mirror of
https://gitlab.crans.org/mediatek/med.git
synced 2024-11-27 00:07:12 +00:00
Permet l'édition des clefs depuis le campus sans auth
This commit is contained in:
parent
6b7b20d279
commit
7fc044b68f
53
users/decorators.py
Normal file
53
users/decorators.py
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||||
|
# se veut agnostique au réseau considéré, de manière à être installable en
|
||||||
|
# quelques clics.
|
||||||
|
#
|
||||||
|
# Copyright © 2017 Gabriel Détraz
|
||||||
|
# Copyright © 2017 Goulven Kermarec
|
||||||
|
# Copyright © 2017 Augustin Lemesle
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
|
||||||
|
# App de gestion des users pour med
|
||||||
|
# Goulven Kermarec, Gabriel Détraz, Lemesle Augustin
|
||||||
|
# Gplv2
|
||||||
|
|
||||||
|
|
||||||
|
from django.core.exceptions import PermissionDenied
|
||||||
|
from med.settings import AUTHORIZED_IP_RANGE, AUTHORIZED_IP6_RANGE
|
||||||
|
import ipaddress
|
||||||
|
|
||||||
|
def user_is_in_campus(function):
|
||||||
|
def wrap(request, *args, **kwargs):
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
remote_ip = get_ip(request)
|
||||||
|
if not ipaddress.ip_address(remote_ip) in ipaddress.ip_network(AUTHORIZED_IP_RANGE) and not ipaddress.ip_address(remote_ip) in ipaddress.ip_network(AUTHORIZED_IP6_RANGE):
|
||||||
|
raise PermissionDenied
|
||||||
|
return function(request, *args, **kwargs)
|
||||||
|
wrap.__doc__ = function.__doc__
|
||||||
|
wrap.__name__ = function.__name__
|
||||||
|
return wrap
|
||||||
|
|
||||||
|
def get_ip(request):
|
||||||
|
"""Returns the IP of the request, accounting for the possibility of being
|
||||||
|
behind a proxy.
|
||||||
|
"""
|
||||||
|
ip = request.META.get("HTTP_X_FORWARDED_FOR", None)
|
||||||
|
if ip:
|
||||||
|
# X_FORWARDED_FOR returns client1, proxy1, proxy2,...
|
||||||
|
ip = ip.split(", ")[0]
|
||||||
|
else:
|
||||||
|
ip = request.META.get("REMOTE_ADDR", "")
|
||||||
|
return ip
|
@ -145,6 +145,12 @@ class ClefForm(ModelForm):
|
|||||||
model = Clef
|
model = Clef
|
||||||
fields = '__all__'
|
fields = '__all__'
|
||||||
|
|
||||||
|
class BaseClefForm(ClefForm):
|
||||||
|
class Meta(ClefForm.Meta):
|
||||||
|
fields = [
|
||||||
|
'commentaire',
|
||||||
|
]
|
||||||
|
|
||||||
class AdhesionForm(ModelForm):
|
class AdhesionForm(ModelForm):
|
||||||
adherent = forms.ModelMultipleChoiceField(User.objects.all(), widget=forms.CheckboxSelectMultiple, required=False)
|
adherent = forms.ModelMultipleChoiceField(User.objects.all(), widget=forms.CheckboxSelectMultiple, required=False)
|
||||||
|
|
||||||
@ -164,8 +170,11 @@ class RightForm(ModelForm):
|
|||||||
|
|
||||||
|
|
||||||
class DelRightForm(Form):
|
class DelRightForm(Form):
|
||||||
rights = forms.ModelMultipleChoiceField(queryset=Right.objects.all(), label="Droits actuels", widget=forms.CheckboxSelectMultiple)
|
rights = forms.ModelMultipleChoiceField(queryset=Right.objects.all(), widget=forms.CheckboxSelectMultiple)
|
||||||
|
|
||||||
|
def __init__(self, right, *args, **kwargs):
|
||||||
|
super(DelRightForm, self).__init__(*args, **kwargs)
|
||||||
|
self.fields['rights'].queryset = Right.objects.filter(right=right)
|
||||||
|
|
||||||
class ListRightForm(ModelForm):
|
class ListRightForm(ModelForm):
|
||||||
class Meta:
|
class Meta:
|
||||||
|
@ -199,7 +199,7 @@ class Right(models.Model):
|
|||||||
unique_together = ("user", "right")
|
unique_together = ("user", "right")
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return str(self.user) + " - " + str(self.right)
|
return str(self.user)
|
||||||
|
|
||||||
class ListRight(models.Model):
|
class ListRight(models.Model):
|
||||||
PRETTY_NAME = "Liste des droits existants"
|
PRETTY_NAME = "Liste des droits existants"
|
||||||
|
@ -37,8 +37,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
|||||||
<td>{{ clef.proprio }}</td>
|
<td>{{ clef.proprio }}</td>
|
||||||
<td>{{ clef.commentaire }}</td>
|
<td>{{ clef.commentaire }}</td>
|
||||||
<td class="text-right">
|
<td class="text-right">
|
||||||
{% if is_bureau %}
|
|
||||||
{% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %}
|
{% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %}
|
||||||
|
{% if is_bureau %}
|
||||||
{% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %}
|
{% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %}
|
{% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %}
|
||||||
|
58
users/templates/users/del_right.html
Normal file
58
users/templates/users/del_right.html
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
{% extends "users/sidebar.html" %}
|
||||||
|
{% comment %}
|
||||||
|
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||||
|
se veut agnostique au réseau considéré, de manière à être installable en
|
||||||
|
quelques clics.
