From b75a65d9ff709b858fc62dd44e62aaa652529632 Mon Sep 17 00:00:00 2001
From: Gabriel Detraz <detraz@crans.org>
Date: Thu, 28 Dec 2017 17:47:02 +0100
Subject: [PATCH] Reecrit django-field form, et l'utilise pour le champ force
 sur user

---
 re2o/field_permissions.py | 12 +++--------
 users/forms.py            | 43 ++++++---------------------------------
 users/models.py           | 15 ++++++++++++--
 users/views.py            | 27 +++++++++++-------------
 4 files changed, 34 insertions(+), 63 deletions(-)

diff --git a/re2o/field_permissions.py b/re2o/field_permissions.py
index 62a2b50d..5614582c 100644
--- a/re2o/field_permissions.py
+++ b/re2o/field_permissions.py
@@ -9,9 +9,6 @@ class FieldPermissionModelMixin:
     FIELD_PERMISSION_GETTER = 'can_change_{name}'
     FIELD_PERMISSION_MISSING_DEFAULT = True
 
-    class Meta:
-        abstract = True
-
     def has_perm(self, user, perm):
         return user.has_perm(perm)  # Never give 'obj' argument here
 
@@ -66,17 +63,14 @@ class FieldPermissionModel(FieldPermissionModelMixin, models.Model):
 
 class FieldPermissionFormMixin:
     """
-    ModelForm logic for removing fields when a user is found not to have change permissions.
+    Construit le formulaire et retire les champs interdits 
     """
     def __init__(self, *args, **kwargs):
         user = kwargs.pop('user')
 
         super(FieldPermissionFormMixin, self).__init__(*args, **kwargs)
-
-        model = self.Meta.model
-        model_field_names = [f.name for f in model._meta.get_fields()]  # this might be too broad
-        for name in model_field_names:
-            if name in self.fields and not self.instance.has_field_perm(user, field=name):
+        for name in self.fields:
+            if not self.instance.has_field_perm(user, field=name):
                 self.remove_unauthorized_field(name)
 
     def remove_unauthorized_field(self, name):
diff --git a/users/forms.py b/users/forms.py
index 92f63068..82d36d90 100644
--- a/users/forms.py
+++ b/users/forms.py
@@ -44,6 +44,8 @@ from .models import User, ServiceUser, Right, School, ListRight, Whitelist
 from .models import Ban, Adherent, Club
 from re2o.utils import remove_user_room
 
+from re2o.field_permissions import FieldPermissionFormMixin
+
 NOW = timezone.now()
 
 
@@ -253,7 +255,7 @@ class MassArchiveForm(forms.Form):
                 utilisateurs dont la fin d'accès se situe dans le futur !")
 
 
-class AdherentForm(ModelForm):
+class AdherentForm(FieldPermissionFormMixin, ModelForm):
     """Formulaire de base d'edition d'un user. Formulaire de base, utilisé
     pour l'edition de self par self ou un cableur. On formate les champs
     avec des label plus jolis"""
@@ -278,6 +280,7 @@ class AdherentForm(ModelForm):
             'school',
             'comment',
             'room',
+            'shell',
             'telephone',
         ]
 
@@ -306,7 +309,7 @@ class AdherentForm(ModelForm):
         return
 
 
-class ClubForm(ModelForm):
+class ClubForm(FieldPermissionFormMixin, ModelForm):
     """Formulaire de base d'edition d'un user. Formulaire de base, utilisé
     pour l'edition de self par self ou un cableur. On formate les champs
     avec des label plus jolis"""
@@ -330,6 +333,7 @@ class ClubForm(ModelForm):
             'comment',
             'room',
             'telephone',
+            'shell',
         ]
 
     def clean_telephone(self):
@@ -344,41 +348,6 @@ class ClubForm(ModelForm):
         return telephone
 
