8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2025-01-13 03:34:29 +00:00

Commentaire sur les groupes / droits

This commit is contained in:
Gabriel Detraz 2016-11-21 01:49:45 +01:00
parent 2f485072f9
commit 4cb715ca31
5 changed files with 94 additions and 2 deletions

View file

@ -0,0 +1,29 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('users', '0039_auto_20161119_0033'),
]
operations = [
migrations.AlterField(
model_name='ldapserviceuser',
name='dn',
field=models.CharField(max_length=200),
),
migrations.AlterField(
model_name='ldapuser',
name='dn',
field=models.CharField(max_length=200),
),
migrations.AlterField(
model_name='ldapusergroup',
name='dn',
field=models.CharField(max_length=200),
),
]

View file

@ -0,0 +1,19 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('users', '0040_auto_20161119_1709'),
]
operations = [
migrations.AddField(
model_name='listright',
name='details',
field=models.CharField(help_text='Description', max_length=255, blank=True),
),
]

View file

@ -360,6 +360,7 @@ class ListRight(models.Model):
listright = models.CharField(max_length=255, unique=True) listright = models.CharField(max_length=255, unique=True)
gid = models.IntegerField(unique=True, null=True) gid = models.IntegerField(unique=True, null=True)
details = models.CharField(help_text="Description", max_length=255, blank=True)
def __str__(self): def __str__(self):
return self.listright return self.listright
@ -609,7 +610,7 @@ class SchoolForm(ModelForm):
class ListRightForm(ModelForm): class ListRightForm(ModelForm):
class Meta: class Meta:
model = ListRight model = ListRight
fields = ['listright'] fields = ['listright', 'details']
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super(ListRightForm, self).__init__(*args, **kwargs) super(ListRightForm, self).__init__(*args, **kwargs)

View file

@ -3,7 +3,8 @@
<tr> <tr>
<th>Droit</th> <th>Droit</th>
<th>Gid</th> <th>Gid</th>
<th></th> <th>Details</th>
<th></th>
<th></th> <th></th>
</tr> </tr>
</thead> </thead>
@ -11,6 +12,7 @@
<tr> <tr>
<td>{{ listright.listright }}</td> <td>{{ listright.listright }}</td>
<td>{{ listright.gid }}</td> <td>{{ listright.gid }}</td>
<td>{{ listright.details }}</td>
<td class="text-right"> <td class="text-right">
{% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %} {% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
{% include 'buttons/history.html' with href='users:history' name='listright' id=listright.id %} {% include 'buttons/history.html' with href='users:history' name='listright' id=listright.id %}

