diff --git a/cotisations/models.py b/cotisations/models.py index 8d8fb756..a775237c 100644 --- a/cotisations/models.py +++ b/cotisations/models.py @@ -167,9 +167,11 @@ class Facture(FieldPermissionModelMixin, models.Model): def can_change_pdf(user_request, *args, **kwargs): return user_request.has_perm('cotisations.change_facture_pdf'), "Vous ne pouvez pas éditer une facture sans droit trésorier" - field_permissions = { - 'control': can_change_control, - } + def __init__(self, *args, **kwargs): + super(Facture, self).__init__(*args, **kwargs) + self.field_permissions = { + 'control' : self.can_change_control, + } def __str__(self): return str(self.user) + ' ' + str(self.date) diff --git a/machines/forms.py b/machines/forms.py index f23f1d7d..05fd6999 100644 --- a/machines/forms.py +++ b/machines/forms.py @@ -78,14 +78,7 @@ class NewMachineForm(EditMachineForm): fields = ['name'] -class BaseEditMachineForm(EditMachineForm): - """Edition basique, ne permet que de changer le nom et le statut. - Réservé aux users sans droits spécifiques""" - class Meta(EditMachineForm.Meta): - fields = ['name', 'active'] - - -class EditInterfaceForm(ModelForm): +class EditInterfaceForm(FieldPermissionFormMixin, ModelForm): """Edition d'une interface. Edition complète""" class Meta: model = Interface @@ -93,16 +86,24 @@ class EditInterfaceForm(ModelForm): def __init__(self, *args, **kwargs): prefix = kwargs.pop('prefix', self.Meta.model.__name__) + user = kwargs.get('user') super(EditInterfaceForm, self).__init__(*args, prefix=prefix, **kwargs) self.fields['mac_address'].label = 'Adresse mac' self.fields['type'].label = 'Type de machine' self.fields['type'].empty_label = "Séléctionner un type de machine" if "ipv4" in self.fields: - self.fields['ipv4'].empty_label = "Assignation automatique\ - de l'ipv4" + self.fields['ipv4'].empty_label = "Assignation automatique de l'ipv4" self.fields['ipv4'].queryset = IpList.objects.filter( interface__isnull=True ) + if not IpType.can_use_all(user): + self.fields['ipv4'].queryset = IpList.objects.filter( + interface__isnull=True + ).filter(ip_type__in=IpType.objects.filter(need_infra=False)) + else: + self.fields['ipv4'].queryset = IpList.objects.filter( + interface__isnull=True + ) # Add it's own address self.fields['ipv4'].queryset |= IpList.objects.filter( interface=self.instance @@ -110,6 +111,10 @@ class EditInterfaceForm(ModelForm): if "machine" in self.fields: self.fields['machine'].queryset = Machine.objects.all()\ .select_related('user') + if not MachineType.can_use_all(user): + self.fields['type'].queryset = MachineType.objects.filter( + ip_type__in=IpType.objects.filter(need_infra=False) + ) class AddInterfaceForm(EditInterfaceForm): @@ -118,59 +123,6 @@ class AddInterfaceForm(EditInterfaceForm): class Meta(EditInterfaceForm.Meta): fields = ['type', 'ipv4', 'mac_address', 'details'] - def __init__(self, *args, **kwargs): - user = kwargs.pop('user') - super(AddInterfaceForm, self).__init__(*args, **kwargs) - self.fields['ipv4'].empty_label = "Assignation automatique de l'ipv4" - if not IpType.can_use_all(user): - self.fields['type'].queryset = MachineType.objects.filter( - ip_type__in=IpType.objects.filter(need_infra=False) - ) - self.fields['ipv4'].queryset = IpList.objects.filter( - interface__isnull=True - ).filter(ip_type__in=IpType.objects.filter(need_infra=False)) - else: - self.fields['ipv4'].queryset = IpList.objects.filter( - interface__isnull=True - ) - - -class NewInterfaceForm(EditInterfaceForm): - """Formulaire light, sans choix de l'ipv4; d'ajout d'une interface""" - class Meta(EditInterfaceForm.Meta): - fields = ['type', 'mac_address', 'details'] - - -class BaseEditInterfaceForm(EditInterfaceForm): - """Edition basique d'une interface. En fonction des droits, - ajoute ou non l'ensemble des ipv4 disponibles (infra)""" - class Meta(EditInterfaceForm.Meta): - fields = ['type', 'ipv4', 'mac_address', 'details'] - - def __init__(self, *args, **kwargs): - user = kwargs.pop('user') - super(BaseEditInterfaceForm, self).__init__(*args, **kwargs) - self.fields['ipv4'].empty_label = "Assignation automatique de l'ipv4" - if not MachineType.can_use_all(user): - self.fields['type'].queryset = MachineType.objects.filter( - ip_type__in=IpType.objects.filter(need_infra=False) - ) - if not IpType.can_use_all(user): - self.fields['ipv4'].queryset = IpList.objects.filter( - interface__isnull=True - ).filter(ip_type__in=IpType.objects.filter(need_infra=False)) - # Add it's own address - self.fields['ipv4'].queryset |= IpList.objects.filter( - interface=self.instance - ) - else: - self.fields['ipv4'].queryset = IpList.objects.filter( - interface__isnull=True - ) - self.fields['ipv4'].queryset |= IpList.objects.filter( - interface=self.instance - ) - class AliasForm(ModelForm): """Ajout d'un alias (et edition), CNAME, contenant nom et extension""" diff --git a/machines/migrations/0072_auto_20180108_1822.py b/machines/migrations/0072_auto_20180108_1822.py new file mode 100644 index 00000000..64999764 --- /dev/null +++ b/machines/migrations/0072_auto_20180108_1822.