8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-25 08:23:46 +00:00

Pas de requête directement dans @can_edit. On récupère l'instance dans model.get_instance et on la transmet à model.can_edit et à la vue.

This commit is contained in:
Hugo LEVY-FALK 2017-11-30 13:42:33 +01:00
parent d9c172ea13
commit db6c11075f
3 changed files with 28 additions and 27 deletions

View file

@ -68,28 +68,26 @@ def can_create(model):
return decorator return decorator
def can_edit(model, *instance_id): def can_edit(model):
"""Decorator to check if an user can edit a model. """Decorator to check if an user can edit a model.
It assumes that a valid user exists in the request and that the model has a It tries to get an instance of the model, using
method can_create(user) which returns true if the user can create this kind `model.get_instance(*args, **kwargs)` and assumes that the model has a method
`can_create(user)` which returns `true` if the user can create this kind
of models. of models.
""" """
def decorator(view): def decorator(view):
def wrapper(request, *args, **kwargs): def wrapper(request, *args, **kwargs):
instances = {}
for i in instance_id:
try: try:
instances[i] = model.objects.get(pk=kwargs[i]) instance = model.get_instance(*args, **kwargs)
except model.DoesNotExist: except model.DoesNotExist:
messages.error(request, u"Entrée inexistante") messages.error(request, u"Entrée inexistante")
return redirect(reverse('users:index')) return redirect(reverse('users:index'))
kwargs['instances'] = instances if not model.can_edit(instance, request.user):
can = all(model.can_edit(instances[i], request.user) for i in instances)
if not can:
messages.error(request, "Vous ne pouvez pas accéder à ce menu") messages.error(request, "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil', return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
)) ))
kwargs['instance'] = instance
return view(request, *args, **kwargs) return view(request, *args, **kwargs)
return wrapper return wrapper
return decorator return decorator

View file

@ -784,6 +784,9 @@ class User(AbstractBaseUser):
else: else:
return self == user or user.has_perms(('cableur',)) return self == user or user.has_perms(('cableur',))
def get_instance(userid):
return User.objects.get(pk=userid)
def __str__(self): def __str__(self):
return self.pseudo return self.pseudo

View file

@ -203,23 +203,23 @@ def select_user_edit_form(request, user):
@login_required @login_required
@can_edit(User, 'userid') @can_edit(User)
def edit_info(request, userid, **kwargs): def edit_info(request, userid, instance):
""" Edite un utilisateur à partir de son id, """ Edite un utilisateur à partir de son id,
si l'id est différent de request.user, vérifie la si l'id est différent de request.user, vérifie la
possession du droit cableur """ possession du droit cableur """
try: # try:
user = User.objects.get(pk=userid) # user = User.objects.get(pk=userid)
except User.DoesNotExist: # except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant") # messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users:index')) # return redirect(reverse('users:index'))
if not user.can_edit(request.user): # if not user.can_edit(request.user):
messages.error(request, "Vous ne pouvez pas accéder à ce menu") # messages.error(request, "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse( # return redirect(reverse(
'users:profil', # 'users:profil',
kwargs={'userid':str(request.user.id)} # kwargs={'userid':str(request.user.id)}
)) # ))
user = select_user_edit_form(request, user) user = select_user_edit_form(request, instance)
if user.is_valid(): if user.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
user.save() user.save()