8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2025-01-26 01:54:21 +00:00

Doc des can_xxx, et simplification à 4 fonctions d'acl communes

This commit is contained in:
Hugo LEVY-FALK 2017-12-27 00:27:38 +01:00
parent 18530d1a71
commit 7cd3d1acf5

View file

@ -763,9 +763,20 @@ class User(AbstractBaseUser):
return composed_pseudo(num) return composed_pseudo(num)
def get_instance(userid, *args, **kwargs): def get_instance(userid, *args, **kwargs):
"""Get the User instance with userid.
:param userid: The id
:return: The user
"""
return User.objects.get(pk=userid) return User.objects.get(pk=userid)
def can_create(user_request, *args, **kwargs): def can_create(user_request, *args, **kwargs):
"""Check if an user can create an user object.
:param user_request: The user who wants to create a user object.
:return: a message and a boolean which is True if the user can create
an user or if the `options.all_can_create` is set.
"""
options, _created = OptionalUser.objects.get_or_create() options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create: if options.all_can_create:
return True, None return True, None
@ -773,10 +784,15 @@ class User(AbstractBaseUser):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer un utilisateur" droit de créer un utilisateur"
def can_edit_all(user_request, *args, **kwargs):
return True, None
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
"""Check if an user can edit an user object.
:param self: The user which is to be edited.
:param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if self is a club and
user_request one of its member, or if user_request is self, or if
user_request has the 'cableur' right.
"""
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\ if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.club.administrators.all(): user_request.adherent in self.club.administrators.all():
@ -789,16 +805,37 @@ class User(AbstractBaseUser):
else: else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même" return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def can_delete_all(user_request, *args, **kwargs):
return True, None
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
"""Check if an user can delete an user object.
:param self: The user who is to be deleted.
:param user_request: The user who requests deletion.
:return: True if user_request has the right 'bureau', and a message.
"""
if user_request.has_perms(('bureau',)):
return True, None return True, None
else:
return False, u"Vous ne pouvez pas supprimer cet utilisateur."
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
"""Check if an user can access to the list of every user objects
:param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message.
"""
if user_request.has_perms(('cableur',)):
return True, None return True, None
else:
return False, u"Vous n'avez pas accès à la liste des utilisateurs."
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
"""Check if an user can view an user object.
:param self: The targeted user.
:param user_request: The user who ask for viewing the target.
:return: A boolean telling if the acces is granted and an explanation
text
"""
if self.is_class_club and user_request.is_class_adherent: if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\ if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.club.administrators.all() or\ user_request.adherent in self.club.administrators.all() or\
@ -825,43 +862,15 @@ class Adherent(User):
blank=True, blank=True,
null=True null=True
) )
pass
def get_instance(adherentid, *args, **kwargs): def get_instance(adherentid, *args, **kwargs):
"""Try to find an instance of `Adherent` with the given id.
:param adherentid: The id of the adherent we are looking for.
:return: An adherent.
"""
return Adherent.objects.get(pk=adherentid) return Adherent.objects.get(pk=adherentid)
def can_create(user_request, *args, **kwargs):
options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create:
return True, None
else:
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer un adherent"
def can_edit_all(user_request, *args, **kwargs):
return True, None
def can_edit(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)):
return True, None
else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def can_delete_all(user_request, *args, **kwargs):
return True, None
def can_delete(self, user_request, *args, **kwargs):
return True, None
def can_view_all(user_request, *args, **kwargs):
return True, None
def can_view(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)):
return True, None
else:
return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
class Club(User): class Club(User):
PRETTY_NAME = "Clubs" PRETTY_NAME = "Clubs"
@ -882,46 +891,14 @@ class Club(User):
related_name='club_members' related_name='club_members'
) )
pass
def get_instance(clubid, *args, **kwargs): def get_instance(clubid, *args, **kwargs):
"""Try to find an instance of `Club` with the given id.
:param clubid: The id of the adherent we are looking for.
:return: A club.
"""
return Club.objects.get(pk=clubid) return Club.objects.get(pk=clubid)
def can_create(user_request, *args, **kwargs):
options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create:
return True, None
else:
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer un club"
def can_edit_all(user_request, *args, **kwargs):
return True, None
def can_edit(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.administrators.all():
return True, None
else:
return False, u"Vous n'avez pas le droit d'éditer ce club"
def can_delete_all(user_request, *args, **kwargs):
return True, None
def can_delete(self, user_request, *args, **kwargs):
return True, None
def can_view_all(user_request, *args, **kwargs):
return True, None
def can_view(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.administrators.all() or\
user_request.adherent in self.members.all():
return True, None
else:
return False, u"Vous n'avez pas le droit de voir ce club"
@receiver(post_save, sender=Adherent) @receiver(post_save, sender=Adherent)
@receiver(post_save, sender=Club) @receiver(post_save, sender=Club)
@ -1012,6 +989,12 @@ class ServiceUser(AbstractBaseUser):
return ServiceUser.objects.get(pk=userid) return ServiceUser.objects.get(pk=userid)
def can_create(user_request, *args, **kwargs): def can_create(user_request, *args, **kwargs):
"""Check if an user can create a ServiceUser object.
