Pas de requête directement dans @can_edit. On récupère l'instance dans model.get_instance et on la transmet à model.can_edit et à la vue.

re2o/utils.py

@@ -68,28 +68,26 @@ def can_create(model):
     return decorator
 
 
-def can_edit(model, *instance_id):
+def can_edit(model):
     """Decorator to check if an user can edit a model.
-    It assumes that a valid user exists in the request and that the model has a
+    It tries to get an instance of the model, using
-    method can_create(user) which returns true if the user can create this kind
+    `model.get_instance(*args, **kwargs)` and assumes that the model has a method
+    `can_create(user)` which returns `true` if the user can create this kind
     of models.
     """
     def decorator(view):
         def wrapper(request, *args, **kwargs):
-            instances = {}
+            try:
-            for i in instance_id:
+                instance = model.get_instance(*args, **kwargs)
-                try:
+            except model.DoesNotExist:
-                    instances[i] = model.objects.get(pk=kwargs[i])
+                messages.error(request, u"Entrée inexistante")
-                except model.DoesNotExist:
+                return redirect(reverse('users:index'))
-                    messages.error(request, u"Entrée inexistante")
+            if not model.can_edit(instance, request.user):
-                    return redirect(reverse('users:index'))
-            kwargs['instances'] = instances
-            can = all(model.can_edit(instances[i], request.user) for i in instances)
-            if not can:
                 messages.error(request, "Vous ne pouvez pas accéder à ce menu")
                 return redirect(reverse('users:profil',
                     kwargs={'userid':str(request.user.id)}
                 ))
+            kwargs['instance'] = instance
             return view(request, *args, **kwargs)
         return wrapper
     return decorator

users/models.py

@@ -784,6 +784,9 @@ class User(AbstractBaseUser):
         else:
             return self == user or user.has_perms(('cableur',))
 
+    def get_instance(userid):
+        return User.objects.get(pk=userid)
+
     def __str__(self):
         return self.pseudo
 

users/views.py

@@ -203,23 +203,23 @@ def select_user_edit_form(request, user):
 
 
 @login_required
-@can_edit(User, 'userid')
+@can_edit(User)
-def edit_info(request, userid, **kwargs):
+def edit_info(request, userid, instance):
     """ Edite un utilisateur à partir de son id,
     si l'id est différent de request.user, vérifie la
     possession du droit cableur """
-    try:
+    # try:
-        user = User.objects.get(pk=userid)
+    #     user = User.objects.get(pk=userid)
-    except User.DoesNotExist:
+    # except User.DoesNotExist:
-        messages.error(request, "Utilisateur inexistant")
+    #     messages.error(request, "Utilisateur inexistant")
-        return redirect(reverse('users:index'))
+    #     return redirect(reverse('users:index'))
-    if not user.can_edit(request.user):
+    # if not user.can_edit(request.user):
-        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
+    #     messages.error(request, "Vous ne pouvez pas accéder à ce menu")
-        return redirect(reverse(
+    #     return redirect(reverse(
-            'users:profil',
+    #         'users:profil',
-            kwargs={'userid':str(request.user.id)}
+    #         kwargs={'userid':str(request.user.id)}
-            ))
+    #         ))
-    user = select_user_edit_form(request, user)
+    user = select_user_edit_form(request, instance)
     if user.is_valid():
         with transaction.atomic(), reversion.create_revision():
             user.save()