rezometz
/
re2o
mirror of https://gitlab.federez.net/re2o/re2o
8
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Define can_create, can_edit, can_delete and can_view and use can_create and can_edit decorator for users.models

test-front-curly
Maël Kervella 8 years ago
committed by root
parent
196d369dda
commit
1262b39c82
2 changed files with 206 additions and 84 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 220
      users/models.py
  2. 70
      users/views.py

220
users/models.py
View File

@ -762,44 +762,47 @@ class User(AbstractBaseUser):
num += 1
return composed_pseudo(num)
def can_create(user, *args, **kwargs):
def get_instance(userid, *args, **kwargs):
return User.objects.get(pk=userid)
def can_create(user_request, *args, **kwargs):
options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create:
return True, None
else:
return user.has_perms(('cableur',)), u"Vous n'avez pas le\
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer un utilisateur"
def can_edit(self, user, *args, **kwargs):
if self.is_class_club and user.is_class_adherent:
if self == user or user.has_perms(('cableur',)) or\
user.adherent in self.club.administrators.all():
def can_edit(self, user_request, *args, **kwargs):
if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.club.administrators.all():
return True, None
else:
return False, u"Vous n'avez pas le droit d'éditer ce club"
else:
if self == user or user.has_perms(('cableur',)):
if self == user_request or user_request.has_perms(('cableur',)):
return True, None
else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def can_view(self, user, *args, **kwargs):
if self.is_class_club and user.is_class_adherent:
if self == user or user.has_perms(('cableur',)) or\
user.adherent in self.club.administrators.all() or\
user.adherent in self.club.members.all():
def can_delete(self, user_request, *args, **kwargs):
return True, None
def can_view(self, user_request, *args, **kwargs):
if self.is_class_club and user_request.is_class_adherent:
if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.club.administrators.all() or\
user_request.adherent in self.club.members.all():
return True, None
else:
return False, u"Vous n'avez pas le droit de voir ce club"
else:
if self == user or user.has_perms(('cableur',)):
if self == user_request or user_request.has_perms(('cableur',)):
return True, None
else:
return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
def get_instance(userid, *args, **kwargs):
return User.objects.get(pk=userid)
def __str__(self):
return self.pseudo
@ -815,6 +818,31 @@ class Adherent(User):
)
pass
def get_instance(adherentid, *args, **kwargs):
return Adherent.objects.get(pk=adherentid)
def can_create(user_request, *args, **kwargs):
options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create:
return True, None
else:
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer un adherent"
def can_edit(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)):
return True, None
else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def can_delete(self, user_request, *args, **kwargs):
return True, None
def can_view(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)):
return True, None
else:
return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
class Club(User):
@ -838,6 +866,35 @@ class Club(User):
pass
def get_instance(clubid, *args, **kwargs):
return Club.objects.get(pk=clubid)
def can_create(user_request, *args, **kwargs):
options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create:
return True, None
else:
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer un club"
def can_edit(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.administrators.all():
return True, None
else:
return False, u"Vous n'avez pas le droit d'éditer ce club"
def can_delete(self, user_request, *args, **kwargs):
return True, None
def can_view(self, user_request, *args, **kwargs):
if self == user_request or user_request.has_perms(('cableur',)) or\
user_request.adherent in self.administrators.all() or\
user_request.adherent in self.members.all():
return True, None
else:
return False, u"Vous n'avez pas le droit de voir ce club"
@receiver(post_save, sender=Adherent)
@receiver(post_save, sender=Club)
@ -924,23 +981,31 @@ class ServiceUser(AbstractBaseUser):
)]).values_list('dn', flat=True))
group.save()
def __str__(self):
return self.pseudo
def get_instance(userid, *args, **kwargs):
return ServiceUser.objects.get(pk=userid)
def can_create(user, *args, **kwargs):
def can_create(user_request, *args, **kwargs):
options, _created = OptionalUser.objects.get_or_create()
if options.all_can_create:
return True, None
else:
return user.has_perms(('infra',)), u"Vous n'avez pas le droit de\
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\
créer un service user"
def can_edit(self, user, *args, **kwargs):
return user.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\
def can_edit(self, user_request, *args, **kwargs):
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\
les services users"
def get_instance(userid, *args, **kwargs):
return ServiceUser.objects.get(pk=userid)
def can_delete(self, user_request, *args, **kwargs):
return user_request.has_perms(('infra',)), u"Vous n'avez pas le droit de\
supprimer un service user"
def can_view(self, user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit de\
voir un service user"
def __str__(self):
return self.pseudo
@receiver(post_save, sender=ServiceUser)
def service_user_post_save(sender, **kwargs):
@ -968,13 +1033,26 @@ class Right(models.Model):
class Meta:
unique_together = ("user", "right")
def __str__(self):
return str(self.user)
def get_instance(rightid, *args, **kwargs):
return Right.objects.get(pk=rightid)
def can_create(user, *args, **kwargs):
return user.has_perms(('bureau',)), u"Vous n'avez pas le droit de\
def can_create(user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit de\
créer des droits"
def can_edit(self, user_request, *args, **kwargs):
return True, None
def can_delete(self, user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit de\
supprimer des droits"
def can_view(self, user_request, *args, **kwargs):
return True, None
def __str__(self):
return str(self.user)
@receiver(post_save, sender=Right)
def right_post_save(sender, **kwargs):
@ -996,6 +1074,25 @@ class School(models.Model):
name = models.CharField(max_length=255)
def get_instance(schoolid, *args, **kwargs):
return School.objects.get(pk=schoolid)
def can_create(user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer des écoles"
def can_edit(self, user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit d'éditer des écoles"
def can_delete(self, user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de supprimer des écoles"
def can_view(self, user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de voir les écoles"
def __str__(self):
return self.name
@ -1024,6 +1121,25 @@ class ListRight(models.Model):
blank=True
)
def get_instance(listrightid, *args, **kwargs):
return ListRight.objects.get(pk=listrightid)
def can_create(user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
de créer des groupes de droits"
def can_edit(self, user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
d'éditer des groupes de droits"
def can_delete(self, user_request, *args, **kwargs):
return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
de supprimer des groupes de droits"
def can_view(self, user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\
de voir les groupes de droits"
def __str__(self):
return self.listright
@ -1116,13 +1232,31 @@ class Ban(models.Model):
"""Ce ban est-il actif?"""
return self.date_end > DT_NOW
def get_instance(banid, *args, **kwargs):
return Ban.objects.get(pk=banid)
def can_create(user_request, *args, **kwargs):
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit de\
créer des bannissements"
def can_edit(self, user_request, *args, **kwargs):
return user_request.has_perms(('bofh',)), u"Vous n'avez pas le droit\
d'éditer des bannissements"
def can_delete(self, user_request, *args, **kwargs):
return True, None
def can_view(self, user_request, *args, **kwargs):
if not user_request.has_perms(('cableur',)) and\
self.user != user_request:
return False, u"Vous n'avez pas le droit de voir les bannissements\
autre que les vôtres"
else:
return True, None
def __str__(self):
return str(self.user) + ' ' + str(self.raison)
def can_create(user, *args, **kwargs):
return user.has_perms(('bofh',)), u"Vous n'avez pas le droit de\
créer des bannissement"
@receiver(post_save, sender=Ban)
def ban_post_save(sender, **kwargs):
@ -1165,6 +1299,28 @@ class Whitelist(models.Model):
def is_active(self):
return self.date_end > DT_NOW
def get_instance(whitelistid, *args, **kwargs):
return Whitelist.objects.get(pk=whitelistid)
def can_create(user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit de créer des accès gracieux"
def can_edit(self, user_request, *args, **kwargs):
return user_request.has_perms(('cableur',)), u"Vous n'avez pas le\
droit d'éditer des accès gracieux"
def can_delete(self, user_request, *args, **kwargs):
return True, None
def can_view(self, user_request, *args, **kwargs):
if not user_request.has_perms(('cableur',)) and\
self.user != user_request:
return False, u"Vous n'avez pas le droit de voir les accès\
gracieux autre que les vôtres"
else:
return True, None
def __str__(self):
return str(self.user) + ' ' + str(self.raison)

