From d65645431d6705c3284ca791910bf6a2bae05da2 Mon Sep 17 00:00:00 2001
From: LEVY-FALK Hugo <hugo.levy--falk@supelec.fr>
Date: Thu, 28 Dec 2017 19:31:12 +0100
Subject: [PATCH] can_edit_history

---
 re2o/utils.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/re2o/utils.py b/re2o/utils.py
index 0e680895..1ccc8962 100644
--- a/re2o/utils.py
+++ b/re2o/utils.py
@@ -105,10 +105,8 @@ def can_edit(model, *field_list):
 
 
 def can_change(model, *field_list):
-    """Decorator to check if an user can edit a field of a model.
-    It assumes that a valid user exists in the request and that the model has a
-    method can_create(user) which returns true if the user can create this kind
-    of models.
+    """Decorator to check if an user can edit a field of a model class.
+    Difference with can_edit : take a class and not an instance
     """
     def decorator(view):
         def wrapper(request, *args, **kwargs):
@@ -246,6 +244,21 @@ def can_view_app(app_name):
     return decorator
 
 
+def can_edit_history(view):
+    """Decorator to check if an user can edit history."""
+    def wrapper(request, *args, **kwargs):
+        if request.user.has_perms(('admin',)):
+            return view(request, *args, **kwargs)
+        messages.error(
+           request,
+           "Vous ne pouvez pas éditer l'historique."
+        )
+        return redirect(reverse('users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+    return wrapper
+
+
 def all_adherent(search_time=DT_NOW):
     """ Fonction renvoyant tous les users adherents. Optimisee pour n'est
     qu'une seule requete sql