mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-09 11:26:27 +00:00
Fix #54
This commit is contained in:
Hugo Levy-Falk
chirac
parent
3f9d613c3d
commit
a9ebe331dd
2 changed files with 23 additions and 7 deletions
15
re2o/acl.py
15
re2o/acl.py
|
|
@ -41,6 +41,8 @@ from re2o.utils import get_group_having_permission
|
||||||
|
|
||||||
def acl_error_message(msg, permissions):
|
def acl_error_message(msg, permissions):
|
||||||
"""Create an error message for msg and permissions."""
|
"""Create an error message for msg and permissions."""
|
||||||
|
if permissions is None:
|
||||||
|
return msg
|
||||||
groups = ", ".join([
|
groups = ", ".join([
|
||||||
g.name for g in get_group_having_permission(*permissions)
|
g.name for g in get_group_having_permission(*permissions)
|
||||||
])
|
])
|
||||||
|
|
@ -76,9 +78,11 @@ def acl_base_decorator(method_name, *targets, on_instance=True):
|
||||||
permission was granted. This is to allow you to run ACL tests on
|
permission was granted. This is to allow you to run ACL tests on
|
||||||
fields only. If the method exists, it has to return a 2-tuple
|
fields only. If the method exists, it has to return a 2-tuple
|
||||||
`(can, reason, permissions)` with `can` being a boolean stating
|
`(can, reason, permissions)` with `can` being a boolean stating
|
||||||
whether the access is granted, `reason` a message to be
|
whether the access is granted, `reason` an arror message to be
|
||||||
displayed if `can` equals `False` (can be `None`) and `permissions`
|
displayed if `can` equals `False` (can be `None`) and `permissions`
|
||||||
a list of permissions needed for access (can be `None`).
|
a list of permissions needed for access (can be `None`). If can is
|
||||||
|
True and permission is not `None`, a warning message will be
|
||||||
|
displayed.
|
||||||
*targets: The targets. Targets are specified like a sequence of models
|
*targets: The targets. Targets are specified like a sequence of models
|
||||||
and fields names. As an example
|
and fields names. As an example
|
||||||
```
|
```
|
||||||
|
|
@ -172,10 +176,17 @@ ModelC)
|
||||||
yield can_change_fct(request.user, *args, **kwargs)
|
yield can_change_fct(request.user, *args, **kwargs)
|
||||||
|
|
||||||
error_messages = []
|
error_messages = []
|
||||||
|
warning_messages = []
|
||||||
for target, fields in group_targets():
|
for target, fields in group_targets():
|
||||||
for can, msg, permissions in process_target(target, fields):
|
for can, msg, permissions in process_target(target, fields):
|
||||||
if not can:
|
if not can:
|
||||||
error_messages.append(acl_error_message(msg, permissions))
|
error_messages.append(acl_error_message(msg, permissions))
|
||||||
|
elif msg:
|
||||||
|
warning_messages.append(acl_error_message(msg, permissions))
|
||||||
|
|
||||||
|
if warning_messages:
|
||||||
|
for msg in warning_messages:
|
||||||
|
messages.warning(request, msg)
|
||||||
|
|
||||||
if error_messages:
|
if error_messages:
|
||||||
for msg in error_messages:
|
for msg in error_messages:
|
||||||
|
|
|
||||||
|
|
@ -859,18 +859,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
|
||||||
user_request one of its member, or if user_request is self, or if
|
user_request one of its member, or if user_request is self, or if
|
||||||
user_request has the 'cableur' right.
|
user_request has the 'cableur' right.
|
||||||
"""
|
"""
|
||||||
|
if self.state in (self.STATE_ARCHIVE, self.STATE_FULL_ARCHIVE):
|
||||||
|
warning_message = _("This user is archived.")
|
||||||
|
else:
|
||||||
|
warning_message = None
|
||||||
|
|
||||||
if self.is_class_club and user_request.is_class_adherent:
|
if self.is_class_club and user_request.is_class_adherent:
|
||||||
if (self == user_request or
|
if (self == user_request or
|
||||||
user_request.has_perm('users.change_user') or
|
user_request.has_perm('users.change_user') or
|
||||||
user_request.adherent in self.club.administrators.all()):
|
user_request.adherent in self.club.administrators.all()):
|
||||||
return True, None, None
|
return True, warning_message, None
|
||||||
else:
|
else:
|
||||||
return False, _("You don't have the right to edit this club."), ('users.change_user',)
|
return False, _("You don't have the right to edit this club."), ('users.change_user',)
|
||||||
else:
|
else:
|
||||||
if self == user_request:
|
if self == user_request:
|
||||||
return True, None, None
|
return True, warning_message, None
|
||||||
elif user_request.has_perm('users.change_all_users'):
|
elif user_request.has_perm('users.change_all_users'):
|
||||||
return True, None, None
|
return True, warning_message, None
|
||||||
elif user_request.has_perm('users.change_user'):
|
elif user_request.has_perm('users.change_user'):
|
||||||
if self.groups.filter(listright__critical=True):
|
if self.groups.filter(listright__critical=True):
|
||||||
return (
|
return (
|
||||||
|
|
@ -886,9 +891,9 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
|
||||||
('users.change_all_users', )
|
('users.change_all_users', )
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
return True, None, None
|
return True, warning_message, None
|
||||||
elif user_request.has_perm('users.change_all_users'):
|
elif user_request.has_perm('users.change_all_users'):
|
||||||
return True, None, None
|
return True, warning_message, None
|
||||||
else:
|
else:
|
||||||
return (
|
return (
|
||||||
False,
|
False,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue