8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-22 19:33:11 +00:00

Nouveau système de gestion des droits

This commit is contained in:
Gabriel Detraz 2017-12-31 17:11:19 +01:00 committed by root
parent 90b55b6dc8
commit f285f5c5a8
7 changed files with 79 additions and 12 deletions

View file

@ -38,6 +38,7 @@ from django.forms import ModelForm, Form
from django.contrib.auth.forms import ReadOnlyPasswordHashField from django.contrib.auth.forms import ReadOnlyPasswordHashField
from django.core.validators import MinLengthValidator from django.core.validators import MinLengthValidator
from django.utils import timezone from django.utils import timezone
from django.contrib.auth.models import Group, Permission
from preferences.models import OptionalUser from preferences.models import OptionalUser
from .models import User, ServiceUser, School, ListRight, Whitelist from .models import User, ServiceUser, School, ListRight, Whitelist
@ -409,6 +410,23 @@ class StateForm(ModelForm):
super(StateForm, self).__init__(*args, prefix=prefix, **kwargs) super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
class GroupForm(ModelForm):
""" Gestion des groupes d'un user"""
groups = forms.ModelMultipleChoiceField(
Group.objects.all(),
widget=forms.CheckboxSelectMultiple,
required=False
)
class Meta:
model = User
fields = ['groups']
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
class SchoolForm(ModelForm): class SchoolForm(ModelForm):
"""Edition, creation d'un école""" """Edition, creation d'un école"""
class Meta: class Meta:
@ -424,6 +442,12 @@ class SchoolForm(ModelForm):
class ListRightForm(ModelForm): class ListRightForm(ModelForm):
"""Edition, d'un groupe , équivalent à un droit """Edition, d'un groupe , équivalent à un droit
Ne peremet pas d'editer le gid, car il sert de primary key""" Ne peremet pas d'editer le gid, car il sert de primary key"""
permissions = forms.ModelMultipleChoiceField(
Permission.objects.all(),
widget=forms.CheckboxSelectMultiple,
required=False
)
class Meta: class Meta:
model = ListRight model = ListRight
fields = ['name', 'unix_name', 'permissions', 'details'] fields = ['name', 'unix_name', 'permissions', 'details']
@ -457,9 +481,9 @@ class DelListRightForm(Form):
instances = kwargs.pop('instances', None) instances = kwargs.pop('instances', None)
super(DelListRightForm, self).__init__(*args, **kwargs) super(DelListRightForm, self).__init__(*args, **kwargs)
if instances: if instances:
self.fields['unix_name'].queryset = instances self.fields['listrights'].queryset = instances
else: else:
self.fields['unix_name'].queryset = ListRight.objects.all() self.fields['listrights'].queryset = ListRight.objects.all()
class DelSchoolForm(Form): class DelSchoolForm(Form):

View file

@ -1153,8 +1153,8 @@ class ListRight(Group):
except LdapUserGroup.DoesNotExist: except LdapUserGroup.DoesNotExist:
group_ldap = LdapUserGroup(gid=self.gid) group_ldap = LdapUserGroup(gid=self.gid)
group_ldap.name = self.listright group_ldap.name = self.listright
group_ldap.members = [right.user.pseudo for right group_ldap.members = [user.pseudo for user
in Right.objects.filter(right=self)] in self.user_set.all()]
group_ldap.save() group_ldap.save()
def ldap_del(self): def ldap_del(self):

View file

@ -38,8 +38,20 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<tr> <tr>
<td>{{ listright.name }}</td> <td>{{ listright.name }}</td>
<td>{{ listright.gid }}</td> <td>{{ listright.gid }}</td>
<td>{{ listright.permissions.all }}</td> <td>
<td>{{ listright.user_set.all }}</td> <div class="dropdown">
<button class="btn btn-default dropdown-toggle" type="button" id="listpermissions" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
Ensemble des permissions <span class="caret"></span>
</button>
<ul class="dropdown-menu" aria-labelledby="listpermissions">
{% for perm in listright.permissions.all %}
<li>
{{ perm.name }}
</li>
{% endfor %}
</ul>
</div></td>
<td>{% for user in listright.user_set.all %}{{user}} <a role="button" href="{% url 'users:del-group' user.id listright.id %}" title="{{ desc|default:"Supprimer" }}"><i class="glyphicon glyphicon-remove" style="color:red"></i></a> | {% endfor %}</td>
<td>{{ listright.details }}</td> <td>{{ listright.details }}</td>
<td class="text-right"> <td class="text-right">
{% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %} {% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}

