Ajoute des acls sur les vues critiques

10 years ago · aa4bbc8fce
4 changed files with 25 additions and 7 deletions
--- a/cotisations/views.py
+++ b/cotisations/views.py
@ -5,7 +5,7 @@ from django.shortcuts import render, redirect
 from django.shortcuts import render_to_response, get_object_or_404
 from django.core.context_processors import csrf
 from django.template import Context, RequestContext, loader
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.contrib import messages
 from django.db.models import Max, ProtectedError

@ -91,6 +91,7 @@ def edit_facture(request, factureid):
    return form({'factureform': facture_form}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def add_article(request):
    article = ArticleForm(request.POST or None)
    if article.is_valid():
@ -100,6 +101,7 @@ def add_article(request):
    return form({'factureform': article}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def edit_article(request, articleid):
    try:
        article_instance = Article.objects.get(pk=articleid)
@ -114,6 +116,7 @@ def edit_article(request, articleid):
    return form({'factureform': article}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def del_article(request):
    article = DelArticleForm(request.POST or None)
    if article.is_valid():
@ -124,6 +127,7 @@ def del_article(request):
    return form({'factureform': article}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def add_paiement(request):
    paiement = PaiementForm(request.POST or None)
    if paiement.is_valid():
@ -133,6 +137,7 @@ def add_paiement(request):
    return form({'factureform': paiement}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def edit_paiement(request, paiementid):
    try:
        paiement_instance = Paiement.objects.get(pk=paiementid)
@ -147,6 +152,7 @@ def edit_paiement(request, paiementid):
    return form({'factureform': paiement}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def del_paiement(request):
    paiement = DelPaiementForm(request.POST or None)
    if paiement.is_valid():
@ -161,6 +167,7 @@ def del_paiement(request):
    return form({'factureform': paiement}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def add_banque(request):
    banque = BanqueForm(request.POST or None)
    if banque.is_valid():
@ -170,6 +177,7 @@ def add_banque(request):
    return form({'factureform': banque}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def edit_banque(request, banqueid):
    try:
        banque_instance = Article.objects.get(pk=banqueid)
@ -184,6 +192,7 @@ def edit_banque(request, banqueid):
    return form({'factureform': banque}, 'cotisations/facture.html', request)

@login_required
+@permission_required('trésorier')
 def del_banque(request):
    banque = DelBanqueForm(request.POST or None)
    if banque.is_valid():
--- a/topologie/views.py
+++ b/topologie/views.py
@ -1,6 +1,6 @@
 from django.shortcuts import render, redirect
 from django.contrib import messages
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.db import IntegrityError

 from topologie.models import Switch, Port
@ -23,6 +23,7 @@ def index_port(request, switch_id):
    return render(request, 'topologie/index_p.html', {'port_list':port_list, 'id_switch':switch_id, 'nom_switch':switch})

@login_required
+@permission_required('admin')
 def new_port(request, switch_id):
    try:
        switch = Switch.objects.get(pk=switch_id)
@ -42,6 +43,7 @@ def new_port(request, switch_id):
    return form({'topoform':port}, 'topologie/port.html', request)

@login_required
+@permission_required('admin')
 def edit_port(request, port_id):
    try:
        port = Port.objects.get(pk=port_id)
@ -56,6 +58,7 @@ def edit_port(request, port_id):
    return form({'topoform':port}, 'topologie/port.html', request)

@login_required
+@permission_required('admin')
 def new_switch(request):
    switch = EditSwitchForm(request.POST or None)
    if switch.is_valid():
@ -65,6 +68,7 @@ def new_switch(request):
    return form({'topoform':switch}, 'topologie/port.html', request)

@login_required
+@permission_required('admin')
 def edit_switch(request, switch_id):
    try:
        switch = Switch.objects.get(pk=switch_id)
--- a/users/models.py
+++ b/users/models.py
@ -8,7 +8,6 @@ from django.contrib.auth.models import AbstractBaseUser, BaseUserManager

 from topologie.models import Room

-
 def remove_user_room(room):
    """ Déménage de force l'ancien locataire de la chambre """
    try:
@ -133,8 +132,12 @@ class User(AbstractBaseUser):
    def get_short_name(self):
        return self.name

-    def has_perm(self, perm, obj=None):
-        # Simplest version
+    def has_perms(self, perms, obj=None):
+        for perm in perms:
+            try:
+                Right.objects.get(user=self, right__listright=perm)
+            except Right.DoesNotExist:
+                return False
        return True

    def has_module_perms(self, app_label):
--- a/users/views.py
+++ b/users/views.py
@ -5,12 +5,12 @@ from django.shortcuts import render_to_response, render, redirect
 from django.core.context_processors import csrf
 from django.template import RequestContext
 from django.contrib import messages
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.db.models import Max, ProtectedError
 from django.db import IntegrityError
 from django.utils import timezone

-from users.models import User, Right, Ban, Whitelist
+from users.models import User, Right, Ban, Whitelist, School
 from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm
 from users.models import InfoForm, StateForm, RightForm, SchoolForm
 from cotisations.models import Facture
@ -154,6 +154,7 @@ def password(request, userid):
    return form({'userform': u_form}, 'users/user.html', request)

@login_required
+@permission_required('bureau')
 def add_right(request, userid):
    try:
        user = User.objects.get(pk=userid)
@ -173,6 +174,7 @@ def add_right(request, userid):
    return form({'userform': right}, 'users/user.html', request)

@login_required
+@permission_required('bureau')
 def del_right(request):
    right = DelRightForm(request.POST or None)
    if right.is_valid():