From e8db0f8cf2f06e652ab4ad17e50cf81b7c995d6a Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Tue, 28 Nov 2017 19:41:14 +0100 Subject: [PATCH] =?UTF-8?q?d=C3=A9corateur=20can=5Fcreate?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- users/models.py | 7 +++---- users/views.py | 25 ++++++++++++++++--------- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/users/models.py b/users/models.py index 614f15fd..54ec1f67 100644 --- a/users/models.py +++ b/users/models.py @@ -762,17 +762,17 @@ class User(AbstractBaseUser): num += 1 return composed_pseudo(num) - def can_create(user): + def can_create(user, perms=('cableur',)): options, _created = OptionalUser.objects.get_or_create() if options.all_can_create: return True else: - return user.has_perms(('cableur',)) + return user.has_perms(perms) def can_edit(self, user): if self.is_class_club and user.is_class_adherent: return self == user or user.has_perms(('cableur',)) or\ - user.adherent in self.club.administrators.all() + user.adherent in self.club.administrators.all() else: return self == user or user.has_perms(('cableur',)) @@ -846,7 +846,6 @@ def user_post_delete(sender, **kwargs): user.ldap_del() regen('mailing') - class ServiceUser(AbstractBaseUser): """ Classe des users daemons, règle leurs accès au ldap""" readonly = 'readonly' diff --git a/users/views.py b/users/views.py index e0c71157..7b434fbe 100644 --- a/users/views.py +++ b/users/views.py @@ -63,7 +63,7 @@ from users.models import ( Request, ServiceUser, Adherent, - Club + Club, ) from users.forms import ( DelRightForm, @@ -109,17 +109,24 @@ def password_change_action(u_form, user, request, req=False): kwargs={'userid':str(user.id)} )) +def can_create(perms=('cableur',)): + """Décorateur qui vérifie si l'utilisateur peut créer un objet.""" + def decorator(view): + def wrapper(request,*args, **kwargs): + if not request.user.can_create(perms=perms): + messages.error(request, "Vous ne pouvez pas accéder à ce menu") + return redirect(reverse('users:profil', + kwargs={'userid':str(request.user.id)} + )) + return view(request, *args, **kwargs) + return wrapper + return decorator @login_required +@can_create() def new_user(request): """ Vue de création d'un nouvel utilisateur, envoie un mail pour le mot de passe""" - if not User.can_create(request.user): - messages.error(request, "Vous ne pouvez pas accéder à ce menu") - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) user = AdherentForm(request.POST or None) if user.is_valid(): user = user.save(commit=False) @@ -138,7 +145,7 @@ def new_user(request): @login_required -@permission_required('cableur') +@can_create() def new_club(request): """ Vue de création d'un nouveau club, envoie un mail pour le mot de passe""" @@ -303,7 +310,7 @@ def password(request, userid): @login_required -@permission_required('infra') +@can_create(('infra',)) def new_serviceuser(request): """ Vue de création d'un nouvel utilisateur service""" user = ServiceUserForm(request.POST or None)