From 0d78dcadf5501c1788adf71271cbe1b3b0f0e818 Mon Sep 17 00:00:00 2001
From: LEVY-FALK Hugo <hugo.levy--falk@supelec.fr>
Date: Thu, 30 Nov 2017 14:41:31 +0100
Subject: [PATCH] =?UTF-8?q?@can=5Fcreate=20et=20@can=5Fedit=20sur=20l'ajou?=
 =?UTF-8?q?t=20de=20ban,=20l'ajout=20de=20droit,=20l'=C3=A9dition/cr=C3=A9?=
 =?UTF-8?q?ation=20de=20service,=20l'=C3=A9dition=20de=20password,=20les?=
 =?UTF-8?q?=20=C3=A9tats=20et=20l'=C3=A9dition=20d'utilisateurs.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 users/models.py | 11 ++++++++++
 users/views.py  | 56 ++++++++++++-------------------------------------
 2 files changed, 24 insertions(+), 43 deletions(-)

diff --git a/users/models.py b/users/models.py
index 4cdbe715..9df23486 100644
--- a/users/models.py
+++ b/users/models.py
@@ -921,6 +921,11 @@ class ServiceUser(AbstractBaseUser):
         else:
             return user.has_perms(('infra',))
 
+    def can_edit(instance, user):
+        return user.has_perms(('infra',))
+
+    def get_instance(userid):
+        return ServiceUser.objects.get(pk=userid)
 
 @receiver(post_save, sender=ServiceUser)
 def service_user_post_save(sender, **kwargs):
@@ -951,6 +956,9 @@ class Right(models.Model):
     def __str__(self):
         return str(self.user)
 
+    def can_create(user):
+        return user.has_perms('bureau')
+
 
 @receiver(post_save, sender=Right)
 def right_post_save(sender, **kwargs):
@@ -1095,6 +1103,9 @@ class Ban(models.Model):
     def __str__(self):
         return str(self.user) + ' ' + str(self.raison)
 
+    def can_create(user):
+        return user.has_perms(('bofh',))
+
 
 @receiver(post_save, sender=Ban)
 def ban_post_save(sender, **kwargs):
diff --git a/users/views.py b/users/views.py
index 9036ab0a..94b4c2fb 100644
--- a/users/views.py
+++ b/users/views.py
@@ -226,14 +226,10 @@ def edit_info(request, user, userid):
 
 @login_required
 @permission_required('bureau')
-def state(request, userid):
+@can_edit(User)
+def state(request, user, userid):
     """ Changer l'etat actif/desactivé/archivé d'un user,
     need droit bureau """
-    try:
-        user = User.objects.get(pk=userid)
-    except User.DoesNotExist:
-        messages.error(request, "Utilisateur inexistant")
-        return redirect(reverse('users:index'))
     state = StateForm(request.POST or None, instance=user)
     if state.is_valid():
         with transaction.atomic(), reversion.create_revision():
@@ -257,21 +253,11 @@ def state(request, userid):
 
 
 @login_required
-def password(request, userid):
+@can_edit(User)
+def password(request, user, userid):
     """ Reinitialisation d'un mot de passe à partir de l'userid,
     pour self par défaut, pour tous sans droit si droit cableur,
     pour tous si droit bureau """
-    try:
-        user = User.objects.get(pk=userid)
-    except User.DoesNotExist:
-        messages.error(request, "Utilisateur inexistant")
-        return redirect(reverse('users'))
-    if not user.can_edit(request.user):
-        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
-        return redirect(reverse(
-            'users:profil',
-            kwargs={'userid':str(request.user.id)}
-        ))
     if not request.user.has_perms(('bureau',)) and user != request.user\
             and Right.objects.filter(user=user):
         messages.error(request, "Il faut les droits bureau pour modifier le\
@@ -307,16 +293,9 @@ def new_serviceuser(request):
 
 
 @login_required
-@permission_required('infra')
-def edit_serviceuser(request, userid):
-    """ Edite un utilisateur à partir de son id,
-    si l'id est différent de request.user,
-    vérifie la possession du droit cableur """
-    try:
-        user = ServiceUser.objects.get(pk=userid)
-    except ServiceUser.DoesNotExist:
-        messages.error(request, "Utilisateur inexistant")
-        return redirect(reverse('users:index'))
+@can_edit(ServiceUser)
+def edit_serviceuser(request, user, userid):
+    """ Edit a ServiceUser """
     user = EditServiceUserForm(request.POST or None, instance=user)
     if user.is_valid():
         user_object = user.save(commit=False)
@@ -356,14 +335,10 @@ def del_serviceuser(request, userid):
 
 
 @login_required
-@permission_required('bureau')
-def add_right(request, userid):
+@can_create(Right)
+@can_edit(User)
+def add_right(request, user, userid):
     """ Ajout d'un droit à un user, need droit bureau """
-    try:
-        user = User.objects.get(pk=userid)
-    except User.DoesNotExist:
-        messages.error(request, "Utilisateur inexistant")
-        return redirect(reverse('users:index'))
     right = RightForm(request.POST or None)
     if right.is_valid():
         right = right.save(commit=False)
@@ -405,16 +380,12 @@ def del_right(request):
 
 
 @login_required
-@permission_required('bofh')
-def add_ban(request, userid):
+@can_create(Ban)
+@can_edit(User)
+def add_ban(request, user, userid):
     """ Ajouter un banissement, nécessite au moins le droit bofh
     (a fortiori bureau)
     Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement"""
-    try:
-        user = User.objects.get(pk=userid)
-    except User.DoesNotExist:
-        messages.error(request, "Utilisateur inexistant")
-        return redirect(reverse('users:index'))
     ban_instance = Ban(user=user)
     ban = BanForm(request.POST or None, instance=ban_instance)
     if ban.is_valid():
@@ -434,7 +405,6 @@ def add_ban(request, userid):
         )
     return form({'userform': ban}, 'users/user.html', request)
 
-
 @login_required
 @permission_required('bofh')
 def edit_ban(request, banid):