Nouveau système de gestion des droits

8 years ago · f285f5c5a8
7 changed files with 79 additions and 12 deletions
--- a/users/forms.py
+++ b/users/forms.py
@ -38,6 +38,7 @@ from django.forms import ModelForm, Form
 from django.contrib.auth.forms import ReadOnlyPasswordHashField
 from django.core.validators import MinLengthValidator
 from django.utils import timezone
+from django.contrib.auth.models import Group, Permission

 from preferences.models import OptionalUser
 from .models import User, ServiceUser, School, ListRight, Whitelist
@ -409,6 +410,23 @@ class StateForm(ModelForm):
        super(StateForm, self).__init__(*args, prefix=prefix, **kwargs)


+class GroupForm(ModelForm):
+    """ Gestion des groupes d'un user"""
+    groups = forms.ModelMultipleChoiceField(
+        Group.objects.all(),
+        widget=forms.CheckboxSelectMultiple,
+        required=False
+    )
+
+    class Meta:
+        model = User
+        fields = ['groups']
+
+    def __init__(self, *args, **kwargs):
+        prefix = kwargs.pop('prefix', self.Meta.model.__name__)
+        super(GroupForm, self).__init__(*args, prefix=prefix, **kwargs)
+
+
 class SchoolForm(ModelForm):
    """Edition, creation d'un école"""
    class Meta:
@ -424,6 +442,12 @@ class SchoolForm(ModelForm):
 class ListRightForm(ModelForm):
    """Edition, d'un groupe , équivalent à un droit
    Ne peremet pas d'editer le gid, car il sert de primary key"""
+    permissions = forms.ModelMultipleChoiceField(
+        Permission.objects.all(),
+        widget=forms.CheckboxSelectMultiple,
+        required=False
+    )
+
    class Meta:
        model = ListRight
        fields = ['name', 'unix_name', 'permissions', 'details']
@ -457,9 +481,9 @@ class DelListRightForm(Form):
        instances = kwargs.pop('instances', None)
        super(DelListRightForm, self).__init__(*args, **kwargs)
        if instances:
-            self.fields['unix_name'].queryset = instances
+            self.fields['listrights'].queryset = instances
        else:
-            self.fields['unix_name'].queryset = ListRight.objects.all()
+            self.fields['listrights'].queryset = ListRight.objects.all()


 class DelSchoolForm(Form):
--- a/users/models.py
+++ b/users/models.py
@ -1153,8 +1153,8 @@ class ListRight(Group):
        except LdapUserGroup.DoesNotExist:
            group_ldap = LdapUserGroup(gid=self.gid)
        group_ldap.name = self.listright
-        group_ldap.members = [right.user.pseudo for right
-                              in Right.objects.filter(right=self)]
+        group_ldap.members = [user.pseudo for user
+                              in self.user_set.all()]
        group_ldap.save()

