8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-24 16:03:47 +00:00
This commit is contained in:
Hugo Levy-Falk 2019-09-09 12:16:37 +02:00 committed by chirac
parent 3f9d613c3d
commit a9ebe331dd
2 changed files with 23 additions and 7 deletions

View file

@ -41,6 +41,8 @@ from re2o.utils import get_group_having_permission
def acl_error_message(msg, permissions):
"""Create an error message for msg and permissions."""
if permissions is None:
return msg
groups = ", ".join([
g.name for g in get_group_having_permission(*permissions)
])
@ -76,9 +78,11 @@ def acl_base_decorator(method_name, *targets, on_instance=True):
permission was granted. This is to allow you to run ACL tests on
fields only. If the method exists, it has to return a 2-tuple
`(can, reason, permissions)` with `can` being a boolean stating
whether the access is granted, `reason` a message to be
whether the access is granted, `reason` an arror message to be
displayed if `can` equals `False` (can be `None`) and `permissions`
a list of permissions needed for access (can be `None`).
a list of permissions needed for access (can be `None`). If can is
True and permission is not `None`, a warning message will be
displayed.
*targets: The targets. Targets are specified like a sequence of models
and fields names. As an example
```
@ -172,10 +176,17 @@ ModelC)
yield can_change_fct(request.user, *args, **kwargs)
error_messages = []
warning_messages = []
for target, fields in group_targets():
for can, msg, permissions in process_target(target, fields):
if not can:
error_messages.append(acl_error_message(msg, permissions))
elif msg:
warning_messages.append(acl_error_message(msg, permissions))
if warning_messages:
for msg in warning_messages:
messages.warning(request, msg)
if error_messages:
for msg in error_messages:

View file

@ -859,18 +859,23 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
user_request one of its member, or if user_request is self, or if
user_request has the 'cableur' right.
"""
if self.state in (self.STATE_ARCHIVE, self.STATE_FULL_ARCHIVE):
warning_message = _("This user is archived.")
else:
warning_message = None
if self.is_class_club and user_request.is_class_adherent:
if (self == user_request or
user_request.has_perm('users.change_user') or
user_request.adherent in self.club.administrators.all()):
return True, None, None
return True, warning_message, None
else:
return False, _("You don't have the right to edit this club."), ('users.change_user',)
else:
if self == user_request:
return True, None, None
return True, warning_message, None
elif user_request.has_perm('users.change_all_users'):
return True, None, None
return True, warning_message, None
elif user_request.has_perm('users.change_user'):
if self.groups.filter(listright__critical=True):
return (
@ -886,9 +891,9 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
('users.change_all_users', )
)
else:
return True, None, None
return True, warning_message, None
elif user_request.has_perm('users.change_all_users'):
return True, None, None
return True, warning_message, None
else:
return (
False,