mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-27 07:02:26 +00:00
Nouveau système de gestion des droits
This commit is contained in:
parent
90b55b6dc8
commit
f285f5c5a8
7 changed files with 79 additions and 12 deletions
|
@ -38,6 +38,7 @@ from django.forms import ModelForm, Form
|
|||
from django.contrib.auth.forms import ReadOnlyPasswordHashField
|
||||
from django.core.validators import MinLengthValidator
|
||||
from django.utils import timezone
|
||||
from django.contrib.auth.models import Group, Permission
|
||||
|
||||
from preferences.models import OptionalUser
|
||||
from .models import User, ServiceUser, School, ListRight, Whitelist
|
||||
|
@ -409,6 +410,23 @@ class StateForm(ModelForm):
|
|||
super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)
|
||||
|
||||
|
||||
class GroupForm(ModelForm):
|
||||
""" Gestion des groupes d'un user"""
|
||||
groups = forms.ModelMultipleChoiceField(
|
||||
Group.objects.all(),
|
||||
widget=forms.CheckboxSelectMultiple,
|
||||
required=False
|
||||
)
|
||||
|
||||
class Meta:
|
||||
model = User
|
||||
fields = ['groups']
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
||||
super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
|
||||
|
||||
|
||||
class SchoolForm(ModelForm):
|
||||
"""Edition, creation d'un école"""
|
||||
class Meta:
|
||||
|
@ -424,6 +442,12 @@ class SchoolForm(ModelForm):
|
|||
class ListRightForm(ModelForm):
|
||||
"""Edition, d'un groupe , équivalent à un droit
|
||||
Ne peremet pas d'editer le gid, car il sert de primary key"""
|
||||
permissions = forms.ModelMultipleChoiceField(
|
||||
Permission.objects.all(),
|
||||
widget=forms.CheckboxSelectMultiple,
|
||||
required=False
|
||||
)
|
||||
|
||||
class Meta:
|
||||
model = ListRight
|
||||
fields = ['name', 'unix_name', 'permissions', 'details']
|
||||
|
@ -457,9 +481,9 @@ class DelListRightForm(Form):
|
|||
instances = kwargs.pop('instances', None)
|
||||
super(DelListRightForm, self).__init__(*args, **kwargs)
|
||||
if instances:
|
||||
self.fields['unix_name'].queryset = instances
|
||||
self.fields['listrights'].queryset = instances
|
||||
else:
|
||||
self.fields['unix_name'].queryset = ListRight.objects.all()
|
||||
self.fields['listrights'].queryset = ListRight.objects.all()
|
||||
|
||||
|
||||
class DelSchoolForm(Form):
|
||||
|
|
|
@ -1153,8 +1153,8 @@ class ListRight(Group):
|
|||
except LdapUserGroup.DoesNotExist:
|
||||
group_ldap = LdapUserGroup(gid=self.gid)
|
||||
group_ldap.name = self.listright
|
||||
group_ldap.members = [right.user.pseudo for right
|
||||
in Right.objects.filter(right=self)]
|
||||
group_ldap.members = [user.pseudo for user
|
||||
in self.user_set.all()]
|
||||
group_ldap.save()
|
||||
|
||||
def ldap_del(self):
|
||||
|
|
|
@ -38,8 +38,20 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||
<tr>
|
||||
<td>{{ listright.name }}</td>
|
||||
<td>{{ listright.gid }}</td>
|
||||
<td>{{ listright.permissions.all }}</td>
|
||||
<td>{{ listright.user_set.all }}</td>
|
||||
<td>
|
||||
<div class="dropdown">
|
||||
<button class="btn btn-default dropdown-toggle" type="button" id="listpermissions" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
|
||||
Ensemble des permissions <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu" aria-labelledby="listpermissions">
|
||||
{% for perm in listright.permissions.all %}
|
||||
<li>
|
||||
{{ perm.name }}
|
||||
</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div></td>
|
||||
<td>{% for user in listright.user_set.all %}{{user}} <a role="button" href="{% url 'users:del-group' user.id listright.id %}" title="{{ desc|default:"Supprimer" }}"><i class="glyphicon glyphicon-remove" style="color:red"></i></a> | {% endfor %}</td>
|
||||
