Nouveau système de gestion des droits

2024-09-17 19:53:08 +00:00 · 2017-12-31 17:11:19 +01:00 · 2017-12-31 17:11:19 +01:00 · f285f5c5a8
commit f285f5c5a8
parent 90b55b6dc8
7 changed files with 79 additions and 12 deletions
--- a/users/forms.py
+++ b/users/forms.py
@ -38,6 +38,7 @@ from django.forms import ModelForm, Form
 from django.contrib.auth.forms import ReadOnlyPasswordHashField
 from django.core.validators import MinLengthValidator
 from django.utils import timezone
 from django.contrib.auth.models import Group, Permission
 from preferences.models import OptionalUser
 from .models import User, ServiceUser, School, ListRight, Whitelist
@ -409,6 +410,23 @@ class StateForm(ModelForm):
        super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
 class GroupForm(ModelForm):
    """ Gestion des groupes d'un user"""
    groups = forms.ModelMultipleChoiceField(
        Group.objects.all(),
        widget=forms.CheckboxSelectMultiple,
        required=False
    )
    class Meta:
        model = User
        fields = ['groups']
    def __init__(self, *args, **kwargs):
        prefix = kwargs.pop('prefix', self.Meta.model.__name__)
        super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
 class SchoolForm(ModelForm):
    """Edition, creation d'un école"""
    class Meta:
@ -424,6 +442,12 @@ class SchoolForm(ModelForm):
 class ListRightForm(ModelForm):
    """Edition, d'un groupe , équivalent à un droit
    Ne peremet pas d'editer le gid, car il sert de primary key"""
    permissions = forms.ModelMultipleChoiceField(
        Permission.objects.all(),
        widget=forms.CheckboxSelectMultiple,
        required=False
    )
    class Meta:
        model = ListRight
        fields = ['name', 'unix_name', 'permissions', 'details']
@ -457,9 +481,9 @@ class DelListRightForm(Form):
        instances = kwargs.pop('instances', None)
        super(DelListRightForm, self).__init__(*args, **kwargs)
        if instances:
-            self.fields['unix_name'].queryset = instances
+            self.fields['listrights'].queryset = instances
        else:
-            self.fields['unix_name'].queryset = ListRight.objects.all()
+            self.fields['listrights'].queryset = ListRight.objects.all()
 class DelSchoolForm(Form):
--- a/users/models.py
+++ b/users/models.py
@ -1153,8 +1153,8 @@ class ListRight(Group):
        except LdapUserGroup.DoesNotExist:
            group_ldap = LdapUserGroup(gid=self.gid)
        group_ldap.name = self.listright
-        group_ldap.members = [right.user.pseudo for right
+        group_ldap.members = [user.pseudo for user
-                              in Right.objects.filter(right=self)]
+                              in self.user_set.all()]
        group_ldap.save()
    def ldap_del(self):
--- a/users/templates/users/aff_listright.html
+++ b/users/templates/users/aff_listright.html
@ -38,8 +38,20 @@ with this program; if not, write to the Free Software Foundation, Inc.,
        <tr>
            <td>{{ listright.name }}</td>
            <td>{{ listright.gid }}</td>
-            <td>{{ listright.permissions.all }}</td>
+            <td>
-            <td>{{ listright.user_set.all }}</td>
+                <div class="dropdown">
                    <button class="btn btn-default dropdown-toggle" type="button" id="listpermissions" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
                        Ensemble des permissions <span class="caret"></span>
                    </button>
                    <ul class="dropdown-menu" aria-labelledby="listpermissions">
                    {% for perm in listright.permissions.all %}
                        <li>
 			{{ perm.name }}
                        </li>
                    {% endfor %}
                    </ul>
 		</div></td>
 		<td>{% for user in listright.user_set.all %}{{user}} <a role="button" href="{% url 'users:del-group' user.id listright.id %}" title="{{ desc|default:"Supprimer" }}"><i class="glyphicon glyphicon-remove" style="color:red"></i></a> | {% endfor %}</td>
 	    <td>{{ listright.details }}</td>
            <td class="text-right">
                {% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
--- a/users/templates/users/profil.html
+++ b/users/templates/users/profil.html
@ -42,7 +42,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
            <i class="glyphicon glyphicon-flash"></i>
            Changer le statut
        </a>
-        <a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
+	<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:groups' users.id %}">
 	    <i class="glyphicon glyphicon-ok"></i>
            Gérer les groupes
        </a>
 	<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
            <i class="glyphicon glyphicon-time"></i>
            Historique
        </a>
@ -117,9 +121,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
            {% else %}
            <td><i class="text-danger">Désactivé</i></td>
            {% endif %}
-            <th>Droits</th>
+            <th>Groupes</th>
-            {% if list_droits %}
+            {% if users.groups.all %}
-            <td>{% for droit in list_droits %}{{ droit.right }}{% if list_droits|length != forloop.counter %}  - {% endif %} {% endfor %}</td>
+	    <td>{{ users.groups.all|join:", "}}</td>
            {% else %}
            <td>Aucun</td>
            {% endif %}
--- a/users/templates/users/sidebar.html
+++ b/users/templates/users/sidebar.html
@ -68,7 +68,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
    {% can_view_all ListRight %}
        <a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}">
            <i class="glyphicon glyphicon-list"></i>
-            Droits
+            Groupes de droits
        </a>
    {% acl_end %}
    {% can_view_all ServiceUser %}
--- a/users/urls.py
+++ b/users/urls.py
@ -40,7 +40,9 @@ urlpatterns = [
        name='edit-club-admin-members'
    ),
    url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'),
    url(r'^groups/(?P<userid>[0-9]+)$', views.groups, name='groups'),
    url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'),
    url(r'^del_group/(?P<userid>[0-9]+)/(?P<listrightid>[0-9]+)$', views.del_group, name='del-group'),
    url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
    url(
        r'^edit_serviceuser/(?P<userid>[0-9]+)$',
--- a/users/views.py
+++ b/users/views.py
@ -80,7 +80,8 @@ from users.forms import (
    MassArchiveForm,
    PassForm,
    ResetPasswordForm,
-    ClubAdminandMembersForm
+    ClubAdminandMembersForm,
    GroupForm
 )
 from cotisations.models import Facture
 from machines.models import Machine
@ -241,6 +242,20 @@ def state(request, user, userid):
    return form({'userform': state}, 'users/user.html', request)
@login_required
@can_edit(User)
 def groups(request, user, userid):
    group = GroupForm(request.POST or None, instance=user)
    if group.is_valid():
        with transaction.atomic(), reversion.create_revision():
            messages.success(request, "Groupes changés avec succès")
            return redirect(reverse(
                'users:profil',
                kwargs={'userid':str(userid)}
            ))
    return form({'userform': group}, 'users/user.html', request)
@login_required
@can_edit(User, 'password')
 def password(request, user, userid):
@ -253,6 +268,16 @@ def password(request, user, userid):
    return form({'userform': u_form}, 'users/user.html', request)
@login_required
@can_edit(User)
 def del_group(request, user, userid, listrightid):
    with transaction.atomic(), reversion.create_revision():
        user.groups.remove(ListRight.objects.get(id=listrightid))
        user.save()
        messages.success(request, "Droit supprimé à %s" % user)
    return redirect(reverse('users:index-listright'))
@login_required
@can_create(ServiceUser)
 def new_serviceuser(request):