1
0
mirror of https://gitlab.crans.org/mediatek/med.git synced 2024-11-27 00:07:12 +00:00

Permet l'édition des clefs depuis le campus sans auth

This commit is contained in:
Med 2017-07-16 02:41:44 +02:00
parent 6b7b20d279
commit 7fc044b68f
6 changed files with 156 additions and 21 deletions

53
users/decorators.py Normal file
View File

@ -0,0 +1,53 @@
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017 Gabriel Détraz
# Copyright © 2017 Goulven Kermarec
# Copyright © 2017 Augustin Lemesle
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# App de gestion des users pour med
# Goulven Kermarec, Gabriel Détraz, Lemesle Augustin
# Gplv2
from django.core.exceptions import PermissionDenied
from med.settings import AUTHORIZED_IP_RANGE, AUTHORIZED_IP6_RANGE
import ipaddress
def user_is_in_campus(function):
def wrap(request, *args, **kwargs):
if not request.user.is_authenticated:
remote_ip = get_ip(request)
if not ipaddress.ip_address(remote_ip) in ipaddress.ip_network(AUTHORIZED_IP_RANGE) and not ipaddress.ip_address(remote_ip) in ipaddress.ip_network(AUTHORIZED_IP6_RANGE):
raise PermissionDenied
return function(request, *args, **kwargs)
wrap.__doc__ = function.__doc__
wrap.__name__ = function.__name__
return wrap
def get_ip(request):
"""Returns the IP of the request, accounting for the possibility of being
behind a proxy.
"""
ip = request.META.get("HTTP_X_FORWARDED_FOR", None)
if ip:
# X_FORWARDED_FOR returns client1, proxy1, proxy2,...
ip = ip.split(", ")[0]
else:
ip = request.META.get("REMOTE_ADDR", "")
return ip

View File

@ -145,6 +145,12 @@ class ClefForm(ModelForm):
model = Clef model = Clef
fields = '__all__' fields = '__all__'
class BaseClefForm(ClefForm):
class Meta(ClefForm.Meta):
fields = [
'commentaire',
]
class AdhesionForm(ModelForm): class AdhesionForm(ModelForm):
adherent = forms.ModelMultipleChoiceField(User.objects.all(), widget=forms.CheckboxSelectMultiple, required=False) adherent = forms.ModelMultipleChoiceField(User.objects.all(), widget=forms.CheckboxSelectMultiple, required=False)
@ -164,8 +170,11 @@ class RightForm(ModelForm):
class DelRightForm(Form): class DelRightForm(Form):
rights = forms.ModelMultipleChoiceField(queryset=Right.objects.all(), label="Droits actuels", widget=forms.CheckboxSelectMultiple) rights = forms.ModelMultipleChoiceField(queryset=Right.objects.all(), widget=forms.CheckboxSelectMultiple)
def __init__(self, right, *args, **kwargs):
super(DelRightForm, self).__init__(*args, **kwargs)
self.fields['rights'].queryset = Right.objects.filter(right=right)
class ListRightForm(ModelForm): class ListRightForm(ModelForm):
class Meta: class Meta:

View File

@ -199,7 +199,7 @@ class Right(models.Model):
unique_together = ("user", "right") unique_together = ("user", "right")
def __str__(self): def __str__(self):
return str(self.user) + " - " + str(self.right) return str(self.user)
class ListRight(models.Model): class ListRight(models.Model):
PRETTY_NAME = "Liste des droits existants" PRETTY_NAME = "Liste des droits existants"

View File

@ -37,8 +37,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<td>{{ clef.proprio }}</td> <td>{{ clef.proprio }}</td>
<td>{{ clef.commentaire }}</td> <td>{{ clef.commentaire }}</td>
<td class="text-right"> <td class="text-right">
{% if is_bureau %}
{% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %} {% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %}
{% if is_bureau %}
{% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %} {% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %}
{% endif %} {% endif %}
{% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %} {% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %}

View File

@ -0,0 +1,58 @@
{% extends "users/sidebar.html" %}
{% comment %}
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
se veut agnostique au réseau considéré, de manière à être installable en
quelques clics.
Copyright © 2017 Gabriel Détraz
Copyright © 2017 Goulven Kermarec
Copyright © 2017 Augustin Lemesle
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
{% endcomment %}
{% load bootstrap3 %}
{% block title %}Création et modification d'utilisateur{% endblock %}
{% block content %}
<h1>Gestion des droits</h1>
<form class="form" method="post">
{% csrf_token %}
<table class="table table-striped">
<thead>
<tr>
{% for key, values in userform.items %}
<th>{{ key }}</th>
{% endfor %}
</tr>
</thead>
<tr>
{% for key, values in userform.items %}
{% bootstrap_form_errors values %}
<th>{{ values.rights }}</th>
{% endfor %}
</tr>
</table>
{% bootstrap_button "Modifier" button_type="submit" icon="star" %}
</form>
<br />
<br />
<br />
{% endblock %}

