Acl gérées cotée models, can_edit et can_view (vers les acl django...)

8 years ago · 772fdcaa1b
3 changed files with 39 additions and 23 deletions
--- a/users/models.py
+++ b/users/models.py
@ -758,6 +758,21 @@ class User(AbstractBaseUser):
            num += 1
        return composed_pseudo(num)

+    def can_edit(self, user):
+        if self.is_class_club and user.is_class_adherent:
+            return self == user or user.has_perms(('cableur',))or\
+                user.adherent in self.club.administrators.all() 
+        else:
+            return self == user or user.has_perms(('cableur',))
+
+    def can_view(self, user):
+        if self.is_class_club and user.is_class_adherent:
+            return self == user or user.has_perms(('cableur',))or\
+                user.adherent in self.club.administrators.all() or\
+                user.adherent in self.club.members.all()
+        else:
+            return self == user or user.has_perms(('cableur',))
+
    def __str__(self):
        return self.pseudo

--- a/users/templates/users/sidebar.html
+++ b/users/templates/users/sidebar.html
@ -25,7 +25,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,


 {% block sidebar %}
-    {% if is_cableur %}
+   {% if is_cableur %}
        <a class="list-group-item list-group-item-success" href="{% url "users:new-user" %}">
            <i class="glyphicon glyphicon-plus"></i>
            Créer un adhérent
@ -34,13 +34,16 @@ with this program; if not, write to the Free Software Foundation, Inc.,
            <i class="glyphicon glyphicon-plus"></i>
            Créer un club/association
        </a>
-	<a class="list-group-item list-group-item-info" href="{% url "users:index" %}">
+   {% endif %}
+   {% if is_cableur %}
+	<a class="list-group-item list-group-item-info" href="{% url "users:index-clubs" %}">
            <i class="glyphicon glyphicon-list"></i>
-            Adherents
+            Clubs et assos
        </a>
-	<a class="list-group-item list-group-item-info" href="{% url "users:index-clubs" %}">
+ 
+	<a class="list-group-item list-group-item-info" href="{% url "users:index" %}">
            <i class="glyphicon glyphicon-list"></i>
-            Clubs
+            Adherents
        </a>
 	<a class="list-group-item list-group-item-info" href="{% url "users:index-ban" %}">
            <i class="glyphicon glyphicon-list"></i>
--- a/users/views.py
+++ b/users/views.py
@ -40,7 +40,7 @@ from django.shortcuts import get_object_or_404, render, redirect
 from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required, permission_required
-from django.db.models import ProtectedError
+from django.db.models import ProtectedError, Q
 from django.db import IntegrityError
 from django.utils import timezone
 from django.db import transaction
@ -163,8 +163,7 @@ def edit_club_admin_members(request, clubid):
    except Club.DoesNotExist:
        messages.error(request, "Club inexistant")
        return redirect(reverse('users:index'))
-    if not request.user.has_perms(('cableur',))\
-        and not request.user in club_instance.administrators.all():
+    if not club_instance.can_edit(request.user):
        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
        return redirect(reverse(
            'users:profil',
@ -214,9 +213,8 @@ def edit_info(request, userid):
    except User.DoesNotExist:
        messages.error(request, "Utilisateur inexistant")
        return redirect(reverse('users:index'))
-    if not request.user.has_perms(('cableur',)) and user != request.user:
-        messages.error(request, "Vous ne pouvez pas modifier un autre\
-        user que vous sans droit cableur")
+    if not user.can_edit(request.user):
+        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
        return redirect(reverse(
            'users:profil',
            kwargs={'userid':str(request.user.id)}
@ -279,9 +277,8 @@ def password(request, userid):
    except User.DoesNotExist:
        messages.error(request, "Utilisateur inexistant")
        return redirect(reverse('users'))
-    if not request.user.has_perms(('cableur',)) and user != request.user:
-        messages.error(request, "Vous ne pouvez pas modifier un\
-        autre user que vous sans droit cableur")
+    if not user.can_edit(request.user):
+        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
        return redirect(reverse(
            'users:profil',
            kwargs={'userid':str(request.user.id)}
@ -722,12 +719,16 @@ def index(request):


@login_required
-@permission_required('cableur')
 def index_clubs(request):
    """ Affiche l'ensemble des clubs, need droit cableur """
    options, _created = GeneralOption.objects.get_or_create()
    pagination_number = options.pagination_number
-    clubs_list = Club.objects.select_related('room')
+    if not request.user.has_perms(('cableur',)):
+        clubs_list = Club.objects.filter(
+            Q(administrators=request.user.adherent) | Q(members=request.user.adherent)
+        ).distinct().select_related('room')
+    else:
+        clubs_list = Club.objects.select_related('room')
    clubs_list = SortTable.sort(
        clubs_list,
        request.GET.get('col'),
@ -853,10 +854,8 @@ def history(request, object_name, object_id):
        except User.DoesNotExist:
            messages.error(request, "Utilisateur inexistant")
            return redirect(reverse('users:index'))
-        if not request.user.has_perms(('cableur',)) and\
-                object_instance != request.user:
-            messages.error(request, "Vous ne pouvez pas afficher\
-            l'historique d'un autre user que vous sans droit cableur")
+        if not object_instance.can_view(request.user):
+            messages.error(request, "Vous ne pouvez pas afficher ce menu")
            return redirect(reverse(
                'users:profil',
                kwargs={'userid':str(request.user.id)}
@ -947,9 +946,8 @@ def profil(request, userid):
    except User.DoesNotExist:
        messages.error(request, "Utilisateur inexistant")
        return redirect(reverse('users:index'))
-    if not request.user.has_perms(('cableur',)) and users != request.user:
-        messages.error(request, "Vous ne pouvez pas afficher un autre user\
-        que vous sans droit cableur")
+    if not users.can_view(request.user):
+        messages.error(request, "Vous ne pouvez pas accéder à ce menu")
        return redirect(reverse(
            'users:profil',
            kwargs={'userid':str(request.user.id)}