Acl sur preferences

preferences/models.py

@@ -51,27 +51,51 @@ class OptionalUser(models.Model):
         return OptionalUser.objects.get_or_create()
 
     def can_create(user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can create a OptionalUser object.
 
-    def can_edit_all(user_request, *args, **kwargs):
+        :param user_request: The user who wants to create a user object.
+        :return: a message and a boolean which is True if the user can create.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
-            d'éditer les préférences concernant les users"
+            de créer les préférences concernant les users"
 
     def can_edit(self, user_request, *args, **kwargs):
+        """Check if an user can edit a OptionalUser object.
+
+        :param self: The OptionalUser which is to be edited.
+        :param user_request: The user who requests to edit self.
+        :return: a message and a boolean which is True if edition is granted.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences concernant les users"
 
-    def can_delete_all(user_request, *args, **kwargs):
-        return True, None
-
     def can_delete(self, user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can delete a OptionalUser object.
+
+        :param self: The OptionalUser which is to be deleted.
+        :param user_request: The user who requests deletion.
+        :return: True if deletion is granted, and a message.
+        """
+        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
+            de supprimer les préférences concernant les users"
 
     def can_view_all(user_request, *args, **kwargs):
+        """Check if an user can access to the list of every OptionalUser objects
+
+        :param user_request: The user who wants to view the list.
+        :return: True if the user can view the list and an explanation message.
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant les utilisateurs"
 
     def can_view(self, user_request, *args, **kwargs):
+        """Check if an user can view a OptionalUser object.
+
+        :param self: The targeted OptionalUser.
+        :param user_request: The user who ask for viewing the target.
+        :return: A boolean telling if the acces is granted and an explanation
+        text
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant les utilisateurs"
 
@@ -95,27 +119,52 @@ class OptionalMachine(models.Model):
         return OptionalMachine.objects.get_or_create()
 
     def can_create(user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can create a OptionalMachine object.
 
-    def can_edit_all(user_request, *args, **kwargs):
+        :param user_request: The user who wants to create an object.
+        :return: a message and a boolean which is True if the user can create.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
-            d'éditer les préférences concernant les machines"
+            de créer les préférences concernant les machines"
 
     def can_edit(self, user_request, *args, **kwargs):
+        """Check if an user can edit a OptionalMachine object.
+
+        :param self: The OptionalMachine which is to be edited.
+        :param user_request: The user who requests to edit self.
+        :return: a message and a boolean which is True if edition is granted.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences concernant les machines"
 
-    def can_delete_all(user_request, *args, **kwargs):
-        return True, None
-
     def can_delete(self, user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can delete a OptionalMachine object.
+
+        :param self: The OptionalMachine which is to be deleted.
+        :param user_request: The user who requests deletion.
+        :return: True if deletion is granted, and a message.
+        """
+
+        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
+            de supprimer les préférences concernant les machines"
 
     def can_view_all(user_request, *args, **kwargs):
+        """Check if an user can access to the list of every OptionalMachine objects
+
+        :param user_request: The user who wants to view the list.
+        :return: True if the user can view the list and an explanation message.
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant les machines"
 
     def can_view(self, user_request, *args, **kwargs):
+        """Check if an user can view a OptionalMachine object.
+
+        :param self: The targeted OptionalMachine.
+        :param user_request: The user who ask for viewing the target.
+        :return: A boolean telling if the acces is granted and an explanation
+        text
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant les machines"
 
@@ -156,27 +205,51 @@ class OptionalTopologie(models.Model):
         return OptionalTopologie.objects.get_or_create()
 
     def can_create(user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can create a OptionalTopologie object.
 
