Fix #54

2024-06-18 08:38:09 +00:00 · 2019-09-09 12:16:37 +02:00 · 2019-09-09 12:16:37 +02:00 · a9ebe331dd
parent 3f9d613c3d
commit a9ebe331dd
2 changed files with 23 additions and 7 deletions
--- a/re2o/acl.py
+++ b/re2o/acl.py
@ -41,6 +41,8 @@ from re2o.utils import get_group_having_permission

 def acl_error_message(msg, permissions):
    """Create an error message for msg and permissions."""
+    if permissions is None:
+        return msg
    groups = ", ".join([
        g.name for g in get_group_having_permission(*permissions)
    ])
@ -76,9 +78,11 @@ def acl_base_decorator(method_name, *targets, on_instance=True):
            permission was granted. This is to allow you to run ACL tests on
            fields only. If the method exists, it has to return a 2-tuple
            `(can, reason, permissions)` with `can` being a boolean stating
-            whether the access is granted, `reason` a message to be
+            whether the access is granted, `reason` an arror message to be
            displayed if `can` equals `False` (can be `None`) and `permissions`
-            a list of permissions needed for access (can be `None`).
+            a list of permissions needed for access (can be `None`). If can is
+            True and permission is not `None`, a warning message will be
+            displayed.
        *targets: The targets. Targets are specified like a sequence of models
            and fields names. As an example
            ```
@ -172,10 +176,17 @@ ModelC)
                    yield can_change_fct(request.user, *args, **kwargs)

            error_messages = []
+            warning_messages = []
            for target, fields in group_targets():
                for can, msg, permissions in process_target(target, fields):
                    if not can:
                        error_messages.append(acl_error_message(msg, permissions))
+                    elif msg:
+                        warning_messages.append(acl_error_message(msg, permissions))
+
+            if warning_messages:
+                for msg in warning_messages:
+                    messages.warning(request, msg)

            if error_messages:
                for msg in error_messages:
--- a/users/models.py
+++ b/users/models.py
@ -859,18 +859,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
            user_request one of its member, or if user_request is self, or if
            user_request has the 'cableur' right.
        """
+        if self.state in (self.STATE_ARCHIVE, self.STATE_FULL_ARCHIVE):
+            warning_message = _("This user is archived.")
+        else:
+            warning_message = None
+
        if self.is_class_club and user_request.is_class_adherent:
            if (self == user_request or
                    user_request.has_perm('users.change_user') or
                    user_request.adherent in self.club.administrators.all()):
-                return True, None, None
+                return True, warning_message, None
            else:
                return False, _("You don't have the right to edit this club."), ('users.change_user',)
        else:
            if self == user_request:
-                return True, None, None
+                return True, warning_message, None
            elif user_request.has_perm('users.change_all_users'):
-                return True, None, None
+                return True, warning_message, None
            elif user_request.has_perm('users.change_user'):
                if self.groups.filter(listright__critical=True):
                    return (
@ -886,9 +891,9 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
                        ('users.change_all_users', )
                    )
                else:
-                    return True, None, None
+                    return True, warning_message, None
            elif user_request.has_perm('users.change_all_users'):
-                return True, None, None
+                return True, warning_message, None
            else:
                return (
                    False,