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-01-08 17:22 +from __future__ import unicode_literals + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0071_auto_20171231_2100'), + ] + + operations = [ + migrations.AlterModelOptions( + name='interface', + options={'permissions': (('view_interface', 'Peut voir un objet interface'), ('change_interface_machine', "Peut changer le propriétaire d'une interface"))}, + ), + ] diff --git a/machines/models.py b/machines/models.py index 226cd0cc..59965983 100644 --- a/machines/models.py +++ b/machines/models.py @@ -81,8 +81,7 @@ class Machine(FieldPermissionModelMixin, models.Model): A tuple with a boolean stating if edition is allowed and an explanation message. """ - return user_request.has_perm('machines.change_machine_user'), "Vous ne pouvez pas \ - modifier l'utilisateur de la machine." + return user_request.has_perm('machines.change_machine_user'), "Vous ne pouvez pas modifier l'utilisateur de la machine." def can_create(user_request, userid, *args, **kwargs): """Vérifie qu'un user qui fait la requète peut bien créer la machine @@ -150,6 +149,12 @@ class Machine(FieldPermissionModelMixin, models.Model): que les vôtres" return True, None + def __init__(self, *args, **kwargs): + super(Machine, self).__init__(*args, **kwargs) + self.field_permissions = { + 'user' : self.can_change_user, + } + def __str__(self): return str(self.user) + ' - ' + str(self.id) + ' - ' + str(self.name) @@ -1147,7 +1152,7 @@ class Srv(models.Model): str(self.port) + ' ' + str(self.target) + '.' -class Interface(models.Model): +class Interface(FieldPermissionModelMixin,models.Model): """ Une interface. Objet clef de l'application machine : - une address mac unique. Possibilité de la rendre unique avec le typemachine @@ -1172,6 +1177,7 @@ class Interface(models.Model): class Meta: permissions = ( ("view_interface", "Peut voir un objet interface"), + ("change_interface_machine", "Peut changer le propriétaire d'une interface"), ) @cached_property @@ -1283,6 +1289,10 @@ class Interface(models.Model): % max_lambdauser_interfaces return True, None + @staticmethod + def can_change_machine(user_request, *args, **kwargs): + return user_request.has_perm('machines.change_interface_machine'), "Droit requis pour changer la machine" + def can_edit(self, user_request, *args, **kwargs): """Verifie que l'user a les bons droits infra pour editer cette instance interface, ou qu'elle lui appartient @@ -1328,6 +1338,12 @@ class Interface(models.Model): que les vôtres" return True, None + def __init__(self, *args, **kwargs): + super(Interface, self).__init__(*args, **kwargs) + self.field_permissions = { + 'machine' : self.can_change_machine, + } + def __str__(self): try: domain = self.domain diff --git a/machines/views.py b/machines/views.py index 0975e58c..c850609e 100644 --- a/machines/views.py +++ b/machines/views.py @@ -69,8 +69,6 @@ from .forms import ( DelMachineTypeForm, ExtensionForm, DelExtensionForm, - BaseEditInterfaceForm, - BaseEditMachineForm ) from .forms import ( EditIpTypeForm, @@ -225,7 +223,7 @@ def new_machine(request, user, userid): le sous objet interface et l'objet domain à partir de model forms. Trop complexe, devrait être simplifié""" - machine = NewMachineForm(request.POST or None, user=user) + machine = NewMachineForm(request.POST or None, user=request.user) interface = AddInterfaceForm( request.POST or None, user=request.user @@ -280,7 +278,7 @@ def edit_interface(request, interface_instance, interfaceid): instance=interface_instance.machine, user=request.user ) - interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface_instance, user=request.user) + interface_form = EditInterfaceForm(request.POST or None, instance=interface_instance, user=request.user) domain_form = DomainForm(request.POST or None, instance=interface_instance.domain) if machine_form.is_valid() and interface_form.is_valid() and domain_form.is_valid(): new_machine = machine_form.save(commit=False) @@ -327,7 +325,7 @@ def del_machine(request, machine, machineid): def new_interface(request, machine, machineid): """ Ajoute une interface et son domain associé à une machine existante""" - interface_form = AddInterfaceForm(request.POST or None, user=user) + interface_form = AddInterfaceForm(request.POST or None, user=request.user) domain_form = DomainForm(request.POST or None) if interface_form.is_valid(): new_interface = interface_form.save(commit=False) diff --git a/topologie/views.py b/topologie/views.py index c9f3c49f..b13acb20 100644 --- a/topologie/views.py +++ b/topologie/views.py @@ -456,11 +456,13 @@ def edit_switch(request, switch, switch_id): switch_form = EditSwitchForm(request.POST or None, instance=switch) machine_form = EditMachineForm( request.POST or None, - instance=switch.switch_interface.machine + instance=switch.switch_interface.machine, + user=request.user ) interface_form = EditInterfaceForm( request.POST or None, - instance=switch.switch_interface + instance=switch.switch_interface, + user=request.user ) domain_form = DomainForm( request.POST or None, diff --git a/users/models.py b/users/models.py index 83fb2788..f844d7dd 100644 --- a/users/models.py +++ b/users/models.py @@ -809,9 +809,11 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin): else: return False, u"Vous ne pouvez voir un autre utilisateur que vous même" - field_permissions = { - 'shell' : can_change_shell, - 'force' : can_change_force, + def __init__(self, *args, **kwargs): + super(User, self).__init__(*args, **kwargs) + self.field_permissions = { + 'shell' : self.can_change_shell, + 'force' : self.can_change_force, } def __str__(self):