-    def can_edit_all(user_request, *args, **kwargs):
+        :param user_request: The user who wants to create an object.
+        :return: a message and a boolean which is True if the user can create.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
-            d'éditer les préférences concernant la topologie"
+            de créer les préférences concernant la topologie"
 
     def can_edit(self, user_request, *args, **kwargs):
+        """Check if an user can edit a OptionalTopologie object.
+
+        :param self: The OptionalTopologie which is to be edited.
+        :param user_request: The user who requests to edit self.
+        :return: a message and a boolean which is True if edition is granted.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences concernant la topologie"
 
-    def can_delete_all(user_request, *args, **kwargs):
-        return True, None
-
     def can_delete(self, user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can delete a OptionalTopologie object.
+
+        :param self: The OptionalTopologie which is to be deleted.
+        :param user_request: The user who requests deletion.
+        :return: True if deletion is granted, and a message.
+        """
+        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
+            d'éditer les préférences concernant la topologie"
 
     def can_view_all(user_request, *args, **kwargs):
+        """Check if an user can access to the list of every OptionalTopologie objects
+
+        :param user_request: The user who wants to view the list.
+        :return: True if the user can view the list and an explanation message.
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant la topologie"
 
     def can_view(self, user_request, *args, **kwargs):
+        """Check if an user can view a OptionalTopologie object.
+
+        :param self: The targeted OptionalTopologie.
+        :param user_request: The user who ask for viewing the target.
+        :return: A boolean telling if the acces is granted and an explanation
+        text
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant la topologie"
 
@@ -202,27 +275,52 @@ class GeneralOption(models.Model):
         return GeneralOption.objects.get_or_create()
 
     def can_create(user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can create a GeneralOption object.
 
-    def can_edit_all(user_request, *args, **kwargs):
+        :param user_request: The user who wants to create an object.
+        :return: a message and a boolean which is True if the user can create.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
-            d'éditer les préférences générales"
+            de créer les préférences générales"
 
     def can_edit(self, user_request, *args, **kwargs):
+        """Check if an user can edit a GeneralOption object.
+
+        :param self: The GeneralOption which is to be edited.
+        :param user_request: The user who requests to edit self.
+        :return: a message and a boolean which is True if edition is granted.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences générales"
 
-    def can_delete_all(user_request, *args, **kwargs):
-        return True, None
-
     def can_delete(self, user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can delete a GeneralOption object.
+
+        :param self: The GeneralOption which is to be deleted.
+        :param user_request: The user who requests deletion.
+        :return: True if deletion is granted, and a message.
+        """
+        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
+            d'éditer les préférences générales"
 
     def can_view_all(user_request, *args, **kwargs):
+        """Check if an user can access to the list of every GeneralOption objects
+
+        :param user_request: The user who wants to view the list.
+        :return: True if the user can view the list and an explanation message.
+        """
+
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences générales"
 
     def can_view(self, user_request, *args, **kwargs):
+        """Check if an user can view a GeneralOption object.
+
+        :param self: The targeted GeneralOption.
+        :param user_request: The user who ask for viewing the target.
+        :return: A boolean telling if the acces is granted and an explanation
+        text
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences générales"
 
@@ -239,30 +337,53 @@ class Service(models.Model):
         return Service.objects.get(pk=serviceid)
 
     def can_create(user_request, *args, **kwargs):
+        """Check if an user can create a Service object.
+
+        :param user_request: The user who wants to create an object.
+        :return: a message and a boolean which is True if the user can create.
+        """
+
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             de créer un service pour la page d'accueil"
 
-    def can_edit_all(user_request, *args, **kwargs):
-        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
-            d'éditer les services pour la page d'accueil"
-
     def can_edit(self, user_request, *args, **kwargs):
+        """Check if an user can edit a Service object.
+
+        :param self: The Service which is to be edited.
+        :param user_request: The user who requests to edit self.
+        :return: a message and a boolean which is True if edition is granted.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les services pour la page d'accueil"
 
-    def can_delete_all(user_request, *args, **kwargs):
-        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
-            de supprimer les services pour la page d'accueil"
-
     def can_delete(self, user_request, *args, **kwargs):
+        """Check if an user can delete a Service object.
+
+        :param self: The Right which is to be deleted.
+        :param user_request: The user who requests deletion.
+        :return: True if deletion is granted, and a message.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             de supprimer les services pour la page d'accueil"
 
     def can_view_all(user_request, *args, **kwargs):
+        """Check if an user can access to the list of every Service objects
+
+        :param user_request: The user who wants to view the list.
+        :return: True if the user can view the list and an explanation message.
+        """
+
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les services pour la page d'accueil"
 
     def can_view(self, user_request, *args, **kwargs):
+        """Check if an user can view a Service object.
+
+        :param self: The targeted Service.
+        :param user_request: The user who ask for viewing the target.
+        :return: A boolean telling if the acces is granted and an explanation
+        text
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les services pour la page d'accueil"
 
@@ -295,27 +416,51 @@ class AssoOption(models.Model):
         return AssoOption.objects.get_or_create()
 
     def can_create(user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can create a AssoOption object.
 
-    def can_edit_all(user_request, *args, **kwargs):
+        :param user_request: The user who wants to create an object.
+        :return: a message and a boolean which is True if the user can create.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences concernant l'association"
 
     def can_edit(self, user_request, *args, **kwargs):
+        """Check if an user can edit a AssoOption object.
+
+        :param self: The AssoOption which is to be edited.
+        :param user_request: The user who requests to edit self.
+        :return: a message and a boolean which is True if edition is granted.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences concernant l'association"
 
-    def can_delete_all(user_request, *args, **kwargs):
-        return True, None
-
     def can_delete(self, user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can delete a AssoOption object.
+
+        :param self: The AssoOption which is to be deleted.
+        :param user_request: The user who requests deletion.
+        :return: True if deletion is granted, and a message.
+        """
+        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
+            d'éditer les préférences concernant l'association"
 
     def can_view_all(user_request, *args, **kwargs):
+        """Check if an user can access to the list of every AssoOption objects
+
+        :param user_request: The user who wants to view the list.
+        :return: True if the user can view the list and an explanation message.
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant l'association"
 
     def can_view(self, user_request, *args, **kwargs):
+        """Check if an user can view a AssoOption object.
+
+        :param self: The targeted AssoOption.
+        :param user_request: The user who ask for viewing the target.
+        :return: A boolean telling if the acces is granted and an explanation
+        text
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant l'association"
 
@@ -331,26 +476,51 @@ class MailMessageOption(models.Model):
         return MailMessageOption.objects.get_or_create()
 
     def can_create(user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can create a MailMessageOption object.
 
-    def can_edit_all(user_request, *args, **kwargs):
+        :param user_request: The user who wants to create an object.
+        :return: a message and a boolean which is True if the user can create.
+        """
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences concernant les mails"
 
     def can_edit(self, user_request, *args, **kwargs):
+        """Check if an user can edit a MailMessageOption object.
+
+        :param self: The MailMessageOption which is to be edited.
+        :param user_request: The user who requests to edit self.
+        :return: a message and a boolean which is True if edition is granted.
+        """
+
         return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
             d'éditer les préférences concernant les mails"
 
-    def can_delete_all(user_request, *args, **kwargs):
-        return True, None
-
     def can_delete(self, user_request, *args, **kwargs):
-        return True, None
+        """Check if an user can delete a AssoOption object.
+
+        :param self: The AssoOption which is to be deleted.
+        :param user_request: The user who requests deletion.
+        :return: True if deletion is granted, and a message.
+        """
+        return user_request.has_perms(('admin',)), u"Vous n'avez pas le droit\
+            d'éditer les préférences concernant les mails"
 
     def can_view_all(user_request, *args, **kwargs):
+        """Check if an user can access to the list of every AssoOption objects
+
+        :param user_request: The user who wants to view the list.
+        :return: True if the user can view the list and an explanation message.
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant les mails"
 
     def can_view(self, user_request, *args, **kwargs):
+        """Check if an user can view a AssoOption object.
+
+        :param self: The targeted AssoOption.
+        :param user_request: The user who ask for viewing the target.
+        :return: A boolean telling if the acces is granted and an explanation
+        text
+        """
         return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
             de voir les préférences concernant les mails"

preferences/templates/preferences/aff_service.html

@@ -21,7 +21,7 @@ You should have received a copy of the GNU General Public License along
 with this program; if not, write to the Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 {% endcomment %}
-
+{% load acl %}
     <table class="table table-striped">
         <thead>
             <tr>
@@ -40,9 +40,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
             <td>{{ service.description }}</td>
             <td>{{ service.image }}</td>
             <td class="text-right">
-            {% if is_admin %}
+            {% can_edit service%}
             {% include 'buttons/edit.html' with href='preferences:edit-service' id=service.id %}
-            {% endif %}
+            {% acl_end %}
             {% include 'buttons/history.html' with href='preferences:history' name='service' id=service.id %}
             </td>
         </tr>

preferences/templates/preferences/display_preferences.html

@@ -24,17 +24,16 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 {% endcomment %}
 
 {% load bootstrap3 %}
+{% load acl %}
 
 {% block title %}Création et modification des préférences{% endblock %}
 
 {% block content %}
     <h4>Préférences utilisateur</h4>
-    {% if is_bureau %}
         <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'OptionalUser' %}">
 	    <i class="glyphicon glyphicon-edit"></i>
             Editer
 	</a>
-    {% endif %}
     <p>
     </p>
     <table class="table table-striped">
@@ -58,12 +57,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
         </tr>
     </table>
     <h4>Préférences machines</h4>
-    {% if is_bureau %}
         <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'OptionalMachine' %}">
             <i class="glyphicon glyphicon-edit"></i>
             Editer
         </a>
-    {% endif %}
     <p>
     </p>
     <table class="table table-striped">
@@ -81,12 +78,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
      	</tr>
     </table>
     <h4>Préférences topologie</h4>
-    {% if is_bureau %}
         <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'OptionalTopologie' %}">
             <i class="glyphicon glyphicon-edit"></i>
             Editer
         </a>
-    {% endif %}
     <p>
     </p>
     <table class="table table-striped">
@@ -104,14 +99,12 @@ with this program; if not, write to the Free Software Foundation, Inc.,
         </tr>
     </table>
     <h4>Préférences generales</h4>
-    {% if is_bureau %}
         <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'GeneralOption' %}">
             <i class="glyphicon glyphicon-edit"></i>
             Editer
         </a>
-    {% endif %}
     <p>
-    </p>    
+    </p>
     <table class="table table-striped">
         <tr>
             <th>Nom du site web</th>
@@ -137,12 +130,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 	<tr>
     </table>
     <h4>Données de l'association</h4>
-    {% if is_bureau %}
         <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'AssoOption' %}">
             <i class="glyphicon glyphicon-edit"></i>
             Editer
         </a>
-    {% endif %}
     <p>
     </p>
     <table class="table table-striped">
@@ -164,19 +155,17 @@ with this program; if not, write to the Free Software Foundation, Inc.,
             <td>{{ assooptions.telephone }}</td>
             <th>Pseudo d'usage</th>
             <td>{{ assooptions.pseudo }}</td>
-        </tr>   
+        </tr>
         <tr>
             <th>Objet utilisateur de l'association</th>
             <td>{{ assooptions.utilisateur_asso }}</td>
-        </tr>   
+        </tr>
-    </table> 
+    </table>
     <h4>Messages personalisé dans les mails</h4>
-    {% if is_bureau %}
         <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'MailMessageOption' %}">
             <i class="glyphicon glyphicon-edit"></i>
             Editer
         </a>
-    {% endif %}
     <p>
     </p>
     <table class="table table-striped">
@@ -190,10 +179,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
         </tr>
     </table>
   <h2>Liste des services page d'accueil</h2>
-  {% if is_infra %}
+  {% can_create Service%}
   <a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:add-service'  %}"><i class="glyphicon glyphicon-plus"></i> Ajouter un service</a>
+  {% acl_end %}
   <a class="btn btn-danger btn-sm" role="button" href="{% url 'preferences:del-services'  %}"><i class="glyphicon glyphicon-trash"></i> Supprimer un ou plusieurs service</a>
-  {% endif %}
   {%  include "preferences/aff_service.html" with  service_list=service_list %}
   <br />
   <br />

preferences/urls.py

@@ -28,6 +28,7 @@ from __future__ import unicode_literals
 from django.conf.urls import url
 
 from . import views
+import re2o
 
 
 urlpatterns = [
@@ -69,8 +70,8 @@ urlpatterns = [
         ),
     url(r'^del_services/$', views.del_services, name='del-services'),
     url(
-        r'^history/(?P<object_name>service)/(?P<object_id>[0-9]+)$',
+        r'^history/(?P<object_name>\w+)/(?P<object_id>[0-9]+)$',
-        views.history,
+        re2o.views.history,
         name='history'
         ),
     url(r'^$', views.display_options, name='display-options'),

preferences/views.py

@@ -42,7 +42,7 @@ from reversion.models import Version
 from reversion import revisions as reversion
 
 from re2o.views import form
-from re2o.utils import can_create, can_edit, can_delete_set
+from re2o.utils import can_create, can_edit, can_delete_set, can_view_all
 from .forms import ServiceForm, DelServiceForm
 from .models import Service, OptionalUser, OptionalMachine, AssoOption
 from .models import MailMessageOption, GeneralOption, OptionalTopologie
@@ -51,7 +51,12 @@ from . import forms
 
 
 @login_required
-@permission_required('cableur')
+@can_view_all(OptionalUser)
+@can_view_all(OptionalMachine)
+@can_view_all(OptionalTopologie)
+@can_view_all(GeneralOption)
+@can_view_all(AssoOption)
+@can_view_all(MailMessageOption)
 def display_options(request):
     """Vue pour affichage des options (en vrac) classé selon les models
     correspondants dans un tableau"""
@@ -81,6 +86,11 @@ def edit_options(request, section):
     form_instance = getattr(forms, 'Edit' + section + 'Form', None)
     if model and form:
         options_instance, _created = model.objects.get_or_create()
+        can, msg = options_instance.can_edit(request.user)
+        if not can:
+            messages.error(request, msg or "Vous ne pouvez pas éditer cette\
+                           option.")
+            return redirect('/')
         options = form_instance(
             request.POST or None,
             instance=options_instance
@@ -170,33 +180,3 @@ def del_services(request, instances):
         'preferences/preferences.html',
         request
     )
-
-
-@login_required
-@permission_required('cableur')
-def history(request, object_name, object_id):
-    """Historique de creation et de modification d'un service affiché sur
-    la page d'accueil"""
-    if object_name == 'service':
-        try:
-            object_instance = Service.objects.get(pk=object_id)
-        except Service.DoesNotExist:
-            messages.error(request, "Service inexistant")
-            return redirect(reverse('preferences:display-options'))
-    options, _created = GeneralOption.objects.get_or_create()
-    pagination_number = options.pagination_number
-    reversions = Version.objects.get_for_object(object_instance)
-    paginator = Paginator(reversions, pagination_number)
-    page = request.GET.get('page')
-    try:
-        reversions = paginator.page(page)
-    except PageNotAnInteger:
-        # If page is not an integer, deliver first page.
-        reversions = paginator.page(1)
-    except EmptyPage:
-        # If page is out of range (e.g. 9999), deliver last page of results.
-        reversions = paginator.page(paginator.num_pages)
-    return render(request, 're2o/history.html', {
-        'reversions': reversions,
-        'object': object_instance
-        })

re2o/views.py

@@ -35,7 +35,7 @@ from reversion.models import Version
 from django.contrib import messages
 from preferences.models import Service
 from preferences.models import OptionalUser, GeneralOption
-import users
+import users, preferences
 
 def form(ctx, template, request):
     """Form générique, raccourci importé par les fonctions views du site"""
@@ -59,6 +59,7 @@ HISTORY_BIND = {
     'school' : users.models.School,
     'listright' : users.models.ListRight,
     'serviceuser' : users.models.ServiceUser,
+    'service' : preferences.models.Service,
 }
 
 @login_required