diff --git a/re2o/utils.py b/re2o/utils.py index 1271fea4..0e680895 100644 --- a/re2o/utils.py +++ b/re2o/utils.py @@ -69,7 +69,7 @@ def can_create(model): return decorator -def can_edit(model): +def can_edit(model, *field_list): """Decorator to check if an user can edit a model. It tries to get an instance of the model, using `model.get_instance(*args, **kwargs)` and assumes that the model has a @@ -91,12 +91,20 @@ def can_edit(model): return redirect(reverse('users:profil', kwargs={'userid':str(request.user.id)} )) + for field in field_list: + can_create = getattr(model, 'can_change_' + field) + can, msg = can_create(instance, request.user, *args, **kwargs) + if not can: + messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") + return redirect(reverse('users:profil', + kwargs={'userid':str(request.user.id)} + )) return view(request, instance, *args, **kwargs) return wrapper return decorator -def can_change(model, field_list): +def can_change(model, *field_list): """Decorator to check if an user can edit a field of a model. It assumes that a valid user exists in the request and that the model has a method can_create(user) which returns true if the user can create this kind @@ -106,7 +114,7 @@ def can_change(model, field_list): def wrapper(request, *args, **kwargs): for field in field_list: can_create = getattr(model, 'can_change_' + field) - can, msg = can_create(request.user, *args, **kwargs) + can, msg = can_create(None, request.user, *args, **kwargs) if not can: messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") return redirect(reverse('users:profil', @@ -209,6 +217,35 @@ def can_view_all(model): return decorator +APP_VIEWING_RIGHT = { + 'cotisations' : 'cableur', + 'logs' : 'cableur', + 'machines' : 'cableur', + 'preferences' : 'cableur', + 'search' : 'cableur', + 'topologie' : 'cableur', + 'users' : 'cableur', +} + +def can_view_app(app_name): + """Decorator to check if an user can view an application. + """ + assert app_name in APP_VIEWING_RIGHT.keys() + def decorator(view): + def wrapper(request, *args, **kwargs): + if request.user.has_perms((APP_VIEWING_RIGHT[app_name],)): + return view(request, *args, **kwargs) + messages.error( + request, + msg or "Vous ne pouvez pas accéder à l'application " + app_name + ) + return redirect(reverse('users:profil', + kwargs={'userid':str(request.user.id)} + )) + return wrapper + return decorator + + def all_adherent(search_time=DT_NOW): """ Fonction renvoyant tous les users adherents. Optimisee pour n'est qu'une seule requete sql