:param user_request: The user who wants to create a user object.
:return: a message and a boolean which is True if the user can create
or if the `options.all_can_create` is set.
"""
options, _created = OptionalUser.objects.get_or_create() options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create: if options.all_can_create:
return True, None return True, None
@ -1019,27 +1002,43 @@ class ServiceUser(AbstractBaseUser):
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\ return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\
créer un service user" créer un service user"
def can_edit_all(user_request, *args, **kwargs):
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\
les services users"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
"""Check if an user can edit a ServiceUser object.
:param self: The ServiceUser which is to be edited.
:param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted.
"""
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\ return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\
les services users" les services users"
def can_delete_all(user_request, *args, **kwargs):
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\
supprimer un service user"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
"""Check if an user can delete a ServiceUser object.
:param self: The ServiceUser who is to be deleted.
:param user_request: The user who requests deletion.
:return: True if user_request has the right 'infra', and a message.
"""
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\ return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\
supprimer un service user" supprimer un service user"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
"""Check if an user can access to the list of every ServiceUser objects
:param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\
voir un service user" voir un service user"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
"""Check if an user can view a ServiceUser object.
:param self: The targeted ServiceUser.
:param user_request: The user who ask for viewing the target.
:return: A boolean telling if the acces is granted and an explanation
text
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\
voir un service user" voir un service user"
@ -1076,28 +1075,53 @@ class Right(models.Model):
return Right.objects.get(pk=rightid) return Right.objects.get(pk=rightid)
def can_create(user_request, *args, **kwargs): def can_create(user_request, *args, **kwargs):
"""Check if an user can create a Right object.
:param user_request: The user who wants to create a user object.
:return: a message and a boolean which is True if the user can create.
"""
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit de\ return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit de\
créer des droits" créer des droits"
def can_edit_all(user_request, *args, **kwargs):
return True, None
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
return True, None """Check if an user can edit a Right object.
def can_delete_all(user_request, *args, **kwargs): :param self: The Right which is to be edited.
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit de\ :param user_request: The user who requests to edit self.
supprimer des droits" :return: a message and a boolean which is True if edition is granted.
"""
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
d'éditer des droits."
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
"""Check if an user can delete a Right object.
:param self: The Right which is to be deleted.
:param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message.
"""
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit de\ return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit de\
supprimer des droits" supprimer des droits"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
return True, None """Check if an user can access to the list of every Right objects
:param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message.
"""
return user_request.has_perms(('cableur',)), u"Vous ne pouvez pas voir\
la liste des droits."
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
return True, None """Check if an user can view a Right object.
:param self: The targeted Right.
:param user_request: The user who ask for viewing the target.
:return: A boolean telling if the acces is granted and an explanation
text
"""
return user_request.has_perms(('cableur',)), u"Vous ne pouvez pas voir\
ce droit."
def __str__(self): def __str__(self):
return str(self.user) return str(self.user)
@ -1127,30 +1151,51 @@ class School(models.Model):
return School.objects.get(pk=schoolid) return School.objects.get(pk=schoolid)
def can_create(user_request, *args, **kwargs): def can_create(user_request, *args, **kwargs):
"""Check if an user can create a School object.
:param user_request: The user who wants to create a user object.
:return: a message and a boolean which is True if the user can create.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer des écoles" droit de créer des écoles"
def can_edit_all(user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit d'éditer des écoles"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
"""Check if an user can edit a School object.
:param self: The School which is to be edited.
:param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit d'éditer des écoles" droit d'éditer des écoles"
def can_delete_all(user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de supprimer des écoles"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
"""Check if an user can delete a School object.
:param self: The School which is to be deleted.
:param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de supprimer des écoles" droit de supprimer des écoles"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
"""Check if an user can access to the list of every School objects
:param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de voir les écoles" droit de voir les écoles"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
"""Check if an user can view a School object.
:param self: The targeted School.
:param user_request: The user who ask for viewing the target.
:return: A boolean telling if the acces is granted and an explanation
text
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de voir les écoles" droit de voir les écoles"
@ -1186,30 +1231,51 @@ class ListRight(models.Model):
return ListRight.objects.get(pk=listrightid) return ListRight.objects.get(pk=listrightid)
def can_create(user_request, *args, **kwargs): def can_create(user_request, *args, **kwargs):
"""Check if an user can create a ListRight object.