 
-class FullAdherentForm(AdherentForm):
-    """Edition complète d'un user. Utilisé par admin,
-    permet d'editer normalement la chambre, ou le shell
-    Herite de la base"""
-    class Meta(AdherentForm.Meta):
-        fields = [
-            'name',
-            'surname',
-            'pseudo',
-            'email',
-            'school',
-            'comment',
-            'room',
-            'shell',
-            'telephone',
-        ]
-
-
-class FullClubForm(ClubForm):
-    """Edition complète d'un user. Utilisé par admin,
-    permet d'editer normalement la chambre, ou le shell
-    Herite de la base"""
-    class Meta(ClubForm.Meta):
-        fields = [
-            'surname',
-            'pseudo',
-            'email',
-            'school',
-            'comment',
-            'room',
-            'shell',
-            'telephone',
-        ]
-
-
 class ClubAdminandMembersForm(ModelForm):
     """Permet d'éditer la liste des membres et des administrateurs
     d'un club"""
diff --git a/users/models.py b/users/models.py
index dd3c73cf..62c954b8 100644
--- a/users/models.py
+++ b/users/models.py
@@ -73,6 +73,7 @@ import ldapdb.models.fields
 
 from re2o.settings import RIGHTS_LINK, LDAP, GID_RANGES, UID_RANGES
 from re2o.login import hashNT
+from re2o.field_permissions import FieldPermissionModelMixin
 
 from cotisations.models import Cotisation, Facture, Paiement, Vente
 from machines.models import Domain, Interface, Machine, regen
@@ -180,8 +181,7 @@ class UserManager(BaseUserManager):
         """
         return self._create_user(pseudo, surname, email, password, True)
 
-
-class User(AbstractBaseUser):
+class User(FieldPermissionModelMixin, AbstractBaseUser):
     """ Definition de l'utilisateur de base.
     Champs principaux : name, surnname, pseudo, email, room, password
     Herite du django BaseUser et du système d'auth django"""
@@ -823,6 +823,12 @@ class User(AbstractBaseUser):
     def can_change_state(self, user_request, *args, **kwargs):
         return user_request.has_perms(('bureau',)), "Droit bureau requis pour changer l'état"
 
+    def can_change_shell(self, user_request, *args, **kwargs):
+        return user_request.has_perms(('cableur',)), "Droit requis pour forcer le déménagement"
+
+    def can_change_force(self, user_request, *args, **kwargs):
+        return user_request.has_perms(('cableur',)), "Droit requis pour forcer le déménagement"
+
     def can_delete(self, user_request, *args, **kwargs):
         """Check if an user can delete an user object.
 
@@ -867,6 +873,11 @@ class User(AbstractBaseUser):
             else:
                 return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
 
+        field_permissions = {
+            'shell' : can_change_shell,
+            'force' : can_change_force,
+        }
+
     def __str__(self):
         return self.pseudo
 
diff --git a/users/views.py b/users/views.py
index 4b89b9a3..27f0f873 100644
--- a/users/views.py
+++ b/users/views.py
@@ -72,9 +72,7 @@ from users.forms import (
     DelSchoolForm,
     DelListRightForm,
     NewListRightForm,
-    FullAdherentForm,
     StateForm,
-    FullClubForm,
     RightForm,
     SchoolForm,
     EditServiceUserForm,
@@ -184,25 +182,24 @@ def edit_club_admin_members(request, club_instance, clubid):
     return form({'userform': club}, 'users/user.html', request)
 
 
-def select_user_edit_form(request, user):
-    """Fonction de choix du bon formulaire, en fonction de:
-        - droit
-        - type d'object
-    """
-    if user.is_class_adherent:
-        user = AdherentForm(request.POST or None, instance=user.adherent)
-    elif user.is_class_club:
-        user = ClubForm(request.POST or None, instance=user.club)
-    return user
-
-
 @login_required
 @can_edit(User)
 def edit_info(request, user, userid):
     """ Edite un utilisateur à partir de son id,
     si l'id est différent de request.user, vérifie la
     possession du droit cableur """
-    user = select_user_edit_form(request, user)
+    if user.is_class_adherent:
+        user = AdherentForm(
+            request.POST or None,
+            instance=user.adherent,
+            user=request.user
+        )
+    elif user.is_class_club:
+        user = ClubForm(
+            request.POST or None,
+            instance=user.club,
+            user=request.user
+        )
     if user.is_valid():
         with transaction.atomic(), reversion.create_revision():
             user.save()