_request.has_perm('users.change_user_force'), user_request.has_perm('users.change_user_force'),
_("Permission required to force the move.") _("Permission required to force the move."),
('users.change_user_force',)
) )
@staticmethod @staticmethod
@ -1011,7 +1039,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
user_request.has_perm('users.change_user_groups'), user_request.has_perm('users.change_user_groups'),
_("Permission required to edit the user's groups of rights.") _("Permission required to edit the user's groups of rights."),
('users.change_user_groups')
) )
@staticmethod @staticmethod
@ -1023,7 +1052,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
user_request.is_superuser, user_request.is_superuser,
_("'superuser' right required to edit the superuser flag.") _("'superuser' right required to edit the superuser flag."),
[]
) )
def can_view(self, user_request, *_args, **_kwargs): def can_view(self, user_request, *_args, **_kwargs):
@ -1039,16 +1069,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
user_request.has_perm('users.view_user') or user_request.has_perm('users.view_user') or
user_request.adherent in self.club.administrators.all() or user_request.adherent in self.club.administrators.all() or
user_request.adherent in self.club.members.all()): user_request.adherent in self.club.members.all()):
return True, None return True, None, None
else: else:
return False, _("You don't have the right to view this club.") return (
False,
_("You don't have the right to view this club."),
('users.view_user',)
)
else: else:
if (self == user_request or if (self == user_request or
user_request.has_perm('users.view_user')): user_request.has_perm('users.view_user')):
return True, None return True, None, None
else: else:
return False, (_("You don't have the right to view another" return (
" user.")) False,
_("You don't have the right to view another user."),
('users.view_user',)
)
@staticmethod @staticmethod
def can_view_all(user_request, *_args, **_kwargs): def can_view_all(user_request, *_args, **_kwargs):
@ -1060,7 +1097,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
user_request.has_perm('users.view_user'), user_request.has_perm('users.view_user'),
_("You don't have the right to view the list of users.") _("You don't have the right to view the list of users."),
('users.view_user',)
) )
def can_delete(self, user_request, *_args, **_kwargs): def can_delete(self, user_request, *_args, **_kwargs):
@ -1073,7 +1111,8 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" """
return ( return (
user_request.has_perm('users.delete_user'), user_request.has_perm('users.delete_user'),
_("You don't have the right to delete this user.") _("You don't have the right to delete this user."),
('users.delete_user',)
) )
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
@ -1160,15 +1199,16 @@ class Adherent(User):
""" """
if (not user_request.is_authenticated and if (not user_request.is_authenticated and
not OptionalUser.get_cached_value('self_adhesion')): not OptionalUser.get_cached_value('self_adhesion')):
return False, None return False, _("Self adhesion is disabled."), None
else: else:
if (OptionalUser.get_cached_value('all_can_create_adherent') or if (OptionalUser.get_cached_value('all_can_create_adherent') or
OptionalUser.get_cached_value('self_adhesion')): OptionalUser.get_cached_value('self_adhesion')):
return True, None return True, None, None
else: else:
return ( return (
user_request.has_perm('users.add_user'), user_request.has_perm('users.add_user'),
_("You don't have the right to create a user.") _("You don't have the right to create a user."),
('users.add_user',)
) )
def clean(self, *args, **kwargs): def clean(self, *args, **kwargs):
@ -1216,14 +1256,15 @@ class Club(User):
an user or if the `options.all_can_create` is set. an user or if the `options.all_can_create` is set.
""" """
if not user_request.is_authenticated: if not user_request.is_authenticated:
return False, None return False, _("You must be authenticated."), None
else: else:
if OptionalUser.get_cached_value('all_can_create_club'): if OptionalUser.get_cached_value('all_can_create_club'):
return True, None return True, None, None
else: else:
return ( return (
user_request.has_perm('users.add_user'), user_request.has_perm('users.add_user'),
_("You don't have the right to create a club.") _("You don't have the right to create a club."),
('users.add_user',)
) )
@staticmethod @staticmethod
@ -1235,13 +1276,17 @@ class Club(User):
message. message.
""" """
if user_request.has_perm('users.view_user'): if user_request.has_perm('users.view_user'):
return True, None return True, None, None
if (hasattr(user_request, 'is_class_adherent') and if (hasattr(user_request, 'is_class_adherent') and
user_request.is_class_adherent): user_request.is_class_adherent):
if (user_request.adherent.club_administrator.all() or if (user_request.adherent.club_administrator.all() or
user_request.adherent.club_members.all()): user_request.adherent.club_members.all()):
return True, None return True, None, None
return False, _("You don't have the right to view the list of users.") return (
False,
_("You don't have the right to view the list of users."),
('users.view_user',)
)
@classmethod @classmethod
def get_instance(cls, clubid, *_args, **_kwargs): def get_instance(cls, clubid, *_args, **_kwargs):
@ -1553,10 +1598,13 @@ class Ban(RevMixin, AclMixin, models.Model):
""" """
if (not user_request.has_perm('users.view_ban') and if (not user_request.has_perm('users.view_ban') and
self.user != user_request): self.user != user_request):
return False, (_("You don't have the right to view bans other" return (
" than yours.")) False,
_("You don't have the right to view bans other than yours."),
('users.view_ban',)
)
else: else:
return True, None return True, None, None
def __str__(self): def __str__(self):
return str(self.user) + ' ' + str(self.raison) return str(self.user) + ' ' + str(self.raison)
@ -1620,10 +1668,13 @@ class Whitelist(RevMixin, AclMixin, models.Model):
""" """
if (not user_request.has_perm('users.view_whitelist') and if (not user_request.has_perm('users.view_whitelist') and
self.user != user_request): self.user != user_request):
return False, (_("You don't have the right to view whitelists" return (
" other than yours.")) False,
_("You don't have the right to view whitelists other than yours."),
('users.view_whitelist',)
)
else: else:
return True, None return True, None, None
def __str__(self): def __str__(self):
return str(self.user) + ' ' + str(self.raison) return str(self.user) + ' ' + str(self.raison)
@ -1892,17 +1943,29 @@ class EMailAddress(RevMixin, AclMixin, models.Model):
a local email account. a local email account.
