Fix droits

This commit is contained in:
Med 2017-07-04 01:12:51 +02:00
parent 15221db62f
commit dee26e3eda
12 changed files with 31 additions and 23 deletions

View File

@ -36,8 +36,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% for auteur in auteurs_list %} {% for auteur in auteurs_list %}
<tr> <tr>
<td>{{ auteur.nom }}</td> <td>{{ auteur.nom }}</td>
<td>{% include 'buttons/edit.html' with href='media:edit-auteur' id=auteur.id %} <td>{% if is_perm %}{% include 'buttons/edit.html' with href='media:edit-auteur' id=auteur.id %}
{% include 'buttons/suppr.html' with href='media:del-auteur' id=auteur.id %} {% include 'buttons/suppr.html' with href='media:del-auteur' id=auteur.id %}{% endif %}
{% include 'buttons/history.html' with href='media:history' name='auteur' id=auteur.id %}</td> {% include 'buttons/history.html' with href='media:history' name='auteur' id=auteur.id %}</td>
</tr> </tr>
{% endfor %} {% endfor %}

View File

@ -46,7 +46,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</td> </td>
<td>{{ emprunt.date_emprunt }}</td> <td>{{ emprunt.date_emprunt }}</td>
<td>{{ emprunt.permanencier_emprunt }}</td> <td>{{ emprunt.permanencier_emprunt }}</td>
<td>{% if not emprunt.date_rendu %}<a class="btn btn-primary btn-sm" role="button" href="{% url 'media:retour-emprunt' emprunt.id %}"><i class="glyphicon glyphicon-ok"></i> Retour</a>{% else %}{{ emprunt.date_rendu }}{% endif %}</td> <td>{% if not emprunt.date_rendu %}{% if is_perm %}<a class="btn btn-primary btn-sm" role="button" href="{% url 'media:retour-emprunt' emprunt.id %}"><i class="glyphicon glyphicon-ok"></i> Retour</a>{% endif %}{% else %}{{ emprunt.date_rendu }}{% endif %}</td>
<td>{{ emprunt.permanencier_rendu }}</td> <td>{{ emprunt.permanencier_rendu }}</td>
<td> <td>
<div class="dropdown"> <div class="dropdown">
@ -57,8 +57,6 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<ul class="dropdown-menu" aria-labelledby="editionemprunt"> <ul class="dropdown-menu" aria-labelledby="editionemprunt">
{% if is_perm %} {% if is_perm %}
<li><a href="{% url 'media:edit-emprunt' emprunt.id %}"><i class="glyphicon glyphicon-edit"></i> Editer</a></li> <li><a href="{% url 'media:edit-emprunt' emprunt.id %}"><i class="glyphicon glyphicon-edit"></i> Editer</a></li>
{% endif %}
{% if is_bureau %}
<li><a href="{% url 'media:del-emprunt' emprunt.id %}"><i class="glyphicon glyphicon-trash"></i> Supprimer</a></li> <li><a href="{% url 'media:del-emprunt' emprunt.id %}"><i class="glyphicon glyphicon-trash"></i> Supprimer</a></li>
{% endif %} {% endif %}
<li><a href="{% url 'media:history' 'emprunt' emprunt.id %}"><i class="glyphicon glyphicon-time"></i> Historique</a></li> <li><a href="{% url 'media:history' 'emprunt' emprunt.id %}"><i class="glyphicon glyphicon-time"></i> Historique</a></li>

