From a9ebe331dde703f9bec84f97ef2ebfc8f301f79b Mon Sep 17 00:00:00 2001 From: Hugo Levy-Falk Date: Mon, 9 Sep 2019 12:16:37 +0200 Subject: [PATCH] Fix #54 --- re2o/acl.py | 15 +++++++++++++-- users/models.py | 15 ++++++++++----- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/re2o/acl.py b/re2o/acl.py index e445a28c..75857dbf 100644 --- a/re2o/acl.py +++ b/re2o/acl.py @@ -41,6 +41,8 @@ from re2o.utils import get_group_having_permission def acl_error_message(msg, permissions): """Create an error message for msg and permissions.""" + if permissions is None: + return msg groups = ", ".join([ g.name for g in get_group_having_permission(*permissions) ]) @@ -76,9 +78,11 @@ def acl_base_decorator(method_name, *targets, on_instance=True): permission was granted. This is to allow you to run ACL tests on fields only. If the method exists, it has to return a 2-tuple `(can, reason, permissions)` with `can` being a boolean stating - whether the access is granted, `reason` a message to be + whether the access is granted, `reason` an arror message to be displayed if `can` equals `False` (can be `None`) and `permissions` - a list of permissions needed for access (can be `None`). + a list of permissions needed for access (can be `None`). If can is + True and permission is not `None`, a warning message will be + displayed. *targets: The targets. Targets are specified like a sequence of models and fields names. As an example ``` @@ -172,10 +176,17 @@ ModelC) yield can_change_fct(request.user, *args, **kwargs) error_messages = [] + warning_messages = [] for target, fields in group_targets(): for can, msg, permissions in process_target(target, fields): if not can: error_messages.append(acl_error_message(msg, permissions)) + elif msg: + warning_messages.append(acl_error_message(msg, permissions)) + + if warning_messages: + for msg in warning_messages: + messages.warning(request, msg) if error_messages: for msg in error_messages: diff --git a/users/models.py b/users/models.py index 6c19d873..faacc57f 100755 --- a/users/models.py +++ b/users/models.py @@ -859,18 +859,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, user_request one of its member, or if user_request is self, or if user_request has the 'cableur' right. """ + if self.state in (self.STATE_ARCHIVE, self.STATE_FULL_ARCHIVE): + warning_message = _("This user is archived.") + else: + warning_message = None + if self.is_class_club and user_request.is_class_adherent: if (self == user_request or user_request.has_perm('users.change_user') or user_request.adherent in self.club.administrators.all()): - return True, None, None + return True, warning_message, None else: return False, _("You don't have the right to edit this club."), ('users.change_user',) else: if self == user_request: - return True, None, None + return True, warning_message, None elif user_request.has_perm('users.change_all_users'): - return True, None, None + return True, warning_message, None elif user_request.has_perm('users.change_user'): if self.groups.filter(listright__critical=True): return ( @@ -886,9 +891,9 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, ('users.change_all_users', ) ) else: - return True, None, None + return True, warning_message, None elif user_request.has_perm('users.change_all_users'): - return True, None, None + return True, warning_message, None else: return ( False,