8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-23 03:43:12 +00:00

helpful acl messages for cotisations.

This commit is contained in:
Hugo Levy-Falk 2019-09-06 14:45:51 +02:00
parent ce659348be
commit 225731b25c

View file

@ -169,44 +169,78 @@ class Facture(BaseInvoice):
return self.vente_set.all()
def can_edit(self, user_request, *args, **kwargs):
user_can, _, permissions = self.user.can_edit(
user_request, *args, **kwargs)
if not user_request.has_perm('cotisations.change_facture'):
return False, _("You don't have the right to edit an invoice.")
return (
False,
_("You don't have the right to edit an invoice."),
('cotisations.change_facture',)
)
elif not user_request.has_perm('cotisations.change_all_facture') and \
not self.user.can_edit(user_request, *args, **kwargs)[0]:
return False, _("You don't have the right to edit this user's "
"invoices.")
not user_can:
return (
False,
_("You don't have the right to edit this user's invoices."),
('cotisations.change_all_facture',) + permissions
)
elif not user_request.has_perm('cotisations.change_all_facture') and \
(self.control or not self.valid):
return False, _("You don't have the right to edit an invoice "
"already controlled or invalidated.")
return (
False,
_("You don't have the right to edit an invoice "
"already controlled or invalidated."),
('cotisations.change_all_facture',)
)
else:
return True, None
return True, None, None
def can_delete(self, user_request, *args, **kwargs):
user_can, _, permissions = self.user.can_edit(
user_request, *args, **kwargs)
if not user_request.has_perm('cotisations.delete_facture'):
return False, _("You don't have the right to delete an invoice.")
return (
False,
_("You don't have the right to delete an invoice."),
('cotisations.delete_facture',)
)
elif not user_request.has_perm('cotisations.change_all_facture') and \
not self.user.can_edit(user_request, *args, **kwargs)[0]:
return False, _("You don't have the right to delete this user's "
"invoices.")
not user_can:
return (
False,
_("You don't have the right to delete this user's invoices."),
('cotisations.change_all_facture',) + permissions
)
elif not user_request.has_perm('cotisations.change_all_facture') and \
(self.control or not self.valid):
return False, _("You don't have the right to delete an invoice "
"already controlled or invalidated.")
return (
False,
_("You don't have the right to delete an invoice "
"already controlled or invalidated."),
('cotisations.change_all_facture',)
)
else:
return True, None
return True, None, None
def can_view(self, user_request, *_args, **_kwargs):
if not user_request.has_perm('cotisations.view_facture'):
if self.user != user_request:
return False, _("You don't have the right to view someone else's "
"invoices history.")
return (
False,
_("You don't have the right to view someone else's "
"invoices history."),
('cotisations.view_facture',)
)
elif not self.valid:
return False, _("The invoice has been invalidated.")
return (
False,
_("The invoice has been invalidated."),
('cotisations.view_facture',)
)
else:
return True, None
return True, None, None
else:
return True, None
return True, None, None
@staticmethod
def can_change_control(user_request, *_args, **_kwargs):
@ -214,7 +248,8 @@ class Facture(BaseInvoice):
this invoice """
return (
user_request.has_perm('cotisations.change_facture_control'),
_("You don't have the right to edit the \"controlled\" state.")
_("You don't have the right to edit the \"controlled\" state."),
('cotisations.change_facture_control',)
)
@staticmethod
@ -226,12 +261,12 @@ class Facture(BaseInvoice):
an invoice or if the `options.allow_self_subscription` is set.
"""
if user_request.has_perm('cotisations.add_facture'):
return True, None
return True, None, None
if len(Paiement.find_allowed_payments(user_request)) <= 0:
return False, _("There are no payment method which you can use.")
return False, _("There are no payment method which you can use."), ('cotisations.add_facture',)
if len(Article.find_allowed_articles(user_request, user_request)) <= 0:
return False, _("There are no article that you can buy.")
return True, None
return False, _("There are no article that you can buy."), ('cotisations.add_facture',)
return True, None, None
def __init__(self, *args, **kwargs):
super(Facture, self).__init__(*args, **kwargs)
@ -360,12 +395,18 @@ class CostEstimate(CustomInvoice):
def can_delete(self, user_request, *args, **kwargs):
if not user_request.has_perm('cotisations.delete_costestimate'):
return False, _("You don't have the right "
"to delete a cost estimate.")
return (
False,
_("You don't have the right to delete a cost estimate."),
('cotisations.delete_costestimate',)
)
if self.final_invoice is not None:
return False, _("The cost estimate has an "
"invoice and can't be deleted.")
return True, None
return (
False,
_("The cost estimate has an invoice and can't be deleted."),
None
)
return True, None, None
# TODO : change Vente to Purchase
@ -505,40 +546,66 @@ class Vente(RevMixin, AclMixin, models.Model):
super(Vente, self).save(*args, **kwargs)
def can_edit(self, user_request, *args, **kwargs):
user_can, _, permissions = self.facture.user.can_edit(
user_request, *args, **kwargs
)
if not user_request.has_perm('cotisations.change_vente'):
return False, _("You don't have the right to edit the purchases.")
elif (not user_request.has_perm('cotisations.change_all_facture') and
not self.facture.user.can_edit(
user_request, *args, **kwargs
)[0]):
return False, _("You don't have the right to edit this user's "
"purchases.")
return (
False,
_("You don't have the right to edit the purchases."),
('cotisations.change_vente',)
)
elif not (
user_request.has_perm('cotisations.change_all_facture') or
user_can):
return (
False,
_("You don't have the right to edit this user's purchases."),
('cotisations.change_all_facture',) + permissions
)
elif (not user_request.has_perm('cotisations.change_all_vente') and
(self.facture.control or not self.facture.valid)):
return False, _("You don't have the right to edit a purchase "
"already controlled or invalidated.")
return (
False,
_("You don't have the right to edit a purchase "
"already controlled or invalidated."),
('cotisations.change_all_vente',)
)
else:
return True, None
return True, None, None
def can_delete(self, user_request, *args, **kwargs):
user_can, _, permissions = self.facture.user.can_edit(
user_request, *args, **kwargs)
if not user_request.has_perm('cotisations.delete_vente'):
return False, _("You don't have the right to delete a purchase.")
if not self.facture.user.can_edit(user_request, *args, **kwargs)[0]:
return False, _("You don't have the right to delete this user's "
"purchases.")
return (
False,
_("You don't have the right to delete a purchase."),
('cotisations.delete_vente',)
)
if not user_can:
return (
False,
_("You don't have the right to delete this user's purchases."),
permissions
)
if self.facture.control or not self.facture.valid:
return False, _("You don't have the right to delete a purchase "
"already controlled or invalidated.")
"already controlled or invalidated."), None
else:
return True, None
return True, None, None
def can_view(self, user_request, *_args, **_kwargs):
if (not user_request.has_perm('cotisations.view_vente') and
self.facture.user != user_request):
return False, _("You don't have the right to view someone "
"else's purchase history.")
return (
False,
_("You don't have the right to view someone "
"else's purchase history."),
('cotisations.view_vente',)
)
else:
return True, None
return True, None, None
def __str__(self):
return str(self.name) + ' ' + str(self.facture)
@ -683,7 +750,8 @@ class Article(RevMixin, AclMixin, models.Model):
self.available_for_everyone
or user.has_perm('cotisations.buy_every_article')
or user.has_perm('cotisations.add_facture'),
_("You can't buy this article.")
_("You can't buy this article."),
('cotisations.buy_every_article', 'cotisations.add_facture')
)
@classmethod
@ -838,7 +906,8 @@ class Paiement(RevMixin, AclMixin, models.Model):
self.available_for_everyone
or user.has_perm('cotisations.use_every_payment')
or user.has_perm('cotisations.add_facture'),
_("You can't use this payment method.")
_("You can't use this payment method."),
('cotisations.use_every_payment', 'cotisations.add_facture')
)
@classmethod
@ -907,32 +976,51 @@ class Cotisation(RevMixin, AclMixin, models.Model):
def can_edit(self, user_request, *_args, **_kwargs):
if not user_request.has_perm('cotisations.change_cotisation'):
return False, _("You don't have the right to edit a subscription.")
return (
False,
_("You don't have the right to edit a subscription."),
('cotisations.change_cotisation',)
)
elif not user_request.has_perm('cotisations.change_all_cotisation') \
and (self.vente.facture.control or
not self.vente.facture.valid):
return False, _("You don't have the right to edit a subscription "
"already controlled or invalidated.")
return (
False,
_("You don't have the right to edit a subscription "
"already controlled or invalidated."),
('cotisations.change_all_cotisation',)
)
else:
return True, None
return True, None, None
def can_delete(self, user_request, *_args, **_kwargs):
if not user_request.has_perm('cotisations.delete_cotisation'):
return False, _("You don't have the right to delete a "
"subscription.")
return (
False,
_("You don't have the right to delete a subscription."),
('cotisations.delete_cotisation',)
)
if self.vente.facture.control or not self.vente.facture.valid:
return False, _("You don't have the right to delete a subscription "
"already controlled or invalidated.")
return (
False,
_("You don't have the right to delete a subscription "
"already controlled or invalidated."),
None
)
else:
return True, None
return True, None, None
def can_view(self, user_request, *_args, **_kwargs):
if not user_request.has_perm('cotisations.view_cotisation') and\
self.vente.facture.user != user_request:
return False, _("You don't have the right to view someone else's "
"subscription history.")
return (
False,
_("You don't have the right to view someone else's "
"subscription history."),
('cotisations.view_cotisation',)
)
else:
return True, None
return True, None, None
def __str__(self):
return str(self.vente)