View File

@ -40,9 +40,10 @@ from django.db import transaction
from reversion.models import Version from reversion.models import Version
from reversion import revisions as reversion from reversion import revisions as reversion
from users.forms import DelListRightForm, NewListRightForm, ListRightForm, RightForm, DelRightForm from users.forms import DelListRightForm, NewListRightForm, ListRightForm, RightForm, DelRightForm
from users.forms import InfoForm, BaseInfoForm, StateForm, ClefForm, AdhesionForm from users.forms import InfoForm, BaseInfoForm, StateForm, ClefForm, BaseClefForm, AdhesionForm
from users.models import User, Request, ListRight, Right, Clef, Adhesion from users.models import User, Request, ListRight, Right, Clef, Adhesion
from users.forms import PassForm, ResetPasswordForm from users.forms import PassForm, ResetPasswordForm
from users.decorators import user_is_in_campus
from media.models import Emprunt from media.models import Emprunt
from med.settings import REQ_EXPIRE_STR, EMAIL_FROM, ASSO_NAME, ASSO_EMAIL, SITE_NAME, PAGINATION_NUMBER from med.settings import REQ_EXPIRE_STR, EMAIL_FROM, ASSO_NAME, ASSO_EMAIL, SITE_NAME, PAGINATION_NUMBER
@ -248,16 +249,19 @@ def add_right(request, userid):
@permission_required('bureau') @permission_required('bureau')
def del_right(request): def del_right(request):
""" Supprimer un droit à un user, need droit bureau """ """ Supprimer un droit à un user, need droit bureau """
user_right_list = DelRightForm(request.POST or None) user_right_list = dict()
if user_right_list.is_valid(): for right in ListRight.objects.all():
right_del = user_right_list.cleaned_data['rights'] user_right_list[right]= DelRightForm(right, request.POST or None)
for keys, right_item in user_right_list.items():
if right_item.is_valid():
right_del = right_item.cleaned_data['rights']
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
reversion.set_user(request.user) reversion.set_user(request.user)
reversion.set_comment("Retrait des droit %s" % ','.join(str(deleted_right) for deleted_right in right_del)) reversion.set_comment("Retrait des droit %s" % ','.join(str(deleted_right) for deleted_right in right_del))
right_del.delete() right_del.delete()
messages.success(request, "Droit retiré avec succès") messages.success(request, "Droit retiré avec succès")
return redirect("/users/") return redirect("/users/")
return form({'userform': user_right_list}, 'users/user.html', request) return form({'userform': user_right_list}, 'users/del_right.html', request)
@login_required @login_required
@permission_required('perm') @permission_required('perm')
@ -279,18 +283,21 @@ def add_clef(request):
return redirect("/users/index_clef/") return redirect("/users/index_clef/")
return form({'userform': clef}, 'users/user.html', request) return form({'userform': clef}, 'users/user.html', request)
@login_required @user_is_in_campus
@permission_required('bureau')
def edit_clef(request, clefid): def edit_clef(request, clefid):
try: try:
clef_instance = Clef.objects.get(pk=clefid) clef_instance = Clef.objects.get(pk=clefid)
except Clef.DoesNotExist: except Clef.DoesNotExist:
messages.error(request, u"Entrée inexistante" ) messages.error(request, u"Entrée inexistante" )
return redirect("/users/index_clef/") return redirect("/users/index_clef/")
if request.user.has_perms(('bureau',)):
clef = ClefForm(request.POST or None, instance=clef_instance) clef = ClefForm(request.POST or None, instance=clef_instance)
else:
clef = BaseClefForm(request.POST or None, instance=clef_instance)
if clef.is_valid(): if clef.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
clef.save() clef.save()
if request.user.is_authenticated:
reversion.set_user(request.user) reversion.set_user(request.user)
reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in clef.changed_data)) reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in clef.changed_data))
messages.success(request, "Clef modifié") messages.success(request, "Clef modifié")
@ -313,12 +320,11 @@ def del_clef(request, clefid):
return redirect("/users/index_clef") return redirect("/users/index_clef")
return form({'objet': clef_instance, 'objet_name': 'clef'}, 'users/delete.html', request) return form({'objet': clef_instance, 'objet_name': 'clef'}, 'users/delete.html', request)
@login_required @user_is_in_campus
def index_clef(request): def index_clef(request):
clef_list = Clef.objects.all().order_by('nom') clef_list = Clef.objects.all().order_by('nom')
return render(request, 'users/index_clef.html', {'clef_list':clef_list}) return render(request, 'users/index_clef.html', {'clef_list':clef_list})
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def add_adhesion(request): def add_adhesion(request):
@ -405,10 +411,19 @@ def index_ajour(request):
users_list = paginator.page(paginator.num_pages) users_list = paginator.page(paginator.num_pages)
return render(request, 'users/index.html', {'users_list': users_list}) return render(request, 'users/index.html', {'users_list': users_list})
@login_required @user_is_in_campus
def history(request, object, id): def history(request, object, id):
""" Affichage de l'historique : (acl, argument) """ Affichage de l'historique : (acl, argument)
user : self, userid""" user : self, userid"""
if object == 'clef':
try:
object_instance = Clef.objects.get(pk=id)
except Clef.DoesNotExist:
messages.error(request, "Utilisateur inexistant")
return redirect("/users/")
elif not request.user.is_authenticated:
messages.error(request, "Permission denied")
return redirect("/users/")
if object == 'user': if object == 'user':
try: try:
object_instance = User.objects.get(pk=id) object_instance = User.objects.get(pk=id)