View file

@ -63,6 +63,7 @@ def password_change_action(u_form, user, request, req=False):
return redirect("/users/profil/" + str(user.id)) return redirect("/users/profil/" + str(user.id))
def reset_passwd_mail(req, request): def reset_passwd_mail(req, request):
""" Prend en argument un request, envoie un mail de réinitialisation de mot de pass """
t = loader.get_template('users/email_passwd_request') t = loader.get_template('users/email_passwd_request')
c = Context({ c = Context({
'name': str(req.user.name) + ' ' + str(req.user.surname), 'name': str(req.user.name) + ' ' + str(req.user.surname),
@ -78,6 +79,7 @@ def reset_passwd_mail(req, request):
return return
def notif_ban(ban): def notif_ban(ban):
""" Prend en argument un objet ban, envoie un mail de notification """
t = loader.get_template('users/email_ban_notif') t = loader.get_template('users/email_ban_notif')
c = Context({ c = Context({
'name': str(ban.user.name) + ' ' + str(ban.user.surname), 'name': str(ban.user.name) + ' ' + str(ban.user.surname),
@ -91,6 +93,7 @@ def notif_ban(ban):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def new_user(request): def new_user(request):
""" Vue de création d'un nouvel utilisateur, envoie un mail pour le mot de passe"""
user = InfoForm(request.POST or None) user = InfoForm(request.POST or None)
if user.is_valid(): if user.is_valid():
user = user.save(commit=False) user = user.save(commit=False)
@ -109,6 +112,8 @@ def new_user(request):
@login_required @login_required
def edit_info(request, userid): def edit_info(request, userid):
""" Edite un utilisateur à partir de son id,
si l'id est différent de request.user, vérifie la possession du droit cableur """
try: try:
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
except User.DoesNotExist: except User.DoesNotExist:
@ -133,6 +138,7 @@ def edit_info(request, userid):
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def state(request, userid): def state(request, userid):
""" Changer l'etat actif/desactivé/archivé d'un user, need droit bureau """
try: try:
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
except User.DoesNotExist: except User.DoesNotExist:
@ -155,6 +161,9 @@ def state(request, userid):
@login_required @login_required
def password(request, userid): def password(request, userid):
""" Reinitialisation d'un mot de passe à partir de l'userid,
pour self par défaut, pour tous sans droit si droit cableur,
pour tous si droit bureau """
try: try:
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
except User.DoesNotExist: except User.DoesNotExist:
@ -174,6 +183,7 @@ def password(request, userid):
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def add_right(request, userid): def add_right(request, userid):
""" Ajout d'un droit à un user, need droit bureau """
try: try:
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
except User.DoesNotExist: except User.DoesNotExist:
@ -197,6 +207,7 @@ def add_right(request, userid):
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def del_right(request): def del_right(request):
""" Supprimer un droit à un user, need droit bureau """
user_right_list = DelRightForm(request.POST or None) user_right_list = DelRightForm(request.POST or None)
if user_right_list.is_valid(): if user_right_list.is_valid():
right_del = user_right_list.cleaned_data['rights'] right_del = user_right_list.cleaned_data['rights']
@ -211,6 +222,8 @@ def del_right(request):
@login_required @login_required
@permission_required('bofh') @permission_required('bofh')
def add_ban(request, userid): def add_ban(request, userid):
""" Ajouter un banissement, nécessite au moins le droit bofh (a fortiori bureau)
Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement"""
try: try:
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
except User.DoesNotExist: except User.DoesNotExist:
@ -236,6 +249,8 @@ def add_ban(request, userid):
@login_required @login_required
@permission_required('bofh') @permission_required('bofh')
def edit_ban(request, banid): def edit_ban(request, banid):
""" Editer un bannissement, nécessite au moins le droit bofh (a fortiori bureau)
Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement"""
try: try:
ban_instance = Ban.objects.get(pk=banid) ban_instance = Ban.objects.get(pk=banid)
except Ban.DoesNotExist: except Ban.DoesNotExist:
@ -254,6 +269,8 @@ def edit_ban(request, banid):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def add_whitelist(request, userid): def add_whitelist(request, userid):
""" Accorder un accès gracieux, temporaire ou permanent. Need droit cableur
Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement, raison obligatoire"""
try: try:
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
except User.DoesNotExist: except User.DoesNotExist:
@ -278,6 +295,8 @@ def add_whitelist(request, userid):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def edit_whitelist(request, whitelistid): def edit_whitelist(request, whitelistid):
""" Editer un accès gracieux, temporaire ou permanent. Need droit cableur
Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement, raison obligatoire"""
try: try:
whitelist_instance = Whitelist.objects.get(pk=whitelistid) whitelist_instance = Whitelist.objects.get(pk=whitelistid)
except Whitelist.DoesNotExist: except Whitelist.DoesNotExist:
@ -296,6 +315,7 @@ def edit_whitelist(request, whitelistid):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def add_school(request): def add_school(request):
""" Ajouter un établissement d'enseignement à la base de donnée, need cableur"""
school = SchoolForm(request.POST or None) school = SchoolForm(request.POST or None)
if school.is_valid(): if school.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -309,6 +329,7 @@ def add_school(request):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def edit_school(request, schoolid): def edit_school(request, schoolid):