<td>{{ listright.details }}</td>
|
||||
<td class="text-right">
|
||||
{% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
|
||||
|
|
|
@ -42,7 +42,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||
<i class="glyphicon glyphicon-flash"></i>
|
||||
Changer le statut
|
||||
</a>
|
||||
<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
|
||||
<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:groups' users.id %}">
|
||||
<i class="glyphicon glyphicon-ok"></i>
|
||||
Gérer les groupes
|
||||
</a>
|
||||
<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
|
||||
<i class="glyphicon glyphicon-time"></i>
|
||||
Historique
|
||||
</a>
|
||||
|
@ -117,9 +121,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||
{% else %}
|
||||
<td><i class="text-danger">Désactivé</i></td>
|
||||
{% endif %}
|
||||
<th>Droits</th>
|
||||
{% if list_droits %}
|
||||
<td>{% for droit in list_droits %}{{ droit.right }}{% if list_droits|length != forloop.counter %} - {% endif %} {% endfor %}</td>
|
||||
<th>Groupes</th>
|
||||
{% if users.groups.all %}
|
||||
<td>{{ users.groups.all|join:", "}}</td>
|
||||
{% else %}
|
||||
<td>Aucun</td>
|
||||
{% endif %}
|
||||
|
|
|
@ -68,7 +68,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||
{% can_view_all ListRight %}
|
||||
<a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}">
|
||||
<i class="glyphicon glyphicon-list"></i>
|
||||
Droits
|
||||
Groupes de droits
|
||||
</a>
|
||||
{% acl_end %}
|
||||
{% can_view_all ServiceUser %}
|
||||
|
|
|
@ -40,7 +40,9 @@ urlpatterns = [
|
|||
name='edit-club-admin-members'
|
||||
),
|
||||
url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'),
|
||||
url(r'^groups/(?P<userid>[0-9]+)$', views.groups, name='groups'),
|
||||
url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'),
|
||||
url(r'^del_group/(?P<userid>[0-9]+)/(?P<listrightid>[0-9]+)$', views.del_group, name='del-group'),
|
||||
url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
|
||||
url(
|
||||
r'^edit_serviceuser/(?P<userid>[0-9]+)$',
|
||||
|
|
|
@ -80,7 +80,8 @@ from users.forms import (
|
|||
MassArchiveForm,
|
||||
PassForm,
|
||||
ResetPasswordForm,
|
||||
ClubAdminandMembersForm
|
||||
ClubAdminandMembersForm,
|
||||
GroupForm
|
||||
)
|
||||
from cotisations.models import Facture
|
||||
from machines.models import Machine
|
||||
|
@ -241,6 +242,20 @@ def state(request, user, userid):
|
|||
return form({'userform': state}, 'users/user.html', request)
|
||||
|
||||
|
||||
@login_required
|
||||
@can_edit(User)
|
||||
def groups(request, user, userid):
|
||||
group = GroupForm(request.POST or None, instance=user)
|
||||
if group.is_valid():
|
||||
with transaction.atomic(), reversion.create_revision():
|
||||
messages.success(request, "Groupes changés avec succès")
|
||||
return redirect(reverse(
|
||||
'users:profil',
|
||||
kwargs={'userid':str(userid)}
|
||||
))
|
||||
return form({'userform': group}, 'users/user.html', request)
|
||||
|
||||
|
||||
@login_required
|
||||
@can_edit(User, 'password')
|
||||
def password(request, user, userid):
|
||||
|
@ -253,6 +268,16 @@ def password(request, user, userid):
|
|||
return form({'userform': u_form}, 'users/user.html', request)
|
||||
|
||||
|
||||
@login_required
|
||||
@can_edit(User)
|
||||
def del_group(request, user, userid, listrightid):
|
||||
with transaction.atomic(), reversion.create_revision():
|
||||
user.groups.remove(ListRight.objects.get(id=listrightid))
|
||||
user.save()
|
||||
messages.success(request, "Droit supprimé à %s" % user)
|
||||
return redirect(reverse('users:index-listright'))
|
||||
|
||||
|
||||
@login_required
|
||||
@can_create(ServiceUser)
|
||||
def new_serviceuser(request):
|
||||
|
|
Loading…
Reference in a new issue