diff --git a/cotisations/models.py b/cotisations/models.py index 32326983..006e8d69 100644 --- a/cotisations/models.py +++ b/cotisations/models.py @@ -246,9 +246,10 @@ class Facture(BaseInvoice): def can_change_control(user_request, *_args, **_kwargs): """ Returns True if the user can change the 'controlled' status of this invoice """ + can = user_request.has_perm('cotisations.change_facture_control') return ( - user_request.has_perm('cotisations.change_facture_control'), - _("You don't have the right to edit the \"controlled\" state."), + can, + _("You don't have the right to edit the \"controlled\" state.") if not can else None, ('cotisations.change_facture_control',) ) @@ -746,11 +747,12 @@ class Article(RevMixin, AclMixin, models.Model): A boolean stating if usage is granted and an explanation message if the boolean is `False`. """ + can = self.available_for_everyone \ + or user.has_perm('cotisations.buy_every_article') \ + or user.has_perm('cotisations.add_facture') return ( - self.available_for_everyone - or user.has_perm('cotisations.buy_every_article') - or user.has_perm('cotisations.add_facture'), - _("You can't buy this article."), + can, + _("You can't buy this article.") if not can else None, ('cotisations.buy_every_article', 'cotisations.add_facture') ) @@ -902,11 +904,12 @@ class Paiement(RevMixin, AclMixin, models.Model): A boolean stating if usage is granted and an explanation message if the boolean is `False`. """ + can = self.available_for_everyone \ + or user.has_perm('cotisations.use_every_payment') \ + or user.has_perm('cotisations.add_facture') return ( - self.available_for_everyone - or user.has_perm('cotisations.use_every_payment') - or user.has_perm('cotisations.add_facture'), - _("You can't use this payment method."), + can, + _("You can't use this payment method.") if not can else None, ('cotisations.use_every_payment', 'cotisations.add_facture') ) diff --git a/machines/models.py b/machines/models.py index 11a4498b..68c7c58b 100644 --- a/machines/models.py +++ b/machines/models.py @@ -105,9 +105,10 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model): A tuple with a boolean stating if edition is allowed and an explanation message. """ + can = user_request.has_perm('machines.change_machine_user') return ( - user_request.has_perm('machines.change_machine_user'), - _("You don't have the right to change the machine's user."), + can, + _("You don't have the right to change the machine's user.") if not can else None, ('machines.change_machine_user',) ) @@ -803,9 +804,10 @@ class Extension(RevMixin, AclMixin, models.Model): restrictions :param user_request: instance user qui fait l'edition :return: True ou False avec la raison de l'échec le cas échéant""" + can = user_request.has_perm('machines.use_all_extension') return ( - user_request.has_perm('machines.use_all_extension'), - _("You cannot use all extensions."), + can, + _("You cannot use all extensions.") if not can else None, ('machines.use_all_extension',) ) @@ -1294,9 +1296,10 @@ class Interface(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model): def can_change_machine(user_request, *_args, **_kwargs): """Check if a user can change the machine associated with an Interface object """ + can = user_request.has_perm('machines.change_interface_machine') return ( - user_request.has_perm('machines.change_interface_machine'), - _("Permission required to edit the machine."), + can, + _("Permission required to edit the machine.") if not can else None, ('machines.change_interface_machine',) ) @@ -1421,10 +1424,11 @@ class Ipv6List(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model): @staticmethod def can_change_slaac_ip(user_request, *_args, **_kwargs): """ Check if a user can change the slaac value """ + can = user_request.has_perm('machines.change_ipv6list_slaac_ip') return ( - user_request.has_perm('machines.change_ipv6list_slaac_ip'), + can, _("Permission required to change the SLAAC value of an IPv6" - " address"), + " address") if not can else None, ('machines.change_ipv6list_slaac_ip',) ) diff --git a/re2o/mixins.py b/re2o/mixins.py index 9d7f7b2f..dfa6e987 100644 --- a/re2o/mixins.py +++ b/re2o/mixins.py @@ -105,10 +105,11 @@ class AclMixin(object): :param user_request: instance utilisateur qui fait la requête :return: soit True, soit False avec la raison de l'échec""" permission = cls.get_modulename() + '.add_' + cls.get_classname() + can = user_request.has_perm(permission) return ( - user_request.has_perm(permission), + can, _("You don't have the right to create a %s object.") - % cls.get_classname(), + % cls.get_classname() if not can else None, (permission,) ) @@ -119,10 +120,11 @@ class AclMixin(object): :param user_request: Utilisateur qui fait la requête :return: soit True, soit False avec la raison de l'échec""" permission = self.get_modulename() + '.change_' + self.get_classname() + can = user_request.has_perm(permission) return ( - user_request.has_perm(permission), + can, _("You don't have the right to edit a %s object.") - % self.get_classname(), + % self.get_classname() if not can else None, (permission,) ) @@ -133,10 +135,11 @@ class AclMixin(object): :param user_request: Utilisateur qui fait la requête :return: soit True, soit False avec la raison de l'échec""" permission = self.get_modulename() + '.delete_' + self.get_classname() + can = user_request.has_perm(permission) return ( - user_request.has_perm(permission), + can, _("You don't have the right to delete a %s object.") - % self.get_classname(), + % self.get_classname() if not can else None, (permission,) ) @@ -147,10 +150,11 @@ class AclMixin(object): :param user_request: instance user qui fait l'edition :return: True ou False avec la raison de l'échec le cas échéant""" permission = cls.get_modulename() + '.view_' + cls.get_classname() + can = user_request.has_perm(permission) return ( - user_request.has_perm(permission), + can, _("You don't have the right to view every %s object.") - % cls.get_classname(), + % cls.get_classname() if not can else None, (permission,) ) @@ -161,10 +165,11 @@ class AclMixin(object): :param user_request: instance user qui fait l'edition :return: True ou False avec la raison de l'échec le cas échéant""" permission = self.get_modulename() + '.view_' + self.get_classname() + can = user_request.has_perm(permission) return ( - user_request.has_perm(permission), + can, _("You don't have the right to view a %s object.") - % self.get_classname(), + % self.get_classname() if not can else None, (permission,) ) diff --git a/tickets/models.py b/tickets/models.py index a3fe5e7a..e9acaf9b 100644 --- a/tickets/models.py +++ b/tickets/models.py @@ -86,9 +86,10 @@ class Ticket(AclMixin, models.Model): @staticmethod def can_view_all(user_request, *_args, **_kwargs): """ Check that the user has access to the list of all tickets""" + can = user_request.has_perm('tickets.view_tickets') return( - user_request.has_perm('tickets.view_tickets'), - _("You don't have the right to view the list of tickets."), + can, + _("You don't have the right to view the list of tickets.") if not can else None, ('tickets.view_tickets',) ) diff --git a/users/models.py b/users/models.py index faacc57f..66d53a96 100755 --- a/users/models.py +++ b/users/models.py @@ -968,9 +968,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a state """ + can = user_request.has_perm('users.change_user_state') return ( - user_request.has_perm('users.change_user_state'), - _("Permission required to change the state."), + can, + _("Permission required to change the state.") if not can else None, ('users.change_user_state',) ) @@ -999,9 +1000,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a redirection """ + can = OptionalUser.get_cached_value('local_email_accounts_enabled') return ( - OptionalUser.get_cached_value('local_email_accounts_enabled'), - _("Local email accounts must be enabled."), + can, + _("Local email accounts must be enabled.") if not can else None, None ) @@ -1013,9 +1015,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change internal address """ + can = OptionalUser.get_cached_value('local_email_accounts_enabled') return ( - OptionalUser.get_cached_value('local_email_accounts_enabled'), - _("Local email accounts must be enabled."), + can, + _("Local email accounts must be enabled.") if not can else None, None ) @@ -1027,9 +1030,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a force """ + can = user_request.has_perm('users.change_user_force') return ( - user_request.has_perm('users.change_user_force'), - _("Permission required to force the move."), + can, + _("Permission required to force the move.") if not can else None, ('users.change_user_force',) ) @@ -1041,9 +1045,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :returns: a message and a boolean which is True if the user has the right to change a group """ + can = user_request.has_perm('users.change_user_grou') return ( - user_request.has_perm('users.change_user_groups'), - _("Permission required to edit the user's groups of rights."), + can, + _("Permission required to edit the user's groups of rights.") if not can else None, ('users.change_user_groups') ) @@ -1054,9 +1059,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :param user_request: The user who request :returns: a message and a boolean which is True if permission is granted. """ + can = user_request.is_superuser return ( - user_request.is_superuser, - _("'superuser' right required to edit the superuser flag."), + can, + _("'superuser' right required to edit the superuser flag.") if not can else None, [] ) @@ -1099,9 +1105,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :return: True if the user can view the list and an explanation message. """ + can = user_request.has_perm('use.view_user') return ( - user_request.has_perm('users.view_user'), - _("You don't have the right to view the list of users."), + can, + _("You don't have the right to view the list of users.") if not can else None, ('users.view_user',) ) @@ -1113,9 +1120,10 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, :return: True if user_request has the right 'bureau', and a message. """ + can = user_request.has_perm('users.delete_user') return ( - user_request.has_perm('users.delete_user'), - _("You don't have the right to delete this user."), + can, + _("You don't have the right to delete this user.") if not can else None, ('users.delete_user',) ) @@ -1209,9 +1217,10 @@ class Adherent(User): OptionalUser.get_cached_value('self_adhesion')): return True, None, None else: + can = user_request.has_perm('users.add_user') return ( - user_request.has_perm('users.add_user'), - _("You don't have the right to create a user."), + can, + _("You don't have the right to create a user.") if not can else None, ('users.add_user',) ) @@ -1265,9 +1274,10 @@ class Club(User): if OptionalUser.get_cached_value('all_can_create_club'): return True, None, None else: + can = user_request.has_perm('users.add_user') return ( - user_request.has_perm('users.add_user'), - _("You don't have the right to create a club."), + can, + _("You don't have the right to create a club.") if not can else None, ('users.add_user',) )