From ec62e4568b6f2549e541f31b1de0b09712e7bd6c Mon Sep 17 00:00:00 2001 From: LEVY-FALK Hugo Date: Thu, 30 Nov 2017 13:42:33 +0100 Subject: [PATCH] =?UTF-8?q?Pas=20de=20requ=C3=AAte=20directement=20dans=20?= =?UTF-8?q?@can=5Fedit.=20On=20r=C3=A9cup=C3=A8re=20l'instance=20dans=20mo?= =?UTF-8?q?del.get=5Finstance=20et=20on=20la=20transmet=20=C3=A0=20model.c?= =?UTF-8?q?an=5Fedit=20et=20=C3=A0=20la=20vue.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- re2o/utils.py | 24 +++++++++++------------- users/models.py | 3 +++ users/views.py | 28 ++++++++++++++-------------- 3 files changed, 28 insertions(+), 27 deletions(-) diff --git a/re2o/utils.py b/re2o/utils.py index fa8753a5..f350b4d1 100644 --- a/re2o/utils.py +++ b/re2o/utils.py @@ -68,28 +68,26 @@ def can_create(model): return decorator -def can_edit(model, *instance_id): +def can_edit(model): """Decorator to check if an user can edit a model. - It assumes that a valid user exists in the request and that the model has a - method can_create(user) which returns true if the user can create this kind + It tries to get an instance of the model, using + `model.get_instance(*args, **kwargs)` and assumes that the model has a method + `can_create(user)` which returns `true` if the user can create this kind of models. """ def decorator(view): def wrapper(request, *args, **kwargs): - instances = {} - for i in instance_id: - try: - instances[i] = model.objects.get(pk=kwargs[i]) - except model.DoesNotExist: - messages.error(request, u"Entrée inexistante") - return redirect(reverse('users:index')) - kwargs['instances'] = instances - can = all(model.can_edit(instances[i], request.user) for i in instances) - if not can: + try: + instance = model.get_instance(*args, **kwargs) + except model.DoesNotExist: + messages.error(request, u"Entrée inexistante") + return redirect(reverse('users:index')) + if not model.can_edit(instance, request.user): messages.error(request, "Vous ne pouvez pas accéder à ce menu") return redirect(reverse('users:profil', kwargs={'userid':str(request.user.id)} )) + kwargs['instance'] = instance return view(request, *args, **kwargs) return wrapper return decorator diff --git a/users/models.py b/users/models.py index 1c2a98e0..4cdbe715 100644 --- a/users/models.py +++ b/users/models.py @@ -784,6 +784,9 @@ class User(AbstractBaseUser): else: return self == user or user.has_perms(('cableur',)) + def get_instance(userid): + return User.objects.get(pk=userid) + def __str__(self): return self.pseudo diff --git a/users/views.py b/users/views.py index 7fbc78a2..3eeefcc1 100644 --- a/users/views.py +++ b/users/views.py @@ -203,23 +203,23 @@ def select_user_edit_form(request, user): @login_required -@can_edit(User, 'userid') -def edit_info(request, userid, **kwargs): +@can_edit(User) +def edit_info(request, userid, instance): """ Edite un utilisateur à partir de son id, si l'id est différent de request.user, vérifie la possession du droit cableur """ - try: - user = User.objects.get(pk=userid) - except User.DoesNotExist: - messages.error(request, "Utilisateur inexistant") - return redirect(reverse('users:index')) - if not user.can_edit(request.user): - messages.error(request, "Vous ne pouvez pas accéder à ce menu") - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) - user = select_user_edit_form(request, user) + # try: + # user = User.objects.get(pk=userid) + # except User.DoesNotExist: + # messages.error(request, "Utilisateur inexistant") + # return redirect(reverse('users:index')) + # if not user.can_edit(request.user): + # messages.error(request, "Vous ne pouvez pas accéder à ce menu") + # return redirect(reverse( + # 'users:profil', + # kwargs={'userid':str(request.user.id)} + # )) + user = select_user_edit_form(request, instance) if user.is_valid(): with transaction.atomic(), reversion.create_revision(): user.save()