""" """
if user_request.has_perm('users.add_emailaddress'): if user_request.has_perm('users.add_emailaddress'):
return True, None return True, None, None
if not OptionalUser.get_cached_value('local_email_accounts_enabled'): if not OptionalUser.get_cached_value('local_email_accounts_enabled'):
return False, _("The local email accounts are not enabled.") return (
if int(user_request.id) != int(userid): False,
return False, _("You don't have the right to add a local email" _("The local email accounts are not enabled."),
" account to another user.") None
elif user_request.email_address.count() >= OptionalUser.get_cached_value('max_email_address'):
return False, _("You reached the limit of {} local email accounts.").format(
OptionalUser.get_cached_value('max_email_address')
) )
return True, None if int(user_request.id) != int(userid):
return (
False,
_("You don't have the right to add a local email"
" account to another user."),
('users.add_emailaddress',)
)
elif user_request.email_address.count() >= OptionalUser.get_cached_value('max_email_address'):
return (
False,
_("You reached the limit of {} local email accounts.").format(
OptionalUser.get_cached_value('max_email_address')
),
None
)
return True, None, None
def can_view(self, user_request, *_args, **_kwargs): def can_view(self, user_request, *_args, **_kwargs):
"""Check if a user can view the local email account """Check if a user can view the local email account
@ -1915,13 +1978,21 @@ class EMailAddress(RevMixin, AclMixin, models.Model):
the local email account. the local email account.
""" """
if user_request.has_perm('users.view_emailaddress'): if user_request.has_perm('users.view_emailaddress'):
return True, None return True, None, None
if not OptionalUser.get_cached_value('local_email_accounts_enabled'): if not OptionalUser.get_cached_value('local_email_accounts_enabled'):
return False, _("The local email accounts are not enabled.") return (
False,
_("The local email accounts are not enabled."),
None
)
if user_request == self.user: if user_request == self.user:
return True, None return True, None, None
return False, _("You don't have the right to edit another user's local" return (
" email account.") False,
_("You don't have the right to edit another user's local"
" email account."),
('users.view_emailaddress',)
)
def can_delete(self, user_request, *_args, **_kwargs): def can_delete(self, user_request, *_args, **_kwargs):
"""Check if a user can delete the alias """Check if a user can delete the alias
@ -1934,16 +2005,24 @@ class EMailAddress(RevMixin, AclMixin, models.Model):
the local email account. the local email account.
""" """
if self.local_part == self.user.pseudo.lower(): if self.local_part == self.user.pseudo.lower():
return False, _("You can't delete a local email account whose" return (
" local part is the same as the username.") False,
_("You can't delete a local email account whose"
" local part is the same as the username."),
None
)
if user_request.has_perm('users.delete_emailaddress'): if user_request.has_perm('users.delete_emailaddress'):
return True, None return True, None, None
if not OptionalUser.get_cached_value('local_email_accounts_enabled'): if not OptionalUser.get_cached_value('local_email_accounts_enabled'):
return False, _("The local email accounts are not enabled.") return False, _("The local email accounts are not enabled."), None
if user_request == self.user: if user_request == self.user:
return True, None return True, None, None
return False, _("You don't have the right to delete another user's" return (
" local email account") False,
_("You don't have the right to delete another user's"
" local email account"),
('users.delete_emailaddress',)
)
def can_edit(self, user_request, *_args, **_kwargs): def can_edit(self, user_request, *_args, **_kwargs):
"""Check if a user can edit the alias """Check if a user can edit the alias
@ -1956,16 +2035,24 @@ class EMailAddress(RevMixin, AclMixin, models.Model):
the local email account. the local email account.
""" """
if self.local_part == self.user.pseudo.lower(): if self.local_part == self.user.pseudo.lower():
return False, _("You can't edit a local email account whose local" return (
" part is the same as the username.") False,
_("You can't edit a local email account whose local"
" part is the same as the username."),
None
)
if user_request.has_perm('users.change_emailaddress'): if user_request.has_perm('users.change_emailaddress'):
return True, None return True, None, None
if not OptionalUser.get_cached_value('local_email_accounts_enabled'): if not OptionalUser.get_cached_value('local_email_accounts_enabled'):
return False, _("The local email accounts are not enabled.") return False, _("The local email accounts are not enabled."), None
if user_request == self.user: if user_request == self.user:
return True, None return True, None, None
return False, _("You don't have the right to edit another user's local" return (
" email account.") False,
_("You don't have the right to edit another user's local"
" email account."),
('users.change_emailaddress',)
)
def clean(self, *args, **kwargs): def clean(self, *args, **kwargs):
self.local_part = self.local_part.lower() self.local_part = self.local_part.lower()