Merge branch 'fix_110_display_superuser' into 'master'

Fix #110 display superuser Closes #110 See merge request federez/re2o!150
2024-05-20 09:32:29 +00:00 · 2018-05-03 14:42:44 +02:00 · 2018-05-03 14:42:44 +02:00 · dcd1e2af96
parent 34d29349ed a5013920da
commit dcd1e2af96
7 changed files with 88 additions and 10 deletions
--- a/logs/templates/logs/aff_stats_droits.html
+++ b/logs/templates/logs/aff_stats_droits.html
@ -66,7 +66,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
                        <td><p class="text-success">{{utilisateur.last}}</p></td>
                    {% endif %}
                    <td>
+                        {% if droit != 'Superuser' %}
                        <a href="{% url 'users:del-group' utilisateur.id droit.id %}">
+                        {% else %}
+                        <a href="{% url 'users:del-superuser' utilisateur.id %}">
+                        {% endif %}
                            <button type="button" class="btn btn-danger" aria-label="Left Align">
                                <span class="fa fa-user-times" aria-hidden="true"></span>
                            </button>
@ -79,4 +83,4 @@ with this program; if not, write to the Free Software Foundation, Inc.,
        </div>
    </div>
 </div>
-{% endfor %}
+{% endfor %}
--- a/logs/views.py
+++ b/logs/views.py
@ -41,7 +41,7 @@ from django.urls import reverse
 from django.shortcuts import render, redirect
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
-from django.db.models import Count, Max
+from django.db.models import Count, Max, F

 from reversion.models import Revision
 from reversion.models import Version, ContentType
@ -469,9 +469,14 @@ def stats_droits(request):
    for droit in ListRight.objects.all().select_related('group_ptr'):
        stats_list[droit] = droit.user_set.all().annotate(
            num=Count('revision'),
-            last=Max('revision__date_created')
+            last=Max('revision__date_created'),
        )

+    stats_list['Superuser'] = User.objects.filter(is_superuser=True).annotate(
+            num=Count('revision'),
+            last=Max('revision__date_created'),
+    )
+
    return render(
        request,
        'logs/stats_droits.html',
--- a/users/forms.py
+++ b/users/forms.py
@ -454,7 +454,7 @@ class StateForm(FormRevMixin, ModelForm):
        super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)


-class GroupForm(FormRevMixin, ModelForm):
+class GroupForm(FieldPermissionFormMixin, FormRevMixin, ModelForm):
    """ Gestion des groupes d'un user"""
    groups = forms.ModelMultipleChoiceField(
        Group.objects.all(),
@ -464,11 +464,13 @@ class GroupForm(FormRevMixin, ModelForm):

    class Meta:
        model = User
-        fields = ['groups']
+        fields = ['is_superuser', 'groups']

    def __init__(self, *args, **kwargs):
        prefix = kwargs.pop('prefix', self.Meta.model.__name__)
        super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
+        if 'is_superuser' in self.fields:
+            self.fields['is_superuser'].label = "Superuser"


 class SchoolForm(FormRevMixin, ModelForm):
--- a/users/models.py
+++ b/users/models.py
@ -812,6 +812,18 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
            "Droit requis pour éditer les groupes de l'user"
        )

+    @staticmethod
+    def can_change_is_superuser(user_request, *_args, **_kwargs):
+        """ Check if an user can change a is_superuser flag
+
+        :param user_request: The user who request
+        :returns: a message and a boolean which is True if permission is granted.
+        """
+        return (
+            user_request.is_superuser,
+            "Droit superuser requis pour éditer le flag superuser"
+        )
+
    def can_view(self, user_request, *_args, **_kwargs):
        """Check if an user can view an user object.