View File

@ -46,8 +46,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<td>{{ jeu.nombre_joueurs_min }}</td> <td>{{ jeu.nombre_joueurs_min }}</td>
<td>{{ jeu.nombre_joueurs_max }}</td> <td>{{ jeu.nombre_joueurs_max }}</td>
<td>{{ jeu.comment }}</td> <td>{{ jeu.comment }}</td>
<td>{% include 'buttons/edit.html' with href='media:edit-jeu' id=jeu.id %} <td>{% if is_perm %}{% include 'buttons/edit.html' with href='media:edit-jeu' id=jeu.id %}
{% include 'buttons/suppr.html' with href='media:del-jeu' id=jeu.id %} {% include 'buttons/suppr.html' with href='media:del-jeu' id=jeu.id %}{% endif %}
{% include 'buttons/history.html' with href='media:history' name='jeu' id=jeu.id %}</td> {% include 'buttons/history.html' with href='media:history' name='jeu' id=jeu.id %}</td>
</tr> </tr>
{% endfor %} {% endfor %}

View File

@ -40,8 +40,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<td>{{ media.titre }}</td> <td>{{ media.titre }}</td>
<td>{% for aut in media.auteur.all %}{{ aut }}, {% endfor %}</td> <td>{% for aut in media.auteur.all %}{{ aut }}, {% endfor %}</td>
<td>{{ media.cote }}</td> <td>{{ media.cote }}</td>
<td>{% include 'buttons/edit.html' with href='media:edit-media' id=media.id %} <td>{% if is_perm %}{% include 'buttons/edit.html' with href='media:edit-media' id=media.id %}
{% include 'buttons/suppr.html' with href='media:del-media' id=media.id %} {% include 'buttons/suppr.html' with href='media:del-media' id=media.id %}{% endif %}
{% include 'buttons/history.html' with href='media:history' name='media' id=media.id %}</td> {% include 'buttons/history.html' with href='media:history' name='media' id=media.id %}</td>
</tr> </tr>
{% endfor %} {% endfor %}

View File

@ -210,7 +210,7 @@ def edit_emprunt(request, empruntid):
return form({'mediaform': emprunt}, 'media/media.html', request) return form({'mediaform': emprunt}, 'media/media.html', request)
@login_required @login_required
@permission_required('bureau') @permission_required('perm')
def retour_emprunt(request, empruntid): def retour_emprunt(request, empruntid):
try: try:
emprunt_instance = Emprunt.objects.get(pk=empruntid) emprunt_instance = Emprunt.objects.get(pk=empruntid)
@ -226,7 +226,7 @@ def retour_emprunt(request, empruntid):
return redirect("/media/index_emprunts/") return redirect("/media/index_emprunts/")
@login_required @login_required
@permission_required('bureau') @permission_required('perm')
def del_emprunt(request, empruntid): def del_emprunt(request, empruntid):
try: try:
emprunt_instance = Emprunt.objects.get(pk=empruntid) emprunt_instance = Emprunt.objects.get(pk=empruntid)
@ -261,7 +261,7 @@ def index_jeux(request):
@login_required @login_required
def index_auteurs(request): def index_auteurs(request):
auteurs_list = Auteur.objects.all() auteurs_list = Auteur.objects.all().order_by('nom')
paginator = Paginator(auteurs_list, PAGINATION_NUMBER) paginator = Paginator(auteurs_list, PAGINATION_NUMBER)
page = request.GET.get('page') page = request.GET.get('page')
try: try:

View File

@ -37,8 +37,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<td>{{ clef.proprio }}</td> <td>{{ clef.proprio }}</td>
<td>{{ clef.commentaire }}</td> <td>{{ clef.commentaire }}</td>
<td class="text-right"> <td class="text-right">
{% if is_bureau %}
{% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %} {% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %}
{% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %} {% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %}
{% endif %}
{% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %} {% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %}
</td> </td>
</tr> </tr>

View File

@ -36,7 +36,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<td>{{ listright.listright }}</td> <td>{{ listright.listright }}</td>
<td>{{ listright.details }}</td> <td>{{ listright.details }}</td>
<td class="text-right"> <td class="text-right">
{% if is_bureau %}
{% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %} {% include 'buttons/edit.html' with href='users:edit-listright' id=listright.id %}
{% endif %}
{% include 'buttons/history.html' with href='users:history' name='listright' id=listright.id %} {% include 'buttons/history.html' with href='users:history' name='listright' id=listright.id %}
</td> </td>
</tr> </tr>

