From e1fc4b061327bbe480f0a85fbb08ef0a92ae0edf Mon Sep 17 00:00:00 2001 From: Hugo LEVY-FALK Date: Thu, 28 Dec 2017 13:45:24 +0100 Subject: [PATCH] =?UTF-8?q?D=C3=A9corateur=20d'acc=C3=A8s=20=C3=A0=20une?= =?UTF-8?q?=20application.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- re2o/utils.py | 43 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/re2o/utils.py b/re2o/utils.py index 1271fea4..0e680895 100644 --- a/re2o/utils.py +++ b/re2o/utils.py @@ -69,7 +69,7 @@ def can_create(model): return decorator -def can_edit(model): +def can_edit(model, *field_list): """Decorator to check if an user can edit a model. It tries to get an instance of the model, using `model.get_instance(*args, **kwargs)` and assumes that the model has a @@ -91,12 +91,20 @@ def can_edit(model): return redirect(reverse('users:profil', kwargs={'userid':str(request.user.id)} )) + for field in field_list: + can_create = getattr(model, 'can_change_' + field) + can, msg = can_create(instance, request.user, *args, **kwargs) + if not can: + messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") + return redirect(reverse('users:profil', + kwargs={'userid':str(request.user.id)} + )) return view(request, instance, *args, **kwargs) return wrapper return decorator -def can_change(model, field_list): +def can_change(model, *field_list): """Decorator to check if an user can edit a field of a model. It assumes that a valid user exists in the request and that the model has a method can_create(user) which returns true if the user can create this kind @@ -106,7 +114,7 @@ def can_change(model, field_list): def wrapper(request, *args, **kwargs): for field in field_list: can_create = getattr(model, 'can_change_' + field) - can, msg = can_create(request.user, *args, **kwargs) + can, msg = can_create(None, request.user, *args, **kwargs) if not can: messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") return redirect(reverse('users:profil', @@ -209,6 +217,35 @@ def can_view_all(model): return decorator +APP_VIEWING_RIGHT = { + 'cotisations' : 'cableur', + 'logs' : 'cableur', + 'machines' : 'cableur', + 'preferences' : 'cableur', + 'search' : 'cableur', + 'topologie' : 'cableur', + 'users' : 'cableur', +} + +def can_view_app(app_name): + """Decorator to check if an user can view an application. + """ + assert app_name in APP_VIEWING_RIGHT.keys() + def decorator(view): + def wrapper(request, *args, **kwargs): + if request.user.has_perms((APP_VIEWING_RIGHT[app_name],)): + return view(request, *args, **kwargs) + messages.error( + request, + msg or "Vous ne pouvez pas accéder à l'application " + app_name + ) + return redirect(reverse('users:profil', + kwargs={'userid':str(request.user.id)} + )) + return wrapper + return decorator + + def all_adherent(search_time=DT_NOW): """ Fonction renvoyant tous les users adherents. Optimisee pour n'est qu'une seule requete sql