8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-27 07:02:26 +00:00

Utilisation nouveau système d'acl sur password et control

This commit is contained in:
Gabriel Detraz 2017-12-28 14:04:14 +01:00 committed by root
parent 7245354959
commit 36abfc470a
5 changed files with 37 additions and 19 deletions

View file

@ -149,11 +149,11 @@ class Facture(FieldPermissionModelMixin, models.Model):
else:
return True, None
def can_change_control(user, *args, **kwargs):
def can_change_control(self, user, *args, **kwargs):
return user.has_perms(('tresorier',)), "Vous ne pouvez pas éditer le controle sans droit trésorier"
def can_change_pdf(user_request, *args, **kwargs):
return user_request.has_perms(('tresorier',)), "Vous ne pouvez pas éditer une facture sans droit trésorier"
def can_change_pdf(self, user, *args, **kwargs):
return user.has_perms(('tresorier',)), "Vous ne pouvez pas éditer une facture sans droit trésorier"
field_permissions = {
'control': can_change_control,

View file

@ -168,7 +168,7 @@ def new_facture(request, user, userid):
@login_required
@can_change(Facture, ['pdf'])
@can_change(Facture, 'pdf')
def new_facture_pdf(request):
"""Permet de générer un pdf d'une facture. Réservée
au trésorier, permet d'emettre des factures sans objet
@ -488,7 +488,7 @@ def del_banque(request, instances):
@login_required
@can_view_all(Facture)
@can_change(Facture, ['control'])
@can_change(Facture, 'control')
def control(request):
"""Pour le trésorier, vue pour controler en masse les
factures.Case à cocher, pratique"""

View file

@ -48,7 +48,7 @@ class FieldPermissionModelMixin:
# Try to find a user setting that qualifies them for permission.
for perm in checks:
if callable(perm):
result, plop = perm(user=user)
result, reason = perm(self, user=user)
if result is not None:
return result
else:

View file

@ -805,6 +805,24 @@ class User(AbstractBaseUser):
else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def can_change_password(self, user_request, *args, **kwargs):
if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.club.administrators.all():
return True, None
else:
return False, u"Vous n'avez pas le droit d'éditer ce club"
else:
if self == user_request or user_request.has_perms(('bureau',)):
return True, None
elif user_request.has_perms(('cableur',)) and not Right.objects.filter(user=self):
return True, None
else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def can_change_state(self, user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), "Droit bureau requis pour changer l'état"
def can_delete(self, user_request, *args, **kwargs):
"""Check if an user can delete an user object.

View file

@ -93,7 +93,15 @@ from preferences.models import OptionalUser, GeneralOption
from re2o.views import form
from re2o.utils import (
all_has_access, SortTable, can_create, can_edit, can_delete_set, can_delete, can_view, can_view_all
all_has_access,
SortTable,
can_create,
can_edit,
can_delete_set,
can_delete,
can_view,
can_view_all,
can_change
)
def password_change_action(u_form, user, request, req=False):
@ -217,8 +225,7 @@ def edit_info(request, user, userid):
@login_required
@permission_required('bureau')
@can_edit(User)
@can_edit(User, 'state')
def state(request, user, userid):
""" Changer l'etat actif/desactivé/archivé d'un user,
need droit bureau """
@ -245,19 +252,11 @@ def state(request, user, userid):
@login_required
@can_edit(User)
@can_edit(User, 'password')
def password(request, user, userid):
""" Reinitialisation d'un mot de passe à partir de l'userid,
pour self par défaut, pour tous sans droit si droit cableur,
pour tous si droit bureau """
if not request.user.has_perms(('bureau',)) and user != request.user\
and Right.objects.filter(user=user):
messages.error(request, "Il faut les droits bureau pour modifier le\
mot de passe d'un membre actif")
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
u_form = PassForm(request.POST or None)
if u_form.is_valid():
return password_change_action(u_form, user, request)
@ -585,7 +584,8 @@ def del_listright(request, instances):
@login_required
@permission_required('bureau')
@can_view_all(User)
@can_change(User, 'state')
def mass_archive(request):
""" Permet l'archivage massif"""
to_archive_date = MassArchiveForm(request.POST or None)