--- a/users/templates/users/aff_listright.html
+++ b/users/templates/users/aff_listright.html
@ -33,6 +33,44 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 		<th></th>
            </tr>
        </thead>
+		{% if superuser_right %}
+		<tr class="active">
+			<td>Superuser</td>
+			<td></td>
+			<td>True</td>
+			<td>
+                <button class="btn btn-default" data-parent="#accordion_superuser" type="button" data-toggle="collapse" data-target="#collapseListRight_user_superuser" aria-expanded="true" aria-controls="collapseListRight_user_superuser">
+					Utilisateurs ({{ superuser_right.count }})
+                </button>
+			</td>
+			<td>
+				Donne tous les droits sur Re2o.
+			</td>
+			<td class="text-right">
+			</td>
+		</tr>
+		<tr>
+			<td colspan=5>
+				<div class="panel-group" id="accordion_superuser" role="tablist" aria-multiselectable="true" style="margin-bottom: 0px;">
+                    <div class="panel" style="border: none;">
+                        <div class="panel-collapse collapse in" id="collapseListRight_user_superuser" role="tabpanel">
+                            <ul class="list-group" style="margin-bottom: 0px">
+                                {% for user in superuser_right %}
+	                        <li class="list-group-item col-xs-12 col-sm-6 col-md-4" style="border:none;">
+                                    {{user}}
+                                    <a role="button" href="{% url 'users:del-superuser' user.pk %}" title="{{ desc|default:"Supprimer" }}">
+                                        <i class="fa fa-times" style="color:red"></i>
+                                    </a>
+                                </li>
+                                {% endfor %}
+							</ul>
+                        </div>
+                    </div>
+                </div>
+            </td>
+		</tr>
+
+		{% endif %}
        {% for listright in listright_list %}
        <tr class="active">
            <td>
@ -48,9 +86,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
                    <button class="btn btn-default" data-parent="#accordion_{{listright.gid}}" type="button" data-toggle="collapse" data-target="#collapseListRight_perm_{{listright.gid}}" aria-expanded="true" aria-controls="collapseListRight_perm_{{listright.gid}}">
                        Ensemble des permissions ({{ listright.permissions.all|length }})
                    </button>
-		</div>
-	    </td>
-	    <td>{{ listright.details }}</td>
+				</div>
+			</td>
+			<td>{{ listright.details }}</td>
            <td class="text-right">
                {% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
                {% include 'buttons/history.html' with href='users:history' name='listright' id=listright.id %}
--- a/users/urls.py
+++ b/users/urls.py
@ -43,6 +43,9 @@ urlpatterns = [
    url(r'^del_group/(?P<userid>[0-9]+)/(?P<listrightid>[0-9]+)$',
        views.del_group,
        name='del-group'),
+    url(r'^del_superuser/(?P<userid>[0-9]+)$',
+        views.del_superuser,
+        name='del-superuser'),
    url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
    url(r'^edit_serviceuser/(?P<serviceuserid>[0-9]+)$',
        views.edit_serviceuser,
--- a/users/views.py
+++ b/users/views.py
@ -246,7 +246,7 @@ def state(request, user, userid):
@can_edit(User, 'groups')
 def groups(request, user, userid):
    """ View to edit the groups of a user """
-    group_form = GroupForm(request.POST or None, instance=user)
+    group_form = GroupForm(request.POST or None, instance=user, user=request.user)
    if group_form.is_valid():
        if group_form.changed_data:
            group_form.save()
@ -294,6 +294,16 @@ def del_group(request, user, listrightid, **_kwargs):
    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))


+@login_required
+@can_edit(User, 'is_superuser')
+def del_superuser(request, user, **_kwargs):
+    """Remove the superuser right of an user."""
+    user.is_superuser = False
+    user.save()
+    messages.success(request, "%s n'est plus superuser" % user)
+    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+
+
@login_required
@can_create(ServiceUser)
 def new_serviceuser(request):
@ -763,10 +773,14 @@ def index_listright(request):
    """ Affiche l'ensemble des droits"""
    listright_list = ListRight.objects.order_by('unix_name')\
        .prefetch_related('permissions').prefetch_related('user_set')
+    superuser_right = User.objects.filter(is_superuser=True)
    return render(
        request,
        'users/index_listright.html',
-        {'listright_list': listright_list}
+        {
+            'listright_list': listright_list,
+            'superuser_right' : superuser_right,
+        }
    )