mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-12-25 00:13:45 +00:00
Utilisation nouveau système d'acl sur password et control
This commit is contained in:
parent
e1fc4b0613
commit
25f0e56166
5 changed files with 37 additions and 19 deletions
|
@ -149,11 +149,11 @@ class Facture(FieldPermissionModelMixin, models.Model):
|
|||
else:
|
||||
return True, None
|
||||
|
||||
def can_change_control(user, *args, **kwargs):
|
||||
def can_change_control(self, user, *args, **kwargs):
|
||||
return user.has_perms(('tresorier',)), "Vous ne pouvez pas éditer le controle sans droit trésorier"
|
||||
|
||||
def can_change_pdf(user_request, *args, **kwargs):
|
||||
return user_request.has_perms(('tresorier',)), "Vous ne pouvez pas éditer une facture sans droit trésorier"
|
||||
def can_change_pdf(self, user, *args, **kwargs):
|
||||
return user.has_perms(('tresorier',)), "Vous ne pouvez pas éditer une facture sans droit trésorier"
|
||||
|
||||
field_permissions = {
|
||||
'control': can_change_control,
|
||||
|
|
|
@ -168,7 +168,7 @@ def new_facture(request, user, userid):
|
|||
|
||||
|
||||
@login_required
|
||||
@can_change(Facture, ['pdf'])
|
||||
@can_change(Facture, 'pdf')
|
||||
def new_facture_pdf(request):
|
||||
"""Permet de générer un pdf d'une facture. Réservée
|
||||
au trésorier, permet d'emettre des factures sans objet
|
||||
|
@ -488,7 +488,7 @@ def del_banque(request, instances):
|
|||
|
||||
@login_required
|
||||
@can_view_all(Facture)
|
||||
@can_change(Facture, ['control'])
|
||||
@can_change(Facture, 'control')
|
||||
def control(request):
|
||||
"""Pour le trésorier, vue pour controler en masse les
|
||||
factures.Case à cocher, pratique"""
|
||||
|
|
|
@ -48,7 +48,7 @@ class FieldPermissionModelMixin:
|
|||
# Try to find a user setting that qualifies them for permission.
|
||||
for perm in checks:
|
||||
if callable(perm):
|
||||
result, plop = perm(user=user)
|
||||
result, reason = perm(self, user=user)
|
||||
if result is not None:
|
||||
return result
|
||||
else:
|
||||
|
|
|
@ -805,6 +805,24 @@ class User(AbstractBaseUser):
|
|||
else:
|
||||
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
||||
|
||||
def can_change_password(self, user_request, *args, **kwargs):
|
||||
if self.is_class_club and user_request.is_class_adherent:
|
||||
if self == user_request or user_request.has_perms(('cableur',)) or\
|
||||
user_request.adherent in self.club.administrators.all():
|
||||
return True, None
|
||||
else:
|
||||
return False, u"Vous n'avez pas le droit d'éditer ce club"
|
||||
else:
|
||||
if self == user_request or user_request.has_perms(('bureau',)):
|
||||
return True, None
|
||||
elif user_request.has_perms(('cableur',)) and not Right.objects.filter(user=self):
|
||||
return True, None
|
||||
else:
|
||||
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
|
||||
|
||||
def can_change_state(self, user_request, *args, **kwargs):
|
||||
return user_request.has_perms(('bureau',)), "Droit bureau requis pour changer l'état"
|
||||
|
||||
def can_delete(self, user_request, *args, **kwargs):
|
||||
"""Check if an user can delete an user object.
|
||||
|
||||
|
|
|
@ -93,7 +93,15 @@ from preferences.models import OptionalUser, GeneralOption
|
|||
|
||||
from re2o.views import form
|
||||
from re2o.utils import (
|
||||
all_has_access, SortTable, can_create, can_edit, can_delete_set, can_delete, can_view, can_view_all
|
||||
all_has_access,
|
||||
SortTable,
|
||||
can_create,
|
||||
can_edit,
|
||||
can_delete_set,
|
||||
can_delete,
|
||||
can_view,
|
||||
can_view_all,
|
||||
can_change
|
||||
)
|
||||
|
||||
def password_change_action(u_form, user, request, req=False):
|
||||
|
@ -217,8 +225,7 @@ def edit_info(request, user, userid):
|
|||
|
||||
|
||||
@login_required
|
||||
@permission_required('bureau')
|
||||
@can_edit(User)
|
||||
@can_edit(User, 'state')
|
||||
def state(request, user, userid):
|
||||
""" Changer l'etat actif/desactivé/archivé d'un user,
|
||||
need droit bureau """
|
||||
|
@ -245,19 +252,11 @@ def state(request, user, userid):
|
|||
|
||||
|
||||
@login_required
|
||||
@can_edit(User)
|
||||
@can_edit(User, 'password')
|
||||
def password(request, user, userid):
|
||||
""" Reinitialisation d'un mot de passe à partir de l'userid,
|
||||
pour self par défaut, pour tous sans droit si droit cableur,
|
||||
pour tous si droit bureau """
|
||||
if not request.user.has_perms(('bureau',)) and user != request.user\
|
||||
and Right.objects.filter(user=user):
|
||||
messages.error(request, "Il faut les droits bureau pour modifier le\
|
||||
mot de passe d'un membre actif")
|
||||
return redirect(reverse(
|
||||
'users:profil',
|
||||
kwargs={'userid':str(request.user.id)}
|
||||
))
|
||||
u_form = PassForm(request.POST or None)
|
||||
if u_form.is_valid():
|
||||
return password_change_action(u_form, user, request)
|
||||
|
@ -585,7 +584,8 @@ def del_listright(request, instances):
|
|||
|
||||
|
||||
@login_required
|
||||
@permission_required('bureau')
|
||||
@can_view_all(User)
|
||||
@can_change(User, 'state')
|
||||
def mass_archive(request):
|
||||
""" Permet l'archivage massif"""
|
||||
to_archive_date = MassArchiveForm(request.POST or None)
|
||||
|
|
Loading…
Reference in a new issue