mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2025-01-26 18:14:20 +00:00
Pas de requête directement dans @can_edit. On récupère l'instance dans model.get_instance et on la transmet à model.can_edit et à la vue.
This commit is contained in:
parent
d9c172ea13
commit
db6c11075f
3 changed files with 28 additions and 27 deletions
|
@ -68,28 +68,26 @@ def can_create(model):
|
|||
return decorator
|
||||
|
||||
|
||||
def can_edit(model, *instance_id):
|
||||
def can_edit(model):
|
||||
"""Decorator to check if an user can edit a model.
|
||||
It assumes that a valid user exists in the request and that the model has a
|
||||
method can_create(user) which returns true if the user can create this kind
|
||||
It tries to get an instance of the model, using
|
||||
`model.get_instance(*args, **kwargs)` and assumes that the model has a method
|
||||
`can_create(user)` which returns `true` if the user can create this kind
|
||||
of models.
|
||||
"""
|
||||
def decorator(view):
|
||||
def wrapper(request, *args, **kwargs):
|
||||
instances = {}
|
||||
for i in instance_id:
|
||||
try:
|
||||
instances[i] = model.objects.get(pk=kwargs[i])
|
||||
except model.DoesNotExist:
|
||||
messages.error(request, u"Entrée inexistante")
|
||||
return redirect(reverse('users:index'))
|
||||
kwargs['instances'] = instances
|
||||
can = all(model.can_edit(instances[i], request.user) for i in instances)
|
||||
if not can:
|
||||
try:
|
||||
instance = model.get_instance(*args, **kwargs)
|
||||
except model.DoesNotExist:
|
||||
messages.error(request, u"Entrée inexistante")
|
||||
return redirect(reverse('users:index'))
|
||||
if not model.can_edit(instance, request.user):
|
||||
messages.error(request, "Vous ne pouvez pas accéder à ce menu")
|
||||
return redirect(reverse('users:profil',
|
||||
kwargs={'userid':str(request.user.id)}
|
||||
))
|
||||
kwargs['instance'] = instance
|
||||
return view(request, *args, **kwargs)
|
||||
return wrapper
|
||||
return decorator
|
||||
|
|
|
@ -784,6 +784,9 @@ class User(AbstractBaseUser):
|
|||
else:
|
||||
return self == user or user.has_perms(('cableur',))
|
||||
|
||||
def get_instance(userid):
|
||||
return User.objects.get(pk=userid)
|
||||
|
||||
def __str__(self):
|
||||
return self.pseudo
|
||||
|
||||
|
|
|
@ -203,23 +203,23 @@ def select_user_edit_form(request, user):
|
|||
|
||||
|
||||
@login_required
|
||||
@can_edit(User, 'userid')
|
||||
def edit_info(request, userid, **kwargs):
|
||||
@can_edit(User)
|
||||
def edit_info(request, userid, instance):
|
||||
""" Edite un utilisateur à partir de son id,
|
||||
si l'id est différent de request.user, vérifie la
|
||||
possession du droit cableur """
|
||||
try:
|
||||
user = User.objects.get(pk=userid)
|
||||
except User.DoesNotExist:
|
||||
messages.error(request, "Utilisateur inexistant")
|
||||
return redirect(reverse('users:index'))
|
||||
if not user.can_edit(request.user):
|
||||
messages.error(request, "Vous ne pouvez pas accéder à ce menu")
|
||||
return redirect(reverse(
|
||||
'users:profil',
|
||||
kwargs={'userid':str(request.user.id)}
|
||||
))
|
||||
user = select_user_edit_form(request, user)
|
||||
# try:
|
||||
# user = User.objects.get(pk=userid)
|
||||
# except User.DoesNotExist:
|
||||
# messages.error(request, "Utilisateur inexistant")
|
||||
# return redirect(reverse('users:index'))
|
||||
# if not user.can_edit(request.user):
|
||||
# messages.error(request, "Vous ne pouvez pas accéder à ce menu")
|
||||
# return redirect(reverse(
|
||||
# 'users:profil',
|
||||
# kwargs={'userid':str(request.user.id)}
|
||||
# ))
|
||||
user = select_user_edit_form(request, instance)
|
||||
if user.is_valid():
|
||||
with transaction.atomic(), reversion.create_revision():
|
||||
user.save()
|
||||
|
|
Loading…
Add table
Reference in a new issue