8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 19:33:11 +00:00

Nouveau système de gestion des droits

This commit is contained in:
Gabriel Detraz 2017-12-31 17:11:19 +01:00 committed by root
parent f34b80155d
commit bc9a38cd05
7 changed files with 79 additions and 12 deletions

View file

@ -38,6 +38,7 @@ from django.forms import ModelForm, Form
from django.contrib.auth.forms import ReadOnlyPasswordHashField
from django.core.validators import MinLengthValidator
from django.utils import timezone
from django.contrib.auth.models import Group, Permission
from preferences.models import OptionalUser
from .models import User, ServiceUser, School, ListRight, Whitelist
@ -409,6 +410,23 @@ class StateForm(ModelForm):
super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
class GroupForm(ModelForm):
""" Gestion des groupes d'un user"""
groups = forms.ModelMultipleChoiceField(
Group.objects.all(),
widget=forms.CheckboxSelectMultiple,
required=False
)
class Meta:
model = User
fields = ['groups']
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
class SchoolForm(ModelForm):
"""Edition, creation d'un école"""
class Meta:
@ -424,6 +442,12 @@ class SchoolForm(ModelForm):
class ListRightForm(ModelForm):
"""Edition, d'un groupe , équivalent à un droit
Ne peremet pas d'editer le gid, car il sert de primary key"""
permissions = forms.ModelMultipleChoiceField(
Permission.objects.all(),
widget=forms.CheckboxSelectMultiple,
required=False
)
class Meta:
model = ListRight
fields = ['name', 'unix_name', 'permissions', 'details']
@ -457,9 +481,9 @@ class DelListRightForm(Form):
instances = kwargs.pop('instances', None)
super(DelListRightForm, self).__init__(*args, **kwargs)
if instances:
self.fields['unix_name'].queryset = instances
self.fields['listrights'].queryset = instances
else:
self.fields['unix_name'].queryset = ListRight.objects.all()
self.fields['listrights'].queryset = ListRight.objects.all()
class DelSchoolForm(Form):

View file

@ -1153,8 +1153,8 @@ class ListRight(Group):
except LdapUserGroup.DoesNotExist:
group_ldap = LdapUserGroup(gid=self.gid)
group_ldap.name = self.listright
group_ldap.members = [right.user.pseudo for right
in Right.objects.filter(right=self)]
group_ldap.members = [user.pseudo for user
in self.user_set.all()]
group_ldap.save()
def ldap_del(self):

View file

@ -38,8 +38,20 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<tr>
<td>{{ listright.name }}</td>
<td>{{ listright.gid }}</td>
<td>{{ listright.permissions.all }}</td>
<td>{{ listright.user_set.all }}</td>
<td>
<div class="dropdown">
<button class="btn btn-default dropdown-toggle" type="button" id="listpermissions" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
Ensemble des permissions <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="listpermissions">
{% for perm in listright.permissions.all %}
<li>
{{ perm.name }}
</li>
{% endfor %}
</ul>
</div></td>
<td>{% for user in listright.user_set.all %}{{user}} <a role="button" href="{% url 'users:del-group' user.id listright.id %}" title="{{ desc|default:"Supprimer" }}"><i class="glyphicon glyphicon-remove" style="color:red"></i></a> | {% endfor %}</td>
<td>{{ listright.details }}</td>
<td class="text-right">
{% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}

View file

@ -42,6 +42,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<i class="glyphicon glyphicon-flash"></i>
Changer le statut
</a>
<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:groups' users.id %}">
<i class="glyphicon glyphicon-ok"></i>
Gérer les groupes
</a>
<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
<i class="glyphicon glyphicon-time"></i>
Historique
@ -117,9 +121,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% else %}
<td><i class="text-danger">Désactivé</i></td>
{% endif %}
<th>Droits</th>
{% if list_droits %}
<td>{% for droit in list_droits %}{{ droit.right }}{% if list_droits|length != forloop.counter %} - {% endif %} {% endfor %}</td>
<th>Groupes</th>
{% if users.groups.all %}
<td>{{ users.groups.all|join:", "}}</td>
{% else %}
<td>Aucun</td>
{% endif %}

View file

@ -68,7 +68,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% can_view_all ListRight %}
<a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}">
<i class="glyphicon glyphicon-list"></i>
Droits
Groupes de droits
</a>
{% acl_end %}
{% can_view_all ServiceUser %}

View file

@ -40,7 +40,9 @@ urlpatterns = [
name='edit-club-admin-members'
),
url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'),
url(r'^groups/(?P<userid>[0-9]+)$', views.groups, name='groups'),
url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'),
url(r'^del_group/(?P<userid>[0-9]+)/(?P<listrightid>[0-9]+)$', views.del_group, name='del-group'),
url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
url(
r'^edit_serviceuser/(?P<userid>[0-9]+)$',

View file

@ -80,7 +80,8 @@ from users.forms import (
MassArchiveForm,
PassForm,
ResetPasswordForm,
ClubAdminandMembersForm
ClubAdminandMembersForm,
GroupForm
)
from cotisations.models import Facture
from machines.models import Machine
@ -241,6 +242,20 @@ def state(request, user, userid):
return form({'userform': state}, 'users/user.html', request)
@login_required
@can_edit(User)
def groups(request, user, userid):
group = GroupForm(request.POST or None, instance=user)
if group.is_valid():
with transaction.atomic(), reversion.create_revision():
messages.success(request, "Groupes changés avec succès")
return redirect(reverse(
'users:profil',
kwargs={'userid':str(userid)}
))
return form({'userform': group}, 'users/user.html', request)
@login_required
@can_edit(User, 'password')
def password(request, user, userid):
@ -253,6 +268,16 @@ def password(request, user, userid):
return form({'userform': u_form}, 'users/user.html', request)
@login_required
@can_edit(User)
def del_group(request, user, userid, listrightid):
with transaction.atomic(), reversion.create_revision():
user.groups.remove(ListRight.objects.get(id=listrightid))
user.save()
messages.success(request, "Droit supprimé à %s" % user)
return redirect(reverse('users:index-listright'))
@login_required
@can_create(ServiceUser)
def new_serviceuser(request):