mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-26 06:32:26 +00:00
Nouveau système de gestion des droits
This commit is contained in:
parent
f34b80155d
commit
bc9a38cd05
7 changed files with 79 additions and 12 deletions
|
@ -38,6 +38,7 @@ from django.forms import ModelForm, Form
|
||||||
from django.contrib.auth.forms import ReadOnlyPasswordHashField
|
from django.contrib.auth.forms import ReadOnlyPasswordHashField
|
||||||
from django.core.validators import MinLengthValidator
|
from django.core.validators import MinLengthValidator
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
from django.contrib.auth.models import Group, Permission
|
||||||
|
|
||||||
from preferences.models import OptionalUser
|
from preferences.models import OptionalUser
|
||||||
from .models import User, ServiceUser, School, ListRight, Whitelist
|
from .models import User, ServiceUser, School, ListRight, Whitelist
|
||||||
|
@ -409,6 +410,23 @@ class StateForm(ModelForm):
|
||||||
super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
|
super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
class GroupForm(ModelForm):
|
||||||
|
""" Gestion des groupes d'un user"""
|
||||||
|
groups = forms.ModelMultipleChoiceField(
|
||||||
|
Group.objects.all(),
|
||||||
|
widget=forms.CheckboxSelectMultiple,
|
||||||
|
required=False
|
||||||
|
)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = User
|
||||||
|
fields = ['groups']
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
||||||
|
super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class SchoolForm(ModelForm):
|
class SchoolForm(ModelForm):
|
||||||
"""Edition, creation d'un école"""
|
"""Edition, creation d'un école"""
|
||||||
class Meta:
|
class Meta:
|
||||||
|
@ -424,6 +442,12 @@ class SchoolForm(ModelForm):
|
||||||
class ListRightForm(ModelForm):
|
class ListRightForm(ModelForm):
|
||||||
"""Edition, d'un groupe , équivalent à un droit
|
"""Edition, d'un groupe , équivalent à un droit
|
||||||
Ne peremet pas d'editer le gid, car il sert de primary key"""
|
Ne peremet pas d'editer le gid, car il sert de primary key"""
|
||||||
|
permissions = forms.ModelMultipleChoiceField(
|
||||||
|
Permission.objects.all(),
|
||||||
|
widget=forms.CheckboxSelectMultiple,
|
||||||
|
required=False
|
||||||
|
)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = ListRight
|
model = ListRight
|
||||||
fields = ['name', 'unix_name', 'permissions', 'details']
|
fields = ['name', 'unix_name', 'permissions', 'details']
|
||||||
|
@ -457,9 +481,9 @@ class DelListRightForm(Form):
|
||||||
instances = kwargs.pop('instances', None)
|
instances = kwargs.pop('instances', None)
|
||||||
super(DelListRightForm, self).__init__(*args, **kwargs)
|
super(DelListRightForm, self).__init__(*args, **kwargs)
|
||||||
if instances:
|
if instances:
|
||||||
self.fields['unix_name'].queryset = instances
|
self.fields['listrights'].queryset = instances
|
||||||
else:
|
else:
|
||||||
self.fields['unix_name'].queryset = ListRight.objects.all()
|
self.fields['listrights'].queryset = ListRight.objects.all()
|
||||||
|
|
||||||
|
|
||||||
class DelSchoolForm(Form):
|
class DelSchoolForm(Form):
|
||||||
|
|
|
@ -1153,8 +1153,8 @@ class ListRight(Group):
|
||||||
except LdapUserGroup.DoesNotExist:
|
except LdapUserGroup.DoesNotExist:
|
||||||
group_ldap = LdapUserGroup(gid=self.gid)
|
group_ldap = LdapUserGroup(gid=self.gid)
|
||||||
group_ldap.name = self.listright
|
group_ldap.name = self.listright
|
||||||
group_ldap.members = [right.user.pseudo for right
|
group_ldap.members = [user.pseudo for user
|
||||||
in Right.objects.filter(right=self)]
|
in self.user_set.all()]
|
||||||
group_ldap.save()
|
group_ldap.save()
|
||||||
|
|
||||||
def ldap_del(self):
|
def ldap_del(self):
|
||||||
|
|
|
@ -38,8 +38,20 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
<tr>
|
<tr>
|
||||||
<td>{{ listright.name }}</td>
|
<td>{{ listright.name }}</td>
|
||||||
<td>{{ listright.gid }}</td>
|
<td>{{ listright.gid }}</td>
|
||||||
<td>{{ listright.permissions.all }}</td>
|
<td>
|
||||||
<td>{{ listright.user_set.all }}</td>
|
<div class="dropdown">
|
||||||
|
<button class="btn btn-default dropdown-toggle" type="button" id="listpermissions" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
|
||||||
|
Ensemble des permissions <span class="caret"></span>
|
||||||
|
</button>
|
||||||
|
<ul class="dropdown-menu" aria-labelledby="listpermissions">
|
||||||
|
{% for perm in listright.permissions.all %}
|
||||||
|
<li>
|
||||||
|
{{ perm.name }}
|
||||||
|
</li>
|
||||||
|
{% endfor %}
|
||||||
|
</ul>
|
||||||
|
</div></td>
|
||||||
|
<td>{% for user in listright.user_set.all %}{{user}} <a role="button" href="{% url 'users:del-group' user.id listright.id %}" title="{{ desc|default:"Supprimer" }}"><i class="glyphicon glyphicon-remove" style="color:red"></i></a> | {% endfor %}</td>
|
||||||
<td>{{ listright.details }}</td>
|
<td>{{ listright.details }}</td>
|
||||||
<td class="text-right">
|
<td class="text-right">
|
||||||
{% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
|
{% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
|
||||||
|
|
|
@ -42,7 +42,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
<i class="glyphicon glyphicon-flash"></i>
|
<i class="glyphicon glyphicon-flash"></i>
|
||||||
Changer le statut
|
Changer le statut
|
||||||
</a>
|
</a>
|
||||||
<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
|
<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:groups' users.id %}">
|
||||||
|
<i class="glyphicon glyphicon-ok"></i>
|
||||||
|
Gérer les groupes
|
||||||
|
</a>
|
||||||
|
<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
|
||||||
<i class="glyphicon glyphicon-time"></i>
|
<i class="glyphicon glyphicon-time"></i>
|
||||||
Historique
|
Historique
|
||||||
</a>
|
</a>
|
||||||
|
@ -117,9 +121,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
{% else %}
|
{% else %}
|
||||||
<td><i class="text-danger">Désactivé</i></td>
|
<td><i class="text-danger">Désactivé</i></td>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<th>Droits</th>
|
<th>Groupes</th>
|
||||||
{% if list_droits %}
|
{% if users.groups.all %}
|
||||||
<td>{% for droit in list_droits %}{{ droit.right }}{% if list_droits|length != forloop.counter %} - {% endif %} {% endfor %}</td>
|
<td>{{ users.groups.all|join:", "}}</td>
|
||||||
{% else %}
|
{% else %}
|
||||||
<td>Aucun</td>
|
<td>Aucun</td>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -68,7 +68,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
{% can_view_all ListRight %}
|
{% can_view_all ListRight %}
|
||||||
<a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}">
|
<a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}">
|
||||||
<i class="glyphicon glyphicon-list"></i>
|
<i class="glyphicon glyphicon-list"></i>
|
||||||
Droits
|
Groupes de droits
|
||||||
</a>
|
</a>
|
||||||
{% acl_end %}
|
{% acl_end %}
|
||||||
{% can_view_all ServiceUser %}
|
{% can_view_all ServiceUser %}
|
||||||
|
|
|
@ -40,7 +40,9 @@ urlpatterns = [
|
||||||
name='edit-club-admin-members'
|
name='edit-club-admin-members'
|
||||||
),
|
),
|
||||||
url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'),
|
url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'),
|
||||||
|
url(r'^groups/(?P<userid>[0-9]+)$', views.groups, name='groups'),
|
||||||
url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'),
|
url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'),
|
||||||
|
url(r'^del_group/(?P<userid>[0-9]+)/(?P<listrightid>[0-9]+)$', views.del_group, name='del-group'),
|
||||||
url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
|
url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
|
||||||
url(
|
url(
|
||||||
r'^edit_serviceuser/(?P<userid>[0-9]+)$',
|
r'^edit_serviceuser/(?P<userid>[0-9]+)$',
|
||||||
|
|
|
@ -80,7 +80,8 @@ from users.forms import (
|
||||||
MassArchiveForm,
|
MassArchiveForm,
|
||||||
PassForm,
|
PassForm,
|
||||||
ResetPasswordForm,
|
ResetPasswordForm,
|
||||||
ClubAdminandMembersForm
|
ClubAdminandMembersForm,
|
||||||
|
GroupForm
|
||||||
)
|
)
|
||||||
from cotisations.models import Facture
|
from cotisations.models import Facture
|
||||||
from machines.models import Machine
|
from machines.models import Machine
|
||||||
|
@ -241,6 +242,20 @@ def state(request, user, userid):
|
||||||
return form({'userform': state}, 'users/user.html', request)
|
return form({'userform': state}, 'users/user.html', request)
|
||||||
|
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@can_edit(User)
|
||||||
|
def groups(request, user, userid):
|
||||||
|
group = GroupForm(request.POST or None, instance=user)
|
||||||
|
if group.is_valid():
|
||||||
|
with transaction.atomic(), reversion.create_revision():
|
||||||
|
messages.success(request, "Groupes changés avec succès")
|
||||||
|
return redirect(reverse(
|
||||||
|
'users:profil',
|
||||||
|
kwargs={'userid':str(userid)}
|
||||||
|
))
|
||||||
|
return form({'userform': group}, 'users/user.html', request)
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@can_edit(User, 'password')
|
@can_edit(User, 'password')
|
||||||
def password(request, user, userid):
|
def password(request, user, userid):
|
||||||
|
@ -253,6 +268,16 @@ def password(request, user, userid):
|
||||||
return form({'userform': u_form}, 'users/user.html', request)
|
return form({'userform': u_form}, 'users/user.html', request)
|
||||||
|
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@can_edit(User)
|
||||||
|
def del_group(request, user, userid, listrightid):
|
||||||
|
with transaction.atomic(), reversion.create_revision():
|
||||||
|
user.groups.remove(ListRight.objects.get(id=listrightid))
|
||||||
|
user.save()
|
||||||
|
messages.success(request, "Droit supprimé à %s" % user)
|
||||||
|
return redirect(reverse('users:index-listright'))
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@can_create(ServiceUser)
|
@can_create(ServiceUser)
|
||||||
def new_serviceuser(request):
|
def new_serviceuser(request):
|
||||||
|
|
Loading…
Reference in a new issue