70
users/views.py
View File

@ -154,20 +154,10 @@ def new_club(request):
@login_required
def edit_club_admin_members(request, clubid):
@can_edit(Club)
def edit_club_admin_members(request, club_instance, clubid):
"""Vue d'edition de la liste des users administrateurs et
membres d'un club"""
try:
club_instance = Club.objects.get(pk=clubid)
except Club.DoesNotExist:
messages.error(request, "Club inexistant")
return redirect(reverse('users:index'))
if not club_instance.can_edit(request.user):
messages.error(request, "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
club = ClubAdminandMembersForm(request.POST or None, instance=club_instance)
if club.is_valid():
with transaction.atomic(), reversion.create_revision():
@ -406,16 +396,11 @@ def add_ban(request, user, userid):
return form({'userform': ban}, 'users/user.html', request)
@login_required
@permission_required('bofh')
def edit_ban(request, banid):
@can_edit(Ban)
def edit_ban(request, ban_instance, banid):
""" Editer un bannissement, nécessite au moins le droit bofh
(a fortiori bureau)
Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement"""
try:
ban_instance = Ban.objects.get(pk=banid)
except Ban.DoesNotExist:
messages.error(request, "Entrée inexistante")
return redirect(reverse('users:index'))
ban = BanForm(request.POST or None, instance=ban_instance)
if ban.is_valid():
with transaction.atomic(), reversion.create_revision():
@ -430,17 +415,13 @@ def edit_ban(request, banid):
@login_required
@permission_required('cableur')
def add_whitelist(request, userid):
@can_create(Whitelist)
@can_edit(User)
def add_whitelist(request, user, userid):
""" Accorder un accès gracieux, temporaire ou permanent.
Need droit cableur
Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement,
raison obligatoire"""
try:
user = User.objects.get(pk=userid)
except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users:index'))
whitelist_instance = Whitelist(user=user)
whitelist = WhitelistForm(
request.POST or None,
@ -465,17 +446,12 @@ def add_whitelist(request, userid):
@login_required
@permission_required('cableur')
def edit_whitelist(request, whitelistid):
@can_edit(Whitelist)
def edit_whitelist(request, whitelist_instance, whitelistid):
""" Editer un accès gracieux, temporaire ou permanent.
Need droit cableur
Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement,
raison obligatoire"""
try:
whitelist_instance = Whitelist.objects.get(pk=whitelistid)
except Whitelist.DoesNotExist:
messages.error(request, "Entrée inexistante")
return redirect(reverse('users:index'))
whitelist = WhitelistForm(
request.POST or None,
instance=whitelist_instance
@ -493,7 +469,7 @@ def edit_whitelist(request, whitelistid):
@login_required
@permission_required('cableur')
@can_create(School)
def add_school(request):
""" Ajouter un établissement d'enseignement à la base de donnée,
need cableur"""
@ -509,15 +485,10 @@ def add_school(request):
@login_required
@permission_required('cableur')
def edit_school(request, schoolid):
@can_edit(School)
def edit_school(request, school_instance, schoolid):
""" Editer un établissement d'enseignement à partir du schoolid dans
la base de donnée, need cableur"""
try:
school_instance = School.objects.get(pk=schoolid)
except School.DoesNotExist:
messages.error(request, u"Entrée inexistante")
return redirect(reverse('users:index'))
school = SchoolForm(request.POST or None, instance=school_instance)
if school.is_valid():
with transaction.atomic(), reversion.create_revision():
@ -557,7 +528,7 @@ def del_school(request):
@login_required
@permission_required('bureau')
@can_create(ListRight)
def add_listright(request):
""" Ajouter un droit/groupe, nécessite droit bureau.
Obligation de fournir un gid pour la synchro ldap, unique """
@ -573,15 +544,10 @@ def add_listright(request):
@login_required
@permission_required('bureau')
def edit_listright(request, listrightid):
@can_edit(ListRight)
def edit_listright(request, listright_instance, listrightid):
""" Editer un groupe/droit, necessite droit bureau,
à partir du listright id """
try:
listright_instance = ListRight.objects.get(pk=listrightid)
except ListRight.DoesNotExist:
messages.error(request, u"Entrée inexistante")
return redirect(reverse('users:index'))
listright = ListRightForm(
request.POST or None,
instance=listright_instance
@ -615,7 +581,7 @@ def del_listright(request):
except ProtectedError:
messages.error(
request,
"L'établissement %s est affecté à au moins un user, \
"Le groupe %s est affecté à au moins un user, \
vous ne pouvez pas le supprimer" % listright_del)
return redirect(reverse('users:index-listright'))
return form({'userform': listright}, 'users/user.html', request)
@ -813,7 +779,7 @@ def history(request, object_name, object_id):
except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users:index'))
if not object_instance.can_view(request.user):
if not object_instance.can_view(request.user)[0]:
messages.error(request, "Vous ne pouvez pas afficher ce menu")
return redirect(reverse(
'users:profil',
@ -905,7 +871,7 @@ def profil(request, userid):
except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant")
return redirect(reverse('users:index'))
if not users.can_view(request.user):
if not users.can_view(request.user)[0]:
messages.error(request, "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse(
'users:profil',

Write Preview
Loading…
Cancel
Save