rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-25 22:22:26 +00:00
Code Issues Releases Wiki Activity

ACL

Browse source
This commit is contained in:
Hugo LEVY-FALK 2018-05-03 14:22:52 +02:00
parent 9d79ffb5ca
commit a5013920da
3 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
users/forms.py
View file

@ -447,7 +447,7 @@ class StateForm(FormRevMixin, ModelForm):
super(StateForm, self).__init__(*args, prefix=prefix, **kwargs) super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
class GroupForm(FormRevMixin, ModelForm): class GroupForm(FieldPermissionFormMixin, FormRevMixin, ModelForm):
""" Gestion des groupes d'un user""" """ Gestion des groupes d'un user"""
groups = forms.ModelMultipleChoiceField( groups = forms.ModelMultipleChoiceField(
Group.objects.all(), Group.objects.all(),
@ -462,7 +462,8 @@ class GroupForm(FormRevMixin, ModelForm):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__) prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs) super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
self.fields['is_superuser'].label = "Superuser" if 'is_superuser' in self.fields:
self.fields['is_superuser'].label = "Superuser"
class SchoolForm(FormRevMixin, ModelForm): class SchoolForm(FormRevMixin, ModelForm):

12
users/models.py
View file

@ -812,6 +812,18 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
"Droit requis pour éditer les groupes de l'user" "Droit requis pour éditer les groupes de l'user"
) )
@staticmethod
def can_change_is_superuser(user_request, *_args, **_kwargs):
""" Check if an user can change a is_superuser flag
:param user_request: The user who request
:returns: a message and a boolean which is True if permission is granted.
"""
return (
user_request.is_superuser,
"Droit superuser requis pour éditer le flag superuser"
)
def can_view(self, user_request, *_args, **_kwargs): def can_view(self, user_request, *_args, **_kwargs):
"""Check if an user can view an user object. """Check if an user can view an user object.

4
users/views.py
View file

@ -246,7 +246,7 @@ def state(request, user, userid):
@can_edit(User, 'groups') @can_edit(User, 'groups')
def groups(request, user, userid): def groups(request, user, userid):
""" View to edit the groups of a user """ """ View to edit the groups of a user """
group_form = GroupForm(request.POST or None, instance=user) group_form = GroupForm(request.POST or None, instance=user, user=request.user)
if group_form.is_valid(): if group_form.is_valid():
if group_form.changed_data: if group_form.changed_data:
group_form.save() group_form.save()
@ -295,7 +295,7 @@ def del_group(request, user, listrightid, **_kwargs):
@login_required @login_required
@can_edit(User, 'groups') @can_edit(User, 'is_superuser')
def del_superuser(request, user, **_kwargs): def del_superuser(request, user, **_kwargs):
"""Remove the superuser right of an user.""" """Remove the superuser right of an user."""
user.is_superuser = False user.is_superuser = False