From 15bcb0c280bc6ea1551622ab1982708a38f56135 Mon Sep 17 00:00:00 2001 From: chirac Date: Thu, 31 Dec 2020 15:31:49 +0100 Subject: [PATCH] Add club manager acl for user search --- re2o/views.py | 5 ++++- users/models.py | 27 +++++++++++++++++++++++++++ users/views_autocomplete.py | 15 +++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/re2o/views.py b/re2o/views.py index 359c3e81..a689aab8 100644 --- a/re2o/views.py +++ b/re2o/views.py @@ -184,8 +184,11 @@ class AutocompleteViewMixin(LoginRequiredMixin, autocomplete.Select2QuerySetView def get_queryset(self): can, reason, _permission, query_set = self.obj_type.can_list(self.request.user) + if query_set: + self.query_set = query_set + else: + self.query_set = self.obj_type.objects.none() - self.query_set = query_set if hasattr(self, "filter_results"): self.filter_results() else: diff --git a/users/models.py b/users/models.py index fc0c711a..9fb10972 100755 --- a/users/models.py +++ b/users/models.py @@ -2065,6 +2065,33 @@ class Adherent(User): ("users.add_user",), ) + @classmethod + def can_list(cls, user_request, *_args, **_kwargs): + """Users can list adherent only if they are : + - Members of view acl, + - Club administrator. + + :param user_request: The user who wants to view the list. + :return: True if the user can view the list and an explanation + message. + + """ + can, _message, _group = Club.can_view_all(user_request) + if user_request.has_perm("users.view_user") or can: + return ( + True, + None, + None, + cls.objects.all() + ) + else: + return ( + False, + _("You don't have the right to list all adherents."), + ("users.view_user",), + cls.objects.none(), + ) + def clean(self, *args, **kwargs): """Method, clean and validate the gpgfp value. diff --git a/users/views_autocomplete.py b/users/views_autocomplete.py index f0cfc3ae..bc34a582 100644 --- a/users/views_autocomplete.py +++ b/users/views_autocomplete.py @@ -81,6 +81,21 @@ class UserAutocomplete(AutocompleteViewMixin): class AdherentAutocomplete(AutocompleteViewMixin): obj_type = Adherent + # Precision on search to add annotations so search behaves more like users expect it to + def filter_results(self): + # Comments explain what we try to match + self.query_set = self.query_set.annotate( + full_name=Concat("name", Value(" "), "surname"), # Match when the user searches "Toto Passoir" + full_name_reverse=Concat("surname", Value(" "), "name"), # Match when the user searches "Passoir Toto" + ).all() + + if self.q: + self.query_set = self.query_set.filter( + Q(pseudo__icontains=self.q) + | Q(full_name__icontains=self.q) + | Q(full_name_reverse__icontains=self.q) + ) + #@can_view_all(Club) class ClubAutocomplete(AutocompleteViewMixin): obj_type = Club