mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-27 15:12:25 +00:00
Proprifie les tests de controle et les acl
This commit is contained in:
parent
5b7924f3f0
commit
26f5965a6a
2 changed files with 13 additions and 13 deletions
|
@ -77,7 +77,7 @@ def new_machine(request, userid):
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
messages.error(request, u"Utilisateur inexistant" )
|
messages.error(request, u"Utilisateur inexistant" )
|
||||||
return redirect("/machines/")
|
return redirect("/machines/")
|
||||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
if not request.user.has_perms(('cableur',)) and user != request.user:
|
||||||
messages.error(request, "Vous ne pouvez pas ajouter une machine à un autre user que vous sans droit")
|
messages.error(request, "Vous ne pouvez pas ajouter une machine à un autre user que vous sans droit")
|
||||||
return redirect("/users/profil/" + str(request.user.id))
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
machine = NewMachineForm(request.POST or None)
|
machine = NewMachineForm(request.POST or None)
|
||||||
|
@ -106,7 +106,7 @@ def edit_machine(request, interfaceid):
|
||||||
messages.error(request, u"Interface inexistante" )
|
messages.error(request, u"Interface inexistante" )
|
||||||
return redirect("/machines")
|
return redirect("/machines")
|
||||||
if not request.user.has_perms(('cableur',)):
|
if not request.user.has_perms(('cableur',)):
|
||||||
if str(interface.machine.user.id)!=str(request.user.id):
|
if interface.machine.user != request.user:
|
||||||
messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit")
|
messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit")
|
||||||
return redirect("/users/profil/" + str(request.user.id))
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
machine_form = BaseEditMachineForm(request.POST or None, instance=interface.machine)
|
machine_form = BaseEditMachineForm(request.POST or None, instance=interface.machine)
|
||||||
|
@ -132,7 +132,7 @@ def new_interface(request, machineid):
|
||||||
messages.error(request, u"Machine inexistante" )
|
messages.error(request, u"Machine inexistante" )
|
||||||
return redirect("/machines")
|
return redirect("/machines")
|
||||||
if not request.user.has_perms(('cableur',)):
|
if not request.user.has_perms(('cableur',)):
|
||||||
if str(machine.user.id)!=str(request.user.id):
|
if machine.user != request.user:
|
||||||
messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit")
|
messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit")
|
||||||
return redirect("/users/profil/" + str(request.user.id))
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
machine_form = BaseEditMachineForm(request.POST or None, instance=machine)
|
machine_form = BaseEditMachineForm(request.POST or None, instance=machine)
|
||||||
|
|
|
@ -53,14 +53,14 @@ def new_user(request):
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def edit_info(request, userid):
|
def edit_info(request, userid):
|
||||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
|
||||||
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
|
||||||
return redirect("/users/profil/" + str(request.user.id))
|
|
||||||
try:
|
try:
|
||||||
user = User.objects.get(pk=userid)
|
user = User.objects.get(pk=userid)
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
messages.error(request, "Utilisateur inexistant")
|
messages.error(request, "Utilisateur inexistant")
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
|
if not request.user.has_perms(('cableur',)) and user != request.user:
|
||||||
|
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
if not request.user.has_perms(('cableur',)):
|
if not request.user.has_perms(('cableur',)):
|
||||||
user = BaseInfoForm(request.POST or None, instance=user)
|
user = BaseInfoForm(request.POST or None, instance=user)
|
||||||
else:
|
else:
|
||||||
|
@ -93,15 +93,15 @@ def state(request, userid):
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def password(request, userid):
|
def password(request, userid):
|
||||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
|
||||||
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
|
||||||
return redirect("/users/profil/" + str(request.user.id))
|
|
||||||
try:
|
try:
|
||||||
user = User.objects.get(pk=userid)
|
user = User.objects.get(pk=userid)
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
messages.error(request, "Utilisateur inexistant")
|
messages.error(request, "Utilisateur inexistant")
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
if not request.user.has_perms(('bureau',)) and str(userid)!=str(request.user.id) and Right.objects.filter(user=user):
|
if not request.user.has_perms(('cableur',)) and user != request.user:
|
||||||
|
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
|
if not request.user.has_perms(('bureau',)) and user != request.user and Right.objects.filter(user=user):
|
||||||
messages.error(request, "Il faut les droits bureau pour modifier le mot de passe d'un membre actif")
|
messages.error(request, "Il faut les droits bureau pour modifier le mot de passe d'un membre actif")
|
||||||
return redirect("/users/profil/" + str(request.user.id))
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
u_form = PassForm(request.POST or None)
|
u_form = PassForm(request.POST or None)
|
||||||
|
@ -296,14 +296,14 @@ def mon_profil(request):
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def profil(request, userid):
|
def profil(request, userid):
|
||||||
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
|
||||||
messages.error(request, "Vous ne pouvez pas afficher un autre user que vous sans droit cableur")
|
|
||||||
return redirect("/users/profil/" + str(request.user.id))
|
|
||||||
try:
|
try:
|
||||||
users = User.objects.get(pk=userid)
|
users = User.objects.get(pk=userid)
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
messages.error(request, "Utilisateur inexistant")
|
messages.error(request, "Utilisateur inexistant")
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
|
if not request.user.has_perms(('cableur',)) and users != request.user:
|
||||||
|
messages.error(request, "Vous ne pouvez pas afficher un autre user que vous sans droit cableur")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
machines = Interface.objects.filter(
|
machines = Interface.objects.filter(
|
||||||
machine=Machine.objects.filter(user__pseudo=users)
|
machine=Machine.objects.filter(user__pseudo=users)
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue