Gestion des admins d'école

8 years ago · 1721c95925
3 changed files with 65 additions and 11 deletions
--- a/users/templates/users/school.html
+++ b/users/templates/users/school.html
@ -7,6 +7,7 @@
    <i class="fa fa-edit"></i>
    Éditer
 </a>
+{% if manager_right in perms %}
 <h2>Membres</h2>
 <table class="table table-striped">
    <thead>
@ -17,18 +18,28 @@
    </thead>
    <tbody>
    {% for member in members %}
+	<tr>
        <td>{{member.last_name}}</td>
        <td>{{member.first_name}}</td>
        <td>{{member.username}}</td>
        <td>
-        <a class="btn btn-outline-warning btn-sm" href="">
+			{% if member in manager_group.user_set.all %}
+			<a class="btn btn-outline-danger btn-sm" href="{% url 'users:degrade-user' object.pk member.pk %}">
                <i class="fa fa-trash"></i>
-            Supprimer
+				Enlever le privilège Administrateur
 			</a>
+			{% else %}
+			<a class="btn btn-outline-warning btn-sm" href="{% url 'users:promote-user' object.pk member.pk %}">
+                <i class="fa fa-star"></i>
+                Promouvoir administrateur
+            </a>
+			{% endif %}
        </td>
+	</tr>
    {% endfor %}
    </tbody>
 </table>
+{% endif %}
 <h2>Contenus</h2>
 <a class="btn  btn-success btn-sm" href="{% url 'content:content-new' %}">
    <i class="fa fa-plus"></i>
--- a/users/urls.py
+++ b/users/urls.py
@ -10,6 +10,8 @@ from .views import (
    PasswordChange,
    Profile,
    School,
+    promote_user,
+    degrade_user
 )

 app_name = 'users'
@ -54,6 +56,16 @@ urlpatterns = [
        School.as_view(),
        name='school'
    ),
+    path(
+        'school/<int:school_pk>/degrade/<int:user_pk>',
+        degrade_user,
+        name='degrade-user'
+    ),
+    path(
+        'school/<int:school_pk>/promote/<int:user_pk>',
+        promote_user,
+        name='promote-user'
+    ),
    path(
        'school/<int:pk>/edit',
        EditSchool.as_view(),
--- a/users/views.py
+++ b/users/views.py
@ -1,11 +1,12 @@
 from django.contrib.auth.models import User, Group
 from django.contrib.auth.mixins import PermissionRequiredMixin, LoginRequiredMixin
 from django.views.generic import CreateView, UpdateView, DeleteView, DetailView
-from django.contrib.auth.views import LoginView, LogoutView, PasswordChangeView
+from django.contrib.auth.views import LoginView, LogoutView, PasswordChangeView, login_required
 from django.contrib.auth.hashers import make_password
 from django.contrib.messages.views import SuccessMessageMixin
+from django.contrib import messages
 from django.urls import reverse, reverse_lazy
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, redirect

 from .models import UserProfile, SchoolProfile
 from content.models import Content
@ -140,6 +141,8 @@ class School(LoginRequiredMixin, PermissionRequiredMixin, DetailView):
        context['contents'] = Content.objects.filter(school_owner=self.object.school)
        context['school'] = True
        context['members'] = User.objects.filter(userprofile__school=self.object.school)
+        context['manager_right'] = 'auth.manage_' + str(self.object.pk)
+        context['manager_group'],_ = Group.objects.get_or_create(name=str(self.object.pk)+'_admins')
        return context

    def has_permission(self):
@ -167,3 +170,31 @@ class PasswordChange(SuccessMessageMixin, PasswordChangeView):
        'title' : "Changer le mot de passe",
        'validate' : "Changer",
    }
+
+
+@login_required
+def promote_user(request, school_pk, user_pk):
+    school = get_object_or_404(Group, pk=school_pk)
+    user = get_object_or_404(User, pk=user_pk)
+    if request.user.has_perm('manage_'+str(school.pk)):
+        admins,_ = Group.objects.get_or_create(name=str(school.pk)+'_admins')
+        user.groups.add(admins)
+        user.save()
+        messages.success(request, user.username + ' a été ajouté aux administrateurs de ' + school.name)
+        return redirect(reverse('users:school', kwargs={'pk':school.pk}))
+    messages.error(request, "Vous n'aves pas ce droit.")
+    return redirect('home')
+
+
+@login_required
+def degrade_user(request, school_pk, user_pk):
+    school = get_object_or_404(Group, pk=school_pk)
+    user = get_object_or_404(User, pk=user_pk)
+    if request.user.has_perm('manage_'+str(school.pk)):
+        admins,_ = Group.objects.get_or_create(name=str(school.pk)+'_admins')
+        user.groups.remove(admins)
+        user.save()
+        messages.success(request, user.username + ' a été enlevé des administrateurs de ' + school.name)
+        return redirect(reverse('users:school', kwargs={'pk':school.pk}))
+    messages.error(request, "Vous n'aves pas ce droit.")
+    return redirect('home')