|
||||||
|
|
||||||
|
Copyright © 2017 Gabriel Détraz
|
||||||
|
Copyright © 2017 Goulven Kermarec
|
||||||
|
Copyright © 2017 Augustin Lemesle
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License along
|
||||||
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
{% endcomment %}
|
||||||
|
|
||||||
|
{% load bootstrap3 %}
|
||||||
|
|
||||||
|
{% block title %}Création et modification d'utilisateur{% endblock %}
|
||||||
|
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
|
||||||
|
<h1>Gestion des droits</h1>
|
||||||
|
|
||||||
|
<form class="form" method="post">
|
||||||
|
{% csrf_token %}
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
{% for key, values in userform.items %}
|
||||||
|
<th>{{ key }}</th>
|
||||||
|
{% endfor %}
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tr>
|
||||||
|
{% for key, values in userform.items %}
|
||||||
|
{% bootstrap_form_errors values %}
|
||||||
|
<th>{{ values.rights }}</th>
|
||||||
|
{% endfor %}
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
{% bootstrap_button "Modifier" button_type="submit" icon="star" %}
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
{% endblock %}
|
@ -40,9 +40,10 @@ from django.db import transaction
|
|||||||
from reversion.models import Version
|
from reversion.models import Version
|
||||||
from reversion import revisions as reversion
|
from reversion import revisions as reversion
|
||||||
from users.forms import DelListRightForm, NewListRightForm, ListRightForm, RightForm, DelRightForm
|
from users.forms import DelListRightForm, NewListRightForm, ListRightForm, RightForm, DelRightForm
|
||||||
from users.forms import InfoForm, BaseInfoForm, StateForm, ClefForm, AdhesionForm
|
from users.forms import InfoForm, BaseInfoForm, StateForm, ClefForm, BaseClefForm, AdhesionForm
|
||||||
from users.models import User, Request, ListRight, Right, Clef, Adhesion
|
from users.models import User, Request, ListRight, Right, Clef, Adhesion
|
||||||
from users.forms import PassForm, ResetPasswordForm
|
from users.forms import PassForm, ResetPasswordForm
|
||||||
|
from users.decorators import user_is_in_campus
|
||||||
from media.models import Emprunt
|
from media.models import Emprunt
|
||||||
|
|
||||||
from med.settings import REQ_EXPIRE_STR, EMAIL_FROM, ASSO_NAME, ASSO_EMAIL, SITE_NAME, PAGINATION_NUMBER
|
from med.settings import REQ_EXPIRE_STR, EMAIL_FROM, ASSO_NAME, ASSO_EMAIL, SITE_NAME, PAGINATION_NUMBER
|
||||||
@ -248,16 +249,19 @@ def add_right(request, userid):
|
|||||||
@permission_required('bureau')
|
@permission_required('bureau')
|
||||||
def del_right(request):
|
def del_right(request):
|
||||||
""" Supprimer un droit à un user, need droit bureau """
|
""" Supprimer un droit à un user, need droit bureau """
|
||||||
user_right_list = DelRightForm(request.POST or None)
|
user_right_list = dict()
|
||||||
if user_right_list.is_valid():
|
for right in ListRight.objects.all():
|
||||||
right_del = user_right_list.cleaned_data['rights']
|
user_right_list[right]= DelRightForm(right, request.POST or None)
|
||||||
|
for keys, right_item in user_right_list.items():
|
||||||
|
if right_item.is_valid():
|
||||||
|
right_del = right_item.cleaned_data['rights']
|
||||||
with transaction.atomic(), reversion.create_revision():
|
with transaction.atomic(), reversion.create_revision():
|
||||||
reversion.set_user(request.user)
|
reversion.set_user(request.user)
|
||||||
reversion.set_comment("Retrait des droit %s" % ','.join(str(deleted_right) for deleted_right in right_del))
|
reversion.set_comment("Retrait des droit %s" % ','.join(str(deleted_right) for deleted_right in right_del))
|
||||||
right_del.delete()
|
right_del.delete()
|
||||||
messages.success(request, "Droit retiré avec succès")
|
messages.success(request, "Droit retiré avec succès")
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
return form({'userform': user_right_list}, 'users/user.html', request)
|
return form({'userform': user_right_list}, 'users/del_right.html', request)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('perm')
|
@permission_required('perm')
|
||||||
@ -279,18 +283,21 @@ def add_clef(request):
|
|||||||
return redirect("/users/index_clef/")
|
return redirect("/users/index_clef/")
|
||||||
return form({'userform': clef}, 'users/user.html', request)
|
return form({'userform': clef}, 'users/user.html', request)
|
||||||
|
|
||||||
@login_required
|
@user_is_in_campus
|
||||||
@permission_required('bureau')
|
|
||||||
def edit_clef(request, clefid):
|
def edit_clef(request, clefid):
|
||||||
try:
|
try:
|
||||||
clef_instance = Clef.objects.get(pk=clefid)
|
clef_instance = Clef.objects.get(pk=clefid)
|
||||||
except Clef.DoesNotExist:
|
except Clef.DoesNotExist:
|
||||||
messages.error(request, u"Entrée inexistante" )
|
messages.error(request, u"Entrée inexistante" )
|
||||||
return redirect("/users/index_clef/")
|
return redirect("/users/index_clef/")
|
||||||
|
if request.user.has_perms(('bureau',)):
|
||||||
clef = ClefForm(request.POST or None, instance=clef_instance)
|
clef = ClefForm(request.POST or None, instance=clef_instance)
|
||||||
|
else:
|
||||||
|
clef = BaseClefForm(request.POST or None, instance=clef_instance)
|
||||||
if clef.is_valid():
|
if clef.is_valid():
|
||||||
with transaction.atomic(), reversion.create_revision():
|
with transaction.atomic(), reversion.create_revision():
|
||||||
clef.save()
|
clef.save()
|
||||||
|
if request.user.is_authenticated:
|
||||||
reversion.set_user(request.user)
|
reversion.set_user(request.user)
|
||||||
reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in clef.changed_data))
|
reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in clef.changed_data))
|
||||||
messages.success(request, "Clef modifié")
|
messages.success(request, "Clef modifié")
|
||||||
@ -313,12 +320,11 @@ def del_clef(request, clefid):
|
|||||||
return redirect("/users/index_clef")
|
return redirect("/users/index_clef")
|
||||||
return form({'objet': clef_instance, 'objet_name': 'clef'}, 'users/delete.html', request)
|
return form({'objet': clef_instance, 'objet_name': 'clef'}, 'users/delete.html', request)
|
||||||
|
|
||||||
@login_required
|
@user_is_in_campus
|
||||||
def index_clef(request):
|
def index_clef(request):
|
||||||
clef_list = Clef.objects.all().order_by('nom')
|
clef_list = Clef.objects.all().order_by('nom')
|
||||||
return render(request, 'users/index_clef.html', {'clef_list':clef_list})
|
return render(request, 'users/index_clef.html', {'clef_list':clef_list})
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('bureau')
|
@permission_required('bureau')
|
||||||
def add_adhesion(request):
|
def add_adhesion(request):
|
||||||
@ -405,10 +411,19 @@ def index_ajour(request):
|
|||||||
users_list = paginator.page(paginator.num_pages)
|
users_list = paginator.page(paginator.num_pages)
|
||||||
return render(request, 'users/index.html', {'users_list': users_list})
|
return render(request, 'users/index.html', {'users_list': users_list})
|
||||||
|
|
||||||
@login_required
|
@user_is_in_campus
|
||||||
def history(request, object, id):
|
def history(request, object, id):
|
||||||
""" Affichage de l'historique : (acl, argument)
|
""" Affichage de l'historique : (acl, argument)
|
||||||
user : self, userid"""
|
user : self, userid"""
|
||||||
|
if object == 'clef':
|
||||||
|
try:
|
||||||
|
object_instance = Clef.objects.get(pk=id)
|
||||||
|
except Clef.DoesNotExist:
|
||||||
|
messages.error(request, "Utilisateur inexistant")
|
||||||
|
return redirect("/users/")
|
||||||
|
elif not request.user.is_authenticated:
|
||||||
|
messages.error(request, "Permission denied")
|
||||||
|
return redirect("/users/")
|
||||||
if object == 'user':
|
if object == 'user':
|
||||||
try:
|
try:
|
||||||
object_instance = User.objects.get(pk=id)
|
object_instance = User.objects.get(pk=id)
|
||||||
|
Loading…
Reference in New Issue
Block a user