8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 11:23:10 +00:00
This commit is contained in:
Hugo Levy-Falk 2019-09-09 12:16:37 +02:00 committed by chirac
parent 3f9d613c3d
commit a9ebe331dd
2 changed files with 23 additions and 7 deletions

View file

@ -41,6 +41,8 @@ from re2o.utils import get_group_having_permission
def acl_error_message(msg, permissions): def acl_error_message(msg, permissions):
"""Create an error message for msg and permissions.""" """Create an error message for msg and permissions."""
if permissions is None:
return msg
groups = ", ".join([ groups = ", ".join([
g.name for g in get_group_having_permission(*permissions) g.name for g in get_group_having_permission(*permissions)
]) ])
@ -76,9 +78,11 @@ def acl_base_decorator(method_name, *targets, on_instance=True):
permission was granted. This is to allow you to run ACL tests on permission was granted. This is to allow you to run ACL tests on
fields only. If the method exists, it has to return a 2-tuple fields only. If the method exists, it has to return a 2-tuple
`(can, reason, permissions)` with `can` being a boolean stating `(can, reason, permissions)` with `can` being a boolean stating
whether the access is granted, `reason` a message to be whether the access is granted, `reason` an arror message to be
displayed if `can` equals `False` (can be `None`) and `permissions` displayed if `can` equals `False` (can be `None`) and `permissions`
a list of permissions needed for access (can be `None`). a list of permissions needed for access (can be `None`). If can is
True and permission is not `None`, a warning message will be
displayed.
*targets: The targets. Targets are specified like a sequence of models *targets: The targets. Targets are specified like a sequence of models
and fields names. As an example and fields names. As an example
``` ```
@ -172,10 +176,17 @@ ModelC)
yield can_change_fct(request.user, *args, **kwargs) yield can_change_fct(request.user, *args, **kwargs)
error_messages = [] error_messages = []
warning_messages = []
for target, fields in group_targets(): for target, fields in group_targets():
for can, msg, permissions in process_target(target, fields): for can, msg, permissions in process_target(target, fields):
if not can: if not can:
error_messages.append(acl_error_message(msg, permissions)) error_messages.append(acl_error_message(msg, permissions))
elif msg:
warning_messages.append(acl_error_message(msg, permissions))
if warning_messages:
for msg in warning_messages:
messages.warning(request, msg)
if error_messages: if error_messages:
for msg in error_messages: for msg in error_messages:

View file

@ -859,18 +859,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
user_request one of its member, or if user_request is self, or if user_request one of its member, or if user_request is self, or if
user_request has the 'cableur' right. user_request has the 'cableur' right.
""" """
if self.state in (self.STATE_ARCHIVE, self.STATE_FULL_ARCHIVE):
warning_message = _("This user is archived.")
else:
warning_message = None
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if (self == user_request or if (self == user_request or
user_request.has_perm('users.change_user') or user_request.has_perm('users.change_user') or
user_request.adherent in self.club.administrators.all()): user_request.adherent in self.club.administrators.all()):
return True, None, None return True, warning_message, None
else: else:
return False, _("You don't have the right to edit this club."), ('users.change_user',) return False, _("You don't have the right to edit this club."), ('users.change_user',)
else: else:
if self == user_request: if self == user_request:
return True, None, None return True, warning_message, None
elif user_request.has_perm('users.change_all_users'): elif user_request.has_perm('users.change_all_users'):
return True, None, None return True, warning_message, None
elif user_request.has_perm('users.change_user'): elif user_request.has_perm('users.change_user'):
if self.groups.filter(listright__critical=True): if self.groups.filter(listright__critical=True):
return ( return (
@ -886,9 +891,9 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
('users.change_all_users', ) ('users.change_all_users', )
) )
else: else:
return True, None, None return True, warning_message, None
elif user_request.has_perm('users.change_all_users'): elif user_request.has_perm('users.change_all_users'):
return True, None, None return True, warning_message, None
else: else:
return ( return (
False, False,