""" Editer un établissement d'enseignement à partir du schoolid dans la base de donnée, need cableur"""
try: try:
school_instance = School.objects.get(pk=schoolid) school_instance = School.objects.get(pk=schoolid)
except School.DoesNotExist: except School.DoesNotExist:
@ -327,6 +348,8 @@ def edit_school(request, schoolid):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def del_school(request): def del_school(request):
""" Supprimer un établissement d'enseignement à la base de donnée, need cableur
Objet protégé, possible seulement si aucun user n'est affecté à l'établissement """
school = DelSchoolForm(request.POST or None) school = DelSchoolForm(request.POST or None)
if school.is_valid(): if school.is_valid():
school_dels = school.cleaned_data['schools'] school_dels = school.cleaned_data['schools']
@ -347,6 +370,8 @@ def del_school(request):
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def add_listright(request): def add_listright(request):
""" Ajouter un droit/groupe, nécessite droit bureau.
Obligation de fournir un gid pour la synchro ldap, unique """
listright = NewListRightForm(request.POST or None) listright = NewListRightForm(request.POST or None)
if listright.is_valid(): if listright.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -360,6 +385,7 @@ def add_listright(request):
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def edit_listright(request, listrightid): def edit_listright(request, listrightid):
""" Editer un groupe/droit, necessite droit bureau, à partir du listright id """
try: try:
listright_instance = ListRight.objects.get(pk=listrightid) listright_instance = ListRight.objects.get(pk=listrightid)
except ListRight.DoesNotExist: except ListRight.DoesNotExist:
@ -378,6 +404,7 @@ def edit_listright(request, listrightid):
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def del_listright(request): def del_listright(request):
""" Supprimer un ou plusieurs groupe, possible si il est vide, need droit bureau """
listright = DelListRightForm(request.POST or None) listright = DelListRightForm(request.POST or None)
if listright.is_valid(): if listright.is_valid():
listright_dels = listright.cleaned_data['listrights'] listright_dels = listright.cleaned_data['listrights']
@ -398,6 +425,7 @@ def del_listright(request):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def index(request): def index(request):
""" Affiche l'ensemble des users, need droit cableur """
users_list = User.objects.order_by('pk') users_list = User.objects.order_by('pk')
paginator = Paginator(users_list, PAGINATION_NUMBER) paginator = Paginator(users_list, PAGINATION_NUMBER)
page = request.GET.get('page') page = request.GET.get('page')
@ -414,6 +442,7 @@ def index(request):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def index_ban(request): def index_ban(request):
""" Affiche l'ensemble des ban, need droit cableur """
ban_list = Ban.objects.order_by('date_start').reverse() ban_list = Ban.objects.order_by('date_start').reverse()
paginator = Paginator(ban_list, PAGINATION_NUMBER) paginator = Paginator(ban_list, PAGINATION_NUMBER)
page = request.GET.get('page') page = request.GET.get('page')
@ -430,6 +459,7 @@ def index_ban(request):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def index_white(request): def index_white(request):
""" Affiche l'ensemble des whitelist, need droit cableur """
white_list = Whitelist.objects.order_by('date_start') white_list = Whitelist.objects.order_by('date_start')
return render( return render(
request, request,
@ -440,17 +470,25 @@ def index_white(request):
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def index_school(request): def index_school(request):
""" Affiche l'ensemble des établissement, need droit cableur """
school_list = School.objects.order_by('name') school_list = School.objects.order_by('name')
return render(request, 'users/index_schools.html', {'school_list':school_list}) return render(request, 'users/index_schools.html', {'school_list':school_list})
@login_required @login_required
@permission_required('cableur') @permission_required('cableur')
def index_listright(request): def index_listright(request):
""" Affiche l'ensemble des droits , need droit cableur """
listright_list = ListRight.objects.order_by('listright') listright_list = ListRight.objects.order_by('listright')
return render(request, 'users/index_listright.html', {'listright_list':listright_list}) return render(request, 'users/index_listright.html', {'listright_list':listright_list})
@login_required @login_required
def history(request, object, id): def history(request, object, id):
""" Affichage de l'historique : (acl, argument)
user : self or cableur, userid,
ban : self or cableur, banid,
whitelist : self or cableur, whitelistid,
school : cableur, schoolid,
listright : cableur, listrightid """
if object == 'user': if object == 'user':
try: try:
object_instance = User.objects.get(pk=id) object_instance = User.objects.get(pk=id)
@ -509,10 +547,12 @@ def history(request, object, id):
@login_required @login_required
def mon_profil(request): def mon_profil(request):
""" Lien vers profil, renvoie request.id à la fonction """
return redirect("/users/profil/" + str(request.user.id)) return redirect("/users/profil/" + str(request.user.id))
@login_required @login_required
def profil(request, userid): def profil(request, userid):
""" Affiche un profil, self or cableur, prend un userid en argument """
try: try:
users = User.objects.get(pk=userid) users = User.objects.get(pk=userid)
except User.DoesNotExist: except User.DoesNotExist:
@ -540,6 +580,7 @@ def profil(request, userid):
) )
def reset_password(request): def reset_password(request):
""" Reintialisation du mot de passe si mdp oublié """
userform = ResetPasswordForm(request.POST or None) userform = ResetPasswordForm(request.POST or None)
if userform.is_valid(): if userform.is_valid():
try: try: