From d2946a94b584f6b7cf0c3f5c9128ac7e1b5bc810 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Tue, 17 Apr 2018 00:32:37 +0200 Subject: [PATCH 1/6] affiche les superuser --- users/templates/users/aff_listright.html | 44 ++++++++++++++++++++++-- users/views.py | 6 +++- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/users/templates/users/aff_listright.html b/users/templates/users/aff_listright.html index be94b146..7807c1d3 100644 --- a/users/templates/users/aff_listright.html +++ b/users/templates/users/aff_listright.html @@ -33,6 +33,44 @@ with this program; if not, write to the Free Software Foundation, Inc., + {% if superuser_right %} + + Superuser + + True + + + + + Donne tous les droits sur Re2o. + + + + + + +
+
+
+
    + {% for user in superuser_right %} +
  • + {{user}} + + + +
    • + {% endfor %} +
+
+
+
+ + + + {% endif %} {% for listright in listright_list %} @@ -48,9 +86,9 @@ with this program; if not, write to the Free Software Foundation, Inc., - - - {{ listright.details }} + + + {{ listright.details }} {% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %} {% include 'buttons/history.html' with href='users:history' name='listright' id=listright.id %} diff --git a/users/views.py b/users/views.py index 2614cb9c..797b3eb2 100644 --- a/users/views.py +++ b/users/views.py @@ -768,10 +768,14 @@ def index_listright(request): """ Affiche l'ensemble des droits""" listright_list = ListRight.objects.order_by('unix_name')\ .prefetch_related('permissions').prefetch_related('user_set') + superuser_right = User.objects.filter(is_superuser=True) return render( request, 'users/index_listright.html', - {'listright_list': listright_list} + { + 'listright_list': listright_list, + 'superuser_right' : superuser_right, + } ) From 6f3fc983acccd3c2d33f83d1bcfb68e5f3e48d79 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 3 May 2018 10:26:17 +0200 Subject: [PATCH 2/6] Suppression de superuser --- users/templates/users/aff_listright.html | 2 +- users/urls.py | 3 +++ users/views.py | 10 ++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/users/templates/users/aff_listright.html b/users/templates/users/aff_listright.html index 7807c1d3..8906b38e 100644 --- a/users/templates/users/aff_listright.html +++ b/users/templates/users/aff_listright.html @@ -58,7 +58,7 @@ with this program; if not, write to the Free Software Foundation, Inc., {% for user in superuser_right %}
  • {{user}} - +
    • diff --git a/users/urls.py b/users/urls.py index 05f72be0..5d868196 100644 --- a/users/urls.py +++ b/users/urls.py @@ -43,6 +43,9 @@ urlpatterns = [ url(r'^del_group/(?P[0-9]+)/(?P[0-9]+)$', views.del_group, name='del-group'), + url(r'^del_superuser/(?P[0-9]+)$', + views.del_superuser, + name='del-superuser'), url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'), url(r'^edit_serviceuser/(?P[0-9]+)$', views.edit_serviceuser, diff --git a/users/views.py b/users/views.py index 797b3eb2..2ed4f3fb 100644 --- a/users/views.py +++ b/users/views.py @@ -294,6 +294,16 @@ def del_group(request, user, listrightid, **_kwargs): return HttpResponseRedirect(request.META.get('HTTP_REFERER')) +@login_required +@can_edit(User, 'groups') +def del_superuser(request, user, **_kwargs): + """Remove the superuser right of an user.""" + user.is_superuser = False + user.save() + messages.success(request, "%s n'est plus superuser" % user) + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) + + @login_required @can_create(ServiceUser) def new_serviceuser(request): From 4a5fd06aceaf7c14001cb8ad4c886c1de96e8765 Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 3 May 2018 10:56:21 +0200 Subject: [PATCH 3/6] Ajout de superusers --- users/forms.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/forms.py b/users/forms.py index 0a17df8b..91e2936a 100644 --- a/users/forms.py +++ b/users/forms.py @@ -454,6 +454,10 @@ class GroupForm(FormRevMixin, ModelForm): widget=forms.CheckboxSelectMultiple, required=False ) + superuser = forms.BooleanField( + label="Superuser", + required=False, + ) class Meta: model = User @@ -462,6 +466,11 @@ class GroupForm(FormRevMixin, ModelForm): def __init__(self, *args, **kwargs): prefix = kwargs.pop('prefix', self.Meta.model.__name__) super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs) + self.fields['superuser'].initial = self.instance.is_superuser + + def save(self, *args, **kwargs): + self.instance.is_superuser = self.cleaned_data['superuser'] + return super(GroupForm, self).save(*args, **kwargs) class SchoolForm(FormRevMixin, ModelForm): From 8a199777574848aaae1ec3bed6dbbc22832038ec Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 3 May 2018 11:55:34 +0200 Subject: [PATCH 4/6] =?UTF-8?q?Ne=20r=C3=A9invente=20pas=20la=20roue?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- users/forms.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/users/forms.py b/users/forms.py index 91e2936a..f939c6cd 100644 --- a/users/forms.py +++ b/users/forms.py @@ -454,23 +454,15 @@ class GroupForm(FormRevMixin, ModelForm): widget=forms.CheckboxSelectMultiple, required=False ) - superuser = forms.BooleanField( - label="Superuser", - required=False, - ) class Meta: model = User - fields = ['groups'] + fields = ['groups', 'is_superuser'] def __init__(self, *args, **kwargs): prefix = kwargs.pop('prefix', self.Meta.model.