View File

@ -29,7 +29,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% block content %} {% block content %}
<h2>Liste des clef</h2> <h2>Liste des clef</h2>
{% if is_perm %} {% if is_bureau %}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:add-clef' %}"><i class="glyphicon glyphicon-plus"></i> Ajouter une clef</a> <a class="btn btn-primary btn-sm" role="button" href="{% url 'users:add-clef' %}"><i class="glyphicon glyphicon-plus"></i> Ajouter une clef</a>
{% endif %} {% endif %}
{% include "users/aff_clef.html" with clef_list=clef_list %} {% include "users/aff_clef.html" with clef_list=clef_list %}

View File

@ -29,8 +29,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% block content %} {% block content %}
<h2>Liste des droits</h2> <h2>Liste des droits</h2>
{% if is_bureau %}
<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:add-listright' %}"><i class="glyphicon glyphicon-plus"></i> Ajouter un droit ou groupe</a> <a class="btn btn-primary btn-sm" role="button" href="{% url 'users:add-listright' %}"><i class="glyphicon glyphicon-plus"></i> Ajouter un droit ou groupe</a>
<a class="btn btn-danger btn-sm" role="button" href="{% url 'users:del-listright' %}"><i class="glyphicon glyphicon-trash"></i> Supprimer un ou plusieurs droits/groupes</a> <a class="btn btn-danger btn-sm" role="button" href="{% url 'users:del-listright' %}"><i class="glyphicon glyphicon-trash"></i> Supprimer un ou plusieurs droits/groupes</a>
{% endif %}
{% include "users/aff_listright.html" with listright_list=listright_list %} {% include "users/aff_listright.html" with listright_list=listright_list %}
<br /> <br />
<br /> <br />

View File

@ -105,7 +105,9 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</tr> </tr>
</table> </table>
<h2>Emprunts</h2> <h2>Emprunts</h2>
{% if is_perm or is_bureau %}
<h4><a class="btn btn-primary btn-sm" role="button" href="{% url 'media:add-emprunt' user.id %}"><i class="glyphicon glyphicon-flag"></i> Ajouter</a></h4> <h4><a class="btn btn-primary btn-sm" role="button" href="{% url 'media:add-emprunt' user.id %}"><i class="glyphicon glyphicon-flag"></i> Ajouter</a></h4>
{% endif %}
{% if emprunts_list %} {% if emprunts_list %}
{% include "media/aff_emprunts.html" with emprunts_list=emprunts_list %} {% include "media/aff_emprunts.html" with emprunts_list=emprunts_list %}
{% else %} {% else %}

View File

@ -25,11 +25,13 @@ with this program; if not, write to the Free Software Foundation, Inc.,
{% block sidebar %} {% block sidebar %}
{% if is_perm %} {% if is_bureau %}
<a class="list-group-item list-group-item-success" href="{% url "users:new-user" %}"> <a class="list-group-item list-group-item-success" href="{% url "users:new-user" %}">
<i class="glyphicon glyphicon-plus"></i> <i class="glyphicon glyphicon-plus"></i>
Créer un adhérent Créer un adhérent
</a> </a>
{% endif %}
{% if is_perm %}
<a class="list-group-item list-group-item-info" href="{% url "users:index" %}"> <a class="list-group-item list-group-item-info" href="{% url "users:index" %}">
<i class="glyphicon glyphicon-list"></i> <i class="glyphicon glyphicon-list"></i>
Adhérents Adhérents

View File

@ -85,7 +85,7 @@ def reset_passwd_mail(req, request):
@login_required @login_required
@permission_required('perm') @permission_required('bureau')
def new_user(request): def new_user(request):
""" Vue de création d'un nouvel utilisateur, envoie un mail pour le mot de passe""" """ Vue de création d'un nouvel utilisateur, envoie un mail pour le mot de passe"""
user = BaseInfoForm(request.POST or None) user = BaseInfoForm(request.POST or None)
@ -111,10 +111,10 @@ def edit_info(request, userid):
except User.DoesNotExist: except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect("/users/") return redirect("/users/")
if not request.user.has_perms(('perm',)) and user != request.user: if not request.user.has_perms(('bureau',)) and user != request.user:
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit admin") messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit admin")
return redirect("/users/profil/" + str(request.user.id)) return redirect("/users/profil/" + str(request.user.id))
if not request.user.has_perms(('perm',)): if not request.user.has_perms(('bureau',)):
user = BaseInfoForm(request.POST or None, instance=user) user = BaseInfoForm(request.POST or None, instance=user)
else: else:
user = InfoForm(request.POST or None, instance=user) user = InfoForm(request.POST or None, instance=user)
@ -156,7 +156,7 @@ def password(request, userid):
except User.DoesNotExist: except User.DoesNotExist:
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect("/users/") return redirect("/users/")
if not request.user.has_perms(('perm',)) and user != request.user: if not request.user.has_perms(('bureau',)) and user != request.user:
messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit admin") messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit admin")
return redirect("/users/profil/" + str(request.user.id)) return redirect("/users/profil/" + str(request.user.id))
u_form = PassForm(request.POST or None) u_form = PassForm(request.POST or None)
@ -266,7 +266,7 @@ def index_listright(request):
return render(request, 'users/index_listright.html', {'listright_list':listright_list}) return render(request, 'users/index_listright.html', {'listright_list':listright_list})
@login_required @login_required
@permission_required('perm') @permission_required('bureau')
def add_clef(request): def add_clef(request):
clef = ClefForm(request.POST or None) clef = ClefForm(request.POST or None)
if clef.is_valid(): if clef.is_valid():
@ -279,7 +279,7 @@ def add_clef(request):
return form({'userform': clef}, 'users/user.html', request) return form({'userform': clef}, 'users/user.html', request)
@login_required @login_required
@permission_required('perm') @permission_required('bureau')
def edit_clef(request, clefid): def edit_clef(request, clefid):
try: try:
clef_instance = Clef.objects.get(pk=clefid) clef_instance = Clef.objects.get(pk=clefid)
@ -297,7 +297,7 @@ def edit_clef(request, clefid):
return form({'userform': clef}, 'users/user.html', request) return form({'userform': clef}, 'users/user.html', request)
@login_required @login_required
@permission_required('perm') @permission_required('bureau')
def del_clef(request, clefid): def del_clef(request, clefid):
try: try:
clef_instance = Clef.objects.get(pk=clefid) clef_instance = Clef.objects.get(pk=clefid)
@ -353,7 +353,7 @@ def history(request, object, id):
except Clef.DoesNotExist: except Clef.DoesNotExist:
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect("/users/") return redirect("/users/")
elif object == 'listright' and request.user.has_perms(('perm',)): elif object == 'listright':
try: try:
object_instance = ListRight.objects.get(pk=id) object_instance = ListRight.objects.get(pk=id)
except ListRight.DoesNotExist: except ListRight.DoesNotExist:
@ -387,7 +387,7 @@ def profil(request, userid):
messages.error(request, "Utilisateur inexistant") messages.error(request, "Utilisateur inexistant")
return redirect("/users/") return redirect("/users/")
if not request.user.has_perms(('perm',)) and users != request.user: if not request.user.has_perms(('perm',)) and users != request.user:
messages.error(request, "Vous ne pouvez pas afficher un autre user que vous sans droit admin") messages.error(request, "Vous ne pouvez pas afficher un autre user que vous sans droit perm")
return redirect("/users/profil/" + str(request.user.id)) return redirect("/users/profil/" + str(request.user.id))
emprunts_list = Emprunt.objects.filter(user=users) emprunts_list = Emprunt.objects.filter(user=users)
list_droits = Right.objects.filter(user=users) list_droits = Right.objects.filter(user=users)