View file

@ -42,7 +42,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<i class="glyphicon glyphicon-flash"></i> <i class="glyphicon glyphicon-flash"></i>
Changer le statut Changer le statut
</a> </a>
<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}"> <a class="btn btn-primary btn-sm" role="button" href="{% url 'users:groups' users.id %}">
<i class="glyphicon glyphicon-ok"></i>
Gérer les groupes
</a>
<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
<i class="glyphicon glyphicon-time"></i> <i class="glyphicon glyphicon-time"></i>
Historique Historique
</a> </a>
@ -117,9 +121,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% else %} {% else %}
<td><i class="text-danger">Désactivé</i></td> <td><i class="text-danger">Désactivé</i></td>
{% endif %} {% endif %}
<th>Droits</th> <th>Groupes</th>
{% if list_droits %} {% if users.groups.all %}
<td>{% for droit in list_droits %}{{ droit.right }}{% if list_droits|length != forloop.counter %} - {% endif %} {% endfor %}</td> <td>{{ users.groups.all|join:", "}}</td>
{% else %} {% else %}
<td>Aucun</td> <td>Aucun</td>
{% endif %} {% endif %}

View file

@ -68,7 +68,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% can_view_all ListRight %} {% can_view_all ListRight %}
<a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}"> <a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}">
<i class="glyphicon glyphicon-list"></i> <i class="glyphicon glyphicon-list"></i>
Droits Groupes de droits
</a> </a>
{% acl_end %} {% acl_end %}
{% can_view_all ServiceUser %} {% can_view_all ServiceUser %}

View file

@ -40,7 +40,9 @@ urlpatterns = [
name='edit-club-admin-members' name='edit-club-admin-members'
), ),
url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'), url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'),
url(r'^groups/(?P<userid>[0-9]+)$', views.groups, name='groups'),
url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'), url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'),
url(r'^del_group/(?P<userid>[0-9]+)/(?P<listrightid>[0-9]+)$', views.del_group, name='del-group'),
url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'), url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
url( url(
r'^edit_serviceuser/(?P<userid>[0-9]+)$', r'^edit_serviceuser/(?P<userid>[0-9]+)$',

View file

@ -80,7 +80,8 @@ from users.forms import (
MassArchiveForm, MassArchiveForm,
PassForm, PassForm,
ResetPasswordForm, ResetPasswordForm,
ClubAdminandMembersForm ClubAdminandMembersForm,
GroupForm
) )
from cotisations.models import Facture from cotisations.models import Facture
from machines.models import Machine from machines.models import Machine
@ -241,6 +242,20 @@ def state(request, user, userid):
return form({'userform': state}, 'users/user.html', request) return form({'userform': state}, 'users/user.html', request)
@login_required
@can_edit(User)
def groups(request, user, userid):
group = GroupForm(request.POST or None, instance=user)
if group.is_valid():
with transaction.atomic(), reversion.create_revision():
messages.success(request, "Groupes changés avec succès")
return redirect(reverse(
'users:profil',
kwargs={'userid':str(userid)}
))
return form({'userform': group}, 'users/user.html', request)
@login_required @login_required
@can_edit(User, 'password') @can_edit(User, 'password')
def password(request, user, userid): def password(request, user, userid):
@ -253,6 +268,16 @@ def password(request, user, userid):
return form({'userform': u_form}, 'users/user.html', request) return form({'userform': u_form}, 'users/user.html', request)
@login_required
@can_edit(User)
def del_group(request, user, userid, listrightid):
with transaction.atomic(), reversion.create_revision():
user.groups.remove(ListRight.objects.get(id=listrightid))
user.save()
messages.success(request, "Droit supprimé à %s" % user)
return redirect(reverse('users:index-listright'))
@login_required @login_required
@can_create(ServiceUser) @can_create(ServiceUser)
def new_serviceuser(request): def new_serviceuser(request):