From 50ea71d8e9460ac5f77fe4fbddd6df5222a88639 Mon Sep 17 00:00:00 2001 From: LEVY-FALK Hugo Date: Thu, 30 Nov 2017 00:28:33 +0100 Subject: [PATCH] =?UTF-8?q?Premier=20jet=20de=20d=C3=A9corateur=20can=5Fed?= =?UTF-8?q?it?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- re2o/utils.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/re2o/utils.py b/re2o/utils.py index 71f87462..c7d61ef6 100644 --- a/re2o/utils.py +++ b/re2o/utils.py @@ -41,6 +41,7 @@ from django.utils import timezone from django.db.models import Q from django.contrib import messages from django.shortcuts import redirect +from django.urls import reverse from cotisations.models import Cotisation, Facture, Paiement, Vente from machines.models import Domain, Interface, Machine @@ -67,6 +68,34 @@ def can_create(model): return decorator +def can_edit(model, *instance_id): + """Decorator to check if an user can edit a model. + It assumes that a valid user exists in the request and that the model has a + method can_create(user) which returns true if the user can create this kind + of models. + """ + def decorator(view): + def wrapper(request, *args, **kwargs): + instances = {} + for i in instance_id: + try: + instances[i] = model.objects.get(pk=i) + except model.DoesNotExist: + messages.error(request, u"Entrée inexistante") + return redirect(reverse('users:index')) + kwargs['instances'] = instances + can = all(model.can_edit(request, instances[i]) for i in instances) + if not can: + messages.error(request, "Vous ne pouvez pas accéder à ce menu") + return redirect(reverse('users:profil', + kwargs={'userid':str(request.user.id)} + )) + return view(request, *args, **kwargs) + return wrapper + return decorator + + + def all_adherent(search_time=DT_NOW): """ Fonction renvoyant tous les users adherents. Optimisee pour n'est qu'une seule requete sql