mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2025-01-13 19:54:30 +00:00
Verouille toutes les vues avec des acl, un user sans droit peut uniquement se modifier lui et ses machines
This commit is contained in:
parent
2076051635
commit
6e587c7d94
2 changed files with 22 additions and 1 deletions
|
@ -55,6 +55,9 @@ def new_machine(request, userid):
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
messages.error(request, u"Utilisateur inexistant" )
|
messages.error(request, u"Utilisateur inexistant" )
|
||||||
return redirect("/machines/")
|
return redirect("/machines/")
|
||||||
|
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||||
|
messages.error(request, "Vous ne pouvez pas ajouter une machine à un autre user que vous sans droit")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
machine = NewMachineForm(request.POST or None)
|
machine = NewMachineForm(request.POST or None)
|
||||||
interface = AddInterfaceForm(request.POST or None)
|
interface = AddInterfaceForm(request.POST or None)
|
||||||
if machine.is_valid() and interface.is_valid():
|
if machine.is_valid() and interface.is_valid():
|
||||||
|
@ -79,6 +82,9 @@ def edit_machine(request, interfaceid):
|
||||||
except Interface.DoesNotExist:
|
except Interface.DoesNotExist:
|
||||||
messages.error(request, u"Interface inexistante" )
|
messages.error(request, u"Interface inexistante" )
|
||||||
return redirect("/machines")
|
return redirect("/machines")
|
||||||
|
if not request.user.has_perms(('cableur',)) and str(interface.machine.user.id)!=str(request.user.id):
|
||||||
|
messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
machine_form = EditMachineForm(request.POST or None, instance=interface.machine)
|
machine_form = EditMachineForm(request.POST or None, instance=interface.machine)
|
||||||
interface_form = EditInterfaceForm(request.POST or None, instance=interface)
|
interface_form = EditInterfaceForm(request.POST or None, instance=interface)
|
||||||
if machine_form.is_valid() and interface_form.is_valid():
|
if machine_form.is_valid() and interface_form.is_valid():
|
||||||
|
@ -95,6 +101,9 @@ def new_interface(request, machineid):
|
||||||
except Machine.DoesNotExist:
|
except Machine.DoesNotExist:
|
||||||
messages.error(request, u"Machine inexistante" )
|
messages.error(request, u"Machine inexistante" )
|
||||||
return redirect("/machines")
|
return redirect("/machines")
|
||||||
|
if not request.user.has_perms(('cableur',)) and str(machine.user.id)!=str(request.user.id):
|
||||||
|
messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
interface_form = AddInterfaceForm(request.POST or None)
|
interface_form = AddInterfaceForm(request.POST or None)
|
||||||
machine_form = EditMachineForm(request.POST or None, instance=machine)
|
machine_form = EditMachineForm(request.POST or None, instance=machine)
|
||||||
if interface_form.is_valid() and machine_form.is_valid():
|
if interface_form.is_valid() and machine_form.is_valid():
|
||||||
|
|
|
@ -104,6 +104,9 @@ def new_user(request):
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def edit_info(request, userid):
|
def edit_info(request, userid):
|
||||||
|
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||||
|
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
try:
|
try:
|
||||||
user = User.objects.get(pk=userid)
|
user = User.objects.get(pk=userid)
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
|
@ -137,13 +140,18 @@ def state(request, userid):
|
||||||
return form({'userform': state}, 'users/user.html', request)
|
return form({'userform': state}, 'users/user.html', request)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('bureau')
|
|
||||||
def password(request, userid):
|
def password(request, userid):
|
||||||
|
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||||
|
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
try:
|
try:
|
||||||
user = User.objects.get(pk=userid)
|
user = User.objects.get(pk=userid)
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
messages.error(request, "Utilisateur inexistant")
|
messages.error(request, "Utilisateur inexistant")
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
|
if not request.user.has_perms(('bureau',)) and str(userid)!=str(request.user.id) and Right.objects.filter(user=user):
|
||||||
|
messages.error(request, "Il faut les droits bureau pour modifier le mot de passe d'un membre actif")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
u_form = PassForm(request.POST or None)
|
u_form = PassForm(request.POST or None)
|
||||||
if u_form.is_valid():
|
if u_form.is_valid():
|
||||||
if u_form.cleaned_data['passwd1'] != u_form.cleaned_data['passwd2']:
|
if u_form.cleaned_data['passwd1'] != u_form.cleaned_data['passwd2']:
|
||||||
|
@ -303,6 +311,7 @@ def del_school(request):
|
||||||
return form({'userform': school}, 'users/user.html', request)
|
return form({'userform': school}, 'users/user.html', request)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@permission_required('cableur')
|
||||||
def index(request):
|
def index(request):
|
||||||
users_list = User.objects.order_by('pk')
|
users_list = User.objects.order_by('pk')
|
||||||
connexion = []
|
connexion = []
|
||||||
|
@ -340,6 +349,9 @@ def index_school(request):
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def profil(request, userid):
|
def profil(request, userid):
|
||||||
|
if not request.user.has_perms(('cableur',)) and str(userid)!=str(request.user.id):
|
||||||
|
messages.error(request, "Vous ne pouvez pas afficher un autre user que vous sans droit cableur")
|
||||||
|
return redirect("/users/profil/" + str(request.user.id))
|
||||||
try:
|
try:
|
||||||
users = User.objects.get(pk=userid)
|
users = User.objects.get(pk=userid)
|
||||||
except User.DoesNotExist:
|
except User.DoesNotExist:
|
||||||
|
|
Loading…
Reference in a new issue