__name__) super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs) - self.fields['superuser'].initial = self.instance.is_superuser - - def save(self, *args, **kwargs): - self.instance.is_superuser = self.cleaned_data['superuser'] - return super(GroupForm, self).save(*args, **kwargs) + self.fields['is_superuser'].label = "Superuser" class SchoolForm(FormRevMixin, ModelForm): From 9d79ffb5ca00d28fe552647335a0a496e479a7ee Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 3 May 2018 14:08:05 +0200 Subject: [PATCH 5/6] =?UTF-8?q?Plus=20de=20B=C3=94T=C3=89=20dans=20l'affic?= =?UTF-8?q?hage=20des=20superusers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- logs/templates/logs/aff_stats_droits.html | 6 +++++- logs/views.py | 9 +++++++-- users/forms.py | 2 +- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/logs/templates/logs/aff_stats_droits.html b/logs/templates/logs/aff_stats_droits.html index bf672b67..6e424223 100644 --- a/logs/templates/logs/aff_stats_droits.html +++ b/logs/templates/logs/aff_stats_droits.html @@ -66,7 +66,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,

    {{utilisateur.last}}

    {% endif %} + {% if droit != 'Superuser' %} + {% else %} + + {% endif %} @@ -79,4 +83,4 @@ with this program; if not, write to the Free Software Foundation, Inc., -{% endfor %} \ No newline at end of file +{% endfor %} diff --git a/logs/views.py b/logs/views.py index afb0a118..0acd4bd9 100644 --- a/logs/views.py +++ b/logs/views.py @@ -41,7 +41,7 @@ from django.urls import reverse from django.shortcuts import render, redirect from django.contrib import messages from django.contrib.auth.decorators import login_required -from django.db.models import Count, Max +from django.db.models import Count, Max, F from reversion.models import Revision from reversion.models import Version, ContentType @@ -469,9 +469,14 @@ def stats_droits(request): for droit in ListRight.objects.all().select_related('group_ptr'): stats_list[droit] = droit.user_set.all().annotate( num=Count('revision'), - last=Max('revision__date_created') + last=Max('revision__date_created'), ) + stats_list['Superuser'] = User.objects.filter(is_superuser=True).annotate( + num=Count('revision'), + last=Max('revision__date_created'), + ) + return render( request, 'logs/stats_droits.html', diff --git a/users/forms.py b/users/forms.py index f939c6cd..17170058 100644 --- a/users/forms.py +++ b/users/forms.py @@ -457,7 +457,7 @@ class GroupForm(FormRevMixin, ModelForm): class Meta: model = User - fields = ['groups', 'is_superuser'] + fields = ['is_superuser', 'groups'] def __init__(self, *args, **kwargs): prefix = kwargs.pop('prefix', self.Meta.model.__name__) From a5013920daa26da6dedb9b0ffb593eef98e255cf Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 3 May 2018 14:22:52 +0200 Subject: [PATCH 6/6] ACL --- users/forms.py | 5 +++-- users/models.py | 12 ++++++++++++ users/views.py | 4 ++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/users/forms.py b/users/forms.py index 17170058..23617c53 100644 --- a/users/forms.py +++ b/users/forms.py @@ -447,7 +447,7 @@ class StateForm(FormRevMixin, ModelForm): super(StateForm, self).__init__(*args, prefix=prefix, **kwargs) -class GroupForm(FormRevMixin, ModelForm): +class GroupForm(FieldPermissionFormMixin, FormRevMixin, ModelForm): """ Gestion des groupes d'un user""" groups = forms.ModelMultipleChoiceField( Group.objects.all(), @@ -462,7 +462,8 @@ class GroupForm(FormRevMixin, ModelForm): def __init__(self, *args, **kwargs): prefix = kwargs.pop('prefix', self.Meta.model.__name__) super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs) - self.fields['is_superuser'].label = "Superuser" + if 'is_superuser' in self.fields: + self.fields['is_superuser'].label = "Superuser" class SchoolForm(FormRevMixin, ModelForm): diff --git a/users/models.py b/users/models.py index f7bfc128..156c26ba 100644 --- a/users/models.py +++ b/users/models.py @@ -812,6 +812,18 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser, "Droit requis pour éditer les groupes de l'user" ) + @staticmethod + def can_change_is_superuser(user_request, *_args, **_kwargs): + """ Check if an user can change a is_superuser flag + + :param user_request: The user who request + :returns: a message and a boolean which is True if permission is granted. + """ + return ( + user_request.is_superuser, + "Droit superuser requis pour éditer le flag superuser" + ) + def can_view(self, user_request, *_args, **_kwargs): """Check if an user can view an user object. diff --git a/users/views.py b/users/views.py index 2ed4f3fb..1b65a923 100644 --- a/users/views.py +++ b/users/views.py @@ -246,7 +246,7 @@ def state(request, user, userid): @can_edit(User, 'groups') def groups(request, user, userid): """ View to edit the groups of a user """ - group_form = GroupForm(request.POST or None, instance=user) + group_form = GroupForm(request.POST or None, instance=user, user=request.user) if group_form.is_valid(): if group_form.changed_data: group_form.save() @@ -295,7 +295,7 @@ def del_group(request, user, listrightid, **_kwargs): @login_required -@can_edit(User, 'groups') +@can_edit(User, 'is_superuser') def del_superuser(request, user, **_kwargs): """Remove the superuser right of an user.""" user.is_superuser = False