rezometz/re2o
8
0
Fork 0
mirror of https://gitlab.federez.net/re2o/re2o synced 2024-05-20 17:42:26 +00:00
Code Issues Releases Wiki Activity

ACL

Browse source
This commit is contained in:
Hugo LEVY-FALK 2018-05-03 14:22:52 +02:00
parent 9d79ffb5ca
commit a5013920da
3 changed files with 17 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
users/forms.py
View file

@ -447,7 +447,7 @@ class StateForm(FormRevMixin, ModelForm):
super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
class GroupForm(FormRevMixin, ModelForm):
class GroupForm(FieldPermissionFormMixin, FormRevMixin, ModelForm):
""" Gestion des groupes d'un user"""
groups = forms.ModelMultipleChoiceField(
Group.objects.all(),
@ -462,7 +462,8 @@ class GroupForm(FormRevMixin, ModelForm):
def __init__(self, *args, **kwargs):
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
self.fields['is_superuser'].label = "Superuser"
if 'is_superuser' in self.fields:
self.fields['is_superuser'].label = "Superuser"
class SchoolForm(FormRevMixin, ModelForm):

12
users/models.py
View file

@ -812,6 +812,18 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
"Droit requis pour éditer les groupes de l'user"
)
@staticmethod
def can_change_is_superuser(user_request, *_args, **_kwargs):
""" Check if an user can change a is_superuser flag
:param user_request: The user who request
:returns: a message and a boolean which is True if permission is granted.
"""
return (
user_request.is_superuser,
"Droit superuser requis pour éditer le flag superuser"
)
def can_view(self, user_request, *_args, **_kwargs):
"""Check if an user can view an user object.

4
users/views.py
View file

@ -246,7 +246,7 @@ def state(request, user, userid):
@can_edit(User, 'groups')
def groups(request, user, userid):
""" View to edit the groups of a user """
group_form = GroupForm(request.POST or None, instance=user)
group_form = GroupForm(request.POST or None, instance=user, user=request.user)
if group_form.is_valid():
if group_form.changed_data:
group_form.save()
@ -295,7 +295,7 @@ def del_group(request, user, listrightid, **_kwargs):
@login_required
@can_edit(User, 'groups')
@can_edit(User, 'is_superuser')
def del_superuser(request, user, **_kwargs):
"""Remove the superuser right of an user."""
user.is_superuser = False