mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2025-01-12 19:24:28 +00:00
Utilisation nouveau système d'acl sur password et control
This commit is contained in:
parent
e1fc4b0613
commit
25f0e56166
5 changed files with 37 additions and 19 deletions
|
@ -149,11 +149,11 @@ class Facture(FieldPermissionModelMixin, models.Model):
|
||||||
else:
|
else:
|
||||||
return True, None
|
return True, None
|
||||||
|
|
||||||
def can_change_control(user, *args, **kwargs):
|
def can_change_control(self, user, *args, **kwargs):
|
||||||
return user.has_perms(('tresorier',)), "Vous ne pouvez pas éditer le controle sans droit trésorier"
|
return user.has_perms(('tresorier',)), "Vous ne pouvez pas éditer le controle sans droit trésorier"
|
||||||
|
|
||||||
def can_change_pdf(user_request, *args, **kwargs):
|
def can_change_pdf(self, user, *args, **kwargs):
|
||||||
return user_request.has_perms(('tresorier',)), "Vous ne pouvez pas éditer une facture sans droit trésorier"
|
return user.has_perms(('tresorier',)), "Vous ne pouvez pas éditer une facture sans droit trésorier"
|
||||||
|
|
||||||
field_permissions = {
|
field_permissions = {
|
||||||
'control': can_change_control,
|
'control': can_change_control,
|
||||||
|
|
|
@ -168,7 +168,7 @@ def new_facture(request, user, userid):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@can_change(Facture, ['pdf'])
|
@can_change(Facture, 'pdf')
|
||||||
def new_facture_pdf(request):
|
def new_facture_pdf(request):
|
||||||
"""Permet de générer un pdf d'une facture. Réservée
|
"""Permet de générer un pdf d'une facture. Réservée
|
||||||
au trésorier, permet d'emettre des factures sans objet
|
au trésorier, permet d'emettre des factures sans objet
|
||||||
|
@ -488,7 +488,7 @@ def del_banque(request, instances):
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@can_view_all(Facture)
|
@can_view_all(Facture)
|
||||||
@can_change(Facture, ['control'])
|
@can_change(Facture, 'control')
|
||||||
def control(request):
|
def control(request):
|
||||||
"""Pour le trésorier, vue pour controler en masse les
|
"""Pour le trésorier, vue pour controler en masse les
|
||||||
factures.Case à cocher, pratique"""
|
factures.Case à cocher, pratique"""
|
||||||
|
|
|
@ -48,7 +48,7 @@ class FieldPermissionModelMixin:
|
||||||
# Try to find a user setting that qualifies them for permission.
|
# Try to find a user setting that qualifies them for permission.
|
||||||
for perm in checks:
|
for perm in checks:
|
||||||
if callable(perm):
|
if callable(perm):
|
||||||
result, plop = perm(user=user)
|
result, reason = perm(self, user=user)
|
||||||
if result is not None:
|
if result is not None:
|
||||||
return result
|
return result
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -805,6 +805,24 @@ class User(AbstractBaseUser):
|
||||||
else:
|
else:
|
||||||
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
||||||
|
|
||||||
|
def can_change_password(self, user_request, *args, **kwargs):
|
||||||
|
if self.is_class_club and user_request.is_class_adherent:
|
||||||
|
if self == user_request or user_request.has_perms(('cableur',)) or\
|
||||||
|
user_request.adherent in self.club.administrators.all():
|
||||||
|
return True, None
|
||||||
|
else:
|
||||||
|
return False, u"Vous n'avez pas le droit d'éditer ce club"
|
||||||
|
else:
|
||||||
|
if self == user_request or user_request.has_perms(('bureau',)):
|
||||||
|
return True, None
|
||||||
|
elif user_request.has_perms(('cableur',)) and not Right.objects.filter(user=self):
|
||||||
|
return True, None
|
||||||
|
else:
|
||||||
|
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
||||||
|
|
||||||
|
def can_change_state(self, user_request, *args, **kwargs):
|
||||||
|
return user_request.has_perms(('bureau',)), "Droit bureau requis pour changer l'état"
|
||||||
|
|
||||||
def can_delete(self, user_request, *args, **kwargs):
|
def can_delete(self, user_request, *args, **kwargs):
|
||||||
"""Check if an user can delete an user object.
|
"""Check if an user can delete an user object.
|
||||||
|
|
||||||
|
|
|
@ -93,7 +93,15 @@ from preferences.models import OptionalUser, GeneralOption
|
||||||
|
|
||||||
from re2o.views import form
|
from re2o.views import form
|
||||||
from re2o.utils import (
|
from re2o.utils import (
|
||||||
all_has_access, SortTable, can_create, can_edit, can_delete_set, can_delete, can_view, can_view_all
|
all_has_access,
|
||||||
|
SortTable,
|
||||||
|
can_create,
|
||||||
|
can_edit,
|
||||||
|
can_delete_set,
|
||||||
|
can_delete,
|
||||||
|
can_view,
|
||||||
|
can_view_all,
|
||||||
|
can_change
|
||||||
)
|
)
|
||||||
|
|
||||||
def password_change_action(u_form, user, request, req=False):
|
def password_change_action(u_form, user, request, req=False):
|
||||||
|
@ -217,8 +225,7 @@ def edit_info(request, user, userid):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('bureau')
|
@can_edit(User, 'state')
|
||||||
@can_edit(User)
|
|
||||||
def state(request, user, userid):
|
def state(request, user, userid):
|
||||||
""" Changer l'etat actif/desactivé/archivé d'un user,
|
""" Changer l'etat actif/desactivé/archivé d'un user,
|
||||||
need droit bureau """
|
need droit bureau """
|
||||||
|
@ -245,19 +252,11 @@ def state(request, user, userid):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@can_edit(User)
|
@can_edit(User, 'password')
|
||||||
def password(request, user, userid):
|
def password(request, user, userid):
|
||||||
""" Reinitialisation d'un mot de passe à partir de l'userid,
|
""" Reinitialisation d'un mot de passe à partir de l'userid,
|
||||||
pour self par défaut, pour tous sans droit si droit cableur,
|
pour self par défaut, pour tous sans droit si droit cableur,
|
||||||
pour tous si droit bureau """
|
pour tous si droit bureau """
|
||||||
if not request.user.has_perms(('bureau',)) and user != request.user\
|
|
||||||
and Right.objects.filter(user=user):
|
|
||||||
messages.error(request, "Il faut les droits bureau pour modifier le\
|
|
||||||
mot de passe d'un membre actif")
|
|
||||||
return redirect(reverse(
|
|
||||||
'users:profil',
|
|
||||||
kwargs={'userid':str(request.user.id)}
|
|
||||||
))
|
|
||||||
u_form = PassForm(request.POST or None)
|
u_form = PassForm(request.POST or None)
|
||||||
if u_form.is_valid():
|
if u_form.is_valid():
|
||||||
return password_change_action(u_form, user, request)
|
return password_change_action(u_form, user, request)
|
||||||
|
@ -585,7 +584,8 @@ def del_listright(request, instances):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('bureau')
|
@can_view_all(User)
|
||||||
|
@can_change(User, 'state')
|
||||||
def mass_archive(request):
|
def mass_archive(request):
|
||||||
""" Permet l'archivage massif"""
|
""" Permet l'archivage massif"""
|
||||||
to_archive_date = MassArchiveForm(request.POST or None)
|
to_archive_date = MassArchiveForm(request.POST or None)
|
||||||
|
|
Loading…
Reference in a new issue