mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-12-23 23:43:47 +00:00
Fix #54
This commit is contained in:
parent
3f9d613c3d
commit
a9ebe331dd
2 changed files with 23 additions and 7 deletions
15
re2o/acl.py
15
re2o/acl.py
|
@ -41,6 +41,8 @@ from re2o.utils import get_group_having_permission
|
|||
|
||||
def acl_error_message(msg, permissions):
|
||||
"""Create an error message for msg and permissions."""
|
||||
if permissions is None:
|
||||
return msg
|
||||
groups = ", ".join([
|
||||
g.name for g in get_group_having_permission(*permissions)
|
||||
])
|
||||
|
@ -76,9 +78,11 @@ def acl_base_decorator(method_name, *targets, on_instance=True):
|
|||
permission was granted. This is to allow you to run ACL tests on
|
||||
fields only. If the method exists, it has to return a 2-tuple
|
||||
`(can, reason, permissions)` with `can` being a boolean stating
|
||||
whether the access is granted, `reason` a message to be
|
||||
whether the access is granted, `reason` an arror message to be
|
||||
displayed if `can` equals `False` (can be `None`) and `permissions`
|
||||
a list of permissions needed for access (can be `None`).
|
||||
a list of permissions needed for access (can be `None`). If can is
|
||||
True and permission is not `None`, a warning message will be
|
||||
displayed.
|
||||
*targets: The targets. Targets are specified like a sequence of models
|
||||
and fields names. As an example
|
||||
```
|
||||
|
@ -172,10 +176,17 @@ ModelC)
|
|||
yield can_change_fct(request.user, *args, **kwargs)
|
||||
|
||||
error_messages = []
|
||||
warning_messages = []
|
||||
for target, fields in group_targets():
|
||||
for can, msg, permissions in process_target(target, fields):
|
||||
if not can:
|
||||
error_messages.append(acl_error_message(msg, permissions))
|
||||
elif msg:
|
||||
warning_messages.append(acl_error_message(msg, permissions))
|
||||
|
||||
if warning_messages:
|
||||
for msg in warning_messages:
|
||||
messages.warning(request, msg)
|
||||
|
||||
if error_messages:
|
||||
for msg in error_messages:
|
||||
|
|
|
@ -859,18 +859,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
|
|||
user_request one of its member, or if user_request is self, or if
|
||||
user_request has the 'cableur' right.
|
||||
"""
|
||||
if self.state in (self.STATE_ARCHIVE, self.STATE_FULL_ARCHIVE):
|
||||
warning_message = _("This user is archived.")
|
||||
else:
|
||||
warning_message = None
|
||||
|
||||
if self.is_class_club and user_request.is_class_adherent:
|
||||
if (self == user_request or
|
||||
user_request.has_perm('users.change_user') or
|
||||
user_request.adherent in self.club.administrators.all()):
|
||||
return True, None, None
|
||||
return True, warning_message, None
|
||||
else:
|
||||
return False, _("You don't have the right to edit this club."), ('users.change_user',)
|
||||
else:
|
||||
if self == user_request:
|
||||
return True, None, None
|
||||
return True, warning_message, None
|
||||
elif user_request.has_perm('users.change_all_users'):
|
||||
return True, None, None
|
||||
return True, warning_message, None
|
||||
elif user_request.has_perm('users.change_user'):
|
||||
if self.groups.filter(listright__critical=True):
|
||||
return (
|
||||
|
@ -886,9 +891,9 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
|
|||
('users.change_all_users', )
|
||||
)
|
||||
else:
|
||||
return True, None, None
|
||||
return True, warning_message, None
|
||||
elif user_request.has_perm('users.change_all_users'):
|
||||
return True, None, None
|
||||
return True, warning_message, None
|
||||
else:
|
||||
return (
|
||||
False,
|
||||
|
|
Loading…
Reference in a new issue