    def ldap_del(self):
--- a/users/templates/users/aff_listright.html
+++ b/users/templates/users/aff_listright.html
@ -38,8 +38,20 @@ with this program; if not, write to the Free Software Foundation, Inc.,
        <tr>
            <td>{{ listright.name }}</td>
            <td>{{ listright.gid }}</td>
-            <td>{{ listright.permissions.all }}</td>
-            <td>{{ listright.user_set.all }}</td>
+            <td>
+                <div class="dropdown">
+                    <button class="btn btn-default dropdown-toggle" type="button" id="listpermissions" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
+                        Ensemble des permissions <span class="caret"></span>
+                    </button>
+                    <ul class="dropdown-menu" aria-labelledby="listpermissions">
+                    {% for perm in listright.permissions.all %}
+                        <li>
+			{{ perm.name }}
+                        </li>
+                    {% endfor %}
+                    </ul>
+		</div></td>
+		<td>{% for user in listright.user_set.all %}{{user}} <a role="button" href="{% url 'users:del-group' user.id listright.id %}" title="{{ desc|default:"Supprimer" }}"><i class="glyphicon glyphicon-remove" style="color:red"></i></a> | {% endfor %}</td>
 	    <td>{{ listright.details }}</td>
            <td class="text-right">
                {% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
--- a/users/templates/users/profil.html
+++ b/users/templates/users/profil.html
@ -42,7 +42,11 @@ with this program; if not, write to the Free Software Foundation, Inc.,
            <i class="glyphicon glyphicon-flash"></i>
            Changer le statut
        </a>
-        <a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
+	<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:groups' users.id %}">
+	    <i class="glyphicon glyphicon-ok"></i>
+            Gérer les groupes
+        </a>
+	<a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'user' users.id %}">
            <i class="glyphicon glyphicon-time"></i>
            Historique
        </a>
@ -117,9 +121,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
            {% else %}
            <td><i class="text-danger">Désactivé</i></td>
            {% endif %}
-            <th>Droits</th>
-            {% if list_droits %}
-            <td>{% for droit in list_droits %}{{ droit.right }}{% if list_droits|length != forloop.counter %}  - {% endif %} {% endfor %}</td>
+            <th>Groupes</th>
+            {% if users.groups.all %}
+	    <td>{{ users.groups.all|join:", "}}</td>
            {% else %}
            <td>Aucun</td>
            {% endif %}
--- a/users/templates/users/sidebar.html
+++ b/users/templates/users/sidebar.html
@ -68,7 +68,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
    {% can_view_all ListRight %}
        <a class="list-group-item list-group-item-info" href="{% url "users:index-listright" %}">
            <i class="glyphicon glyphicon-list"></i>
-            Droits
+            Groupes de droits
        </a>
    {% acl_end %}
    {% can_view_all ServiceUser %}
--- a/users/urls.py
+++ b/users/urls.py
@ -40,7 +40,9 @@ urlpatterns = [
        name='edit-club-admin-members'
    ),
    url(r'^state/(?P<userid>[0-9]+)$', views.state, name='state'),
+    url(r'^groups/(?P<userid>[0-9]+)$', views.groups, name='groups'),
    url(r'^password/(?P<userid>[0-9]+)$', views.password, name='password'),
+    url(r'^del_group/(?P<userid>[0-9]+)/(?P<listrightid>[0-9]+)$', views.del_group, name='del-group'),
    url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'),
    url(
        r'^edit_serviceuser/(?P<userid>[0-9]+)$',
--- a/users/views.py
+++ b/users/views.py
@ -80,7 +80,8 @@ from users.forms import (
    MassArchiveForm,
    PassForm,
    ResetPasswordForm,
-    ClubAdminandMembersForm
+    ClubAdminandMembersForm,
+    GroupForm
 )
 from cotisations.models import Facture
 from machines.models import Machine
@ -241,6 +242,20 @@ def state(request, user, userid):
    return form({'userform': state}, 'users/user.html', request)


+@login_required
+@can_edit(User)
+def groups(request, user, userid):
+    group = GroupForm(request.POST or None, instance=user)
+    if group.is_valid():
+        with transaction.atomic(), reversion.create_revision():
+            messages.success(request, "Groupes changés avec succès")
+            return redirect(reverse(
+                'users:profil',
+                kwargs={'userid':str(userid)}
+            ))
+    return form({'userform': group}, 'users/user.html', request)
+
+
@login_required
@can_edit(User, 'password')
 def password(request, user, userid):
@ -253,6 +268,16 @@ def password(request, user, userid):
    return form({'userform': u_form}, 'users/user.html', request)


+@login_required
+@can_edit(User)
+def del_group(request, user, userid, listrightid):
+    with transaction.atomic(), reversion.create_revision():
+        user.groups.remove(ListRight.objects.get(id=listrightid))
+        user.save()
+        messages.success(request, "Droit supprimé à %s" % user)
+    return redirect(reverse('users:index-listright'))
+
+
@login_required
@can_create(ServiceUser)
 def new_serviceuser(request):