:param user_request: The user who wants to create a ListRight object.
:return: a message and a boolean which is True if the user can create.
"""
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\ return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
de créer des groupes de droits" de créer des groupes de droits"
def can_edit_all(user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
d'éditer des groupes de droits"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
"""Check if an user can edit a ListRight object.
:param self: The object which is to be edited.
:param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted.
"""
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\ return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
d'éditer des groupes de droits" d'éditer des groupes de droits"
def can_delete_all(user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
de supprimer des groupes de droits"
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
"""Check if an user can delete a ListRight object.
:param self: The object which is to be deleted.
:param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message.
"""
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\ return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
de supprimer des groupes de droits" de supprimer des groupes de droits"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
"""Check if an user can access to the list of every ListRight objects
:param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
de voir les groupes de droits" de voir les groupes de droits"
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
"""Check if an user can view a ListRight object.
:param self: The targeted object.
:param user_request: The user who ask for viewing the target.
:return: A boolean telling if the acces is granted and an explanation
text
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
de voir les groupes de droits" de voir les groupes de droits"
@ -1309,27 +1375,50 @@ class Ban(models.Model):
return Ban.objects.get(pk=banid) return Ban.objects.get(pk=banid)
def can_create(user_request, *args, **kwargs): def can_create(user_request, *args, **kwargs):
"""Check if an user can create a Ban object.
:param user_request: The user who wants to create a Ban object.
:return: a message and a boolean which is True if the user can create.
"""
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit de\ return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit de\
créer des bannissements" créer des bannissements"
def can_edit_all(user_request, *args, **kwargs):
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
d'éditer des bannissements"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
"""Check if an user can edit a Ban object.
:param self: The object which is to be edited.
:param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted.
"""
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\ return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
d'éditer des bannissements" d'éditer des bannissements"
def can_delete_all(self, user_request, *args, **kwargs):
return True, None
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
return True, None """Check if an user can delete a Ban object.
:param self: The object which is to be deleted.
:param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message.
"""
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
de supprimer des bannissements"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
"""Check if an user can access to the list of every Ban objects
:param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message.
"""
return True, None return True, None
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
"""Check if an user can view a Ban object.
:param self: The targeted object.
:param user_request: The user who ask for viewing the target.
:return: A boolean telling if the acces is granted and an explanation
text
"""
if not user_request.has_perms(('cableur',)) and\ if not user_request.has_perms(('cableur',)) and\
self.user != user_request: self.user != user_request:
return False, u"Vous n'avez pas le droit de voir les bannissements\ return False, u"Vous n'avez pas le droit de voir les bannissements\
@ -1386,27 +1475,50 @@ class Whitelist(models.Model):
return Whitelist.objects.get(pk=whitelistid) return Whitelist.objects.get(pk=whitelistid)
def can_create(user_request, *args, **kwargs): def can_create(user_request, *args, **kwargs):
"""Check if an user can create a Whitelist object.
:param user_request: The user who wants to create a Whitelist object.
:return: a message and a boolean which is True if the user can create.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer des accès gracieux" droit de créer des accès gracieux"
def can_edit_all(user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit d'éditer des accès gracieux"
def can_edit(self, user_request, *args, **kwargs): def can_edit(self, user_request, *args, **kwargs):
"""Check if an user can edit a Whitelist object.
:param self: The object which is to be edited.
:param user_request: The user who requests to edit self.
:return: a message and a boolean which is True if edition is granted.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\ return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit d'éditer des accès gracieux" droit d'éditer des accès gracieux"
def can_delete_all(user_request, *args, **kwargs):
return True, None
def can_delete(self, user_request, *args, **kwargs): def can_delete(self, user_request, *args, **kwargs):
return True, None """Check if an user can delete a Whitelist object.
:param self: The object which is to be deleted.
:param user_request: The user who requests deletion.
:return: True if deletion is granted, and a message.
"""
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de supprimer des accès gracieux"
def can_view_all(user_request, *args, **kwargs): def can_view_all(user_request, *args, **kwargs):
"""Check if an user can access to the list of every Whitelist objects
:param user_request: The user who wants to view the list.
:return: True if the user can view the list and an explanation message.
"""
return True, None return True, None
def can_view(self, user_request, *args, **kwargs): def can_view(self, user_request, *args, **kwargs):
"""Check if an user can view a Whitelist object.
:param self: The targeted object.
:param user_request: The user who ask for viewing the target.
:return: A boolean telling if the acces is granted and an explanation
text
"""
if not user_request.has_perms(('cableur',)) and\ if not user_request.has_perms(('cableur',)) and\
self.user != user_request: self.user != user_request:
return False, u"Vous n'avez pas le droit de voir les accès\ return False, u"Vous n'avez pas le droit de voir les accès\