# -*- mode: python; coding: utf-8 -*- # Copyright (C) 2017-2019 by BDE ENS Paris-Saclay # SPDX-License-Identifier: GPL-3.0-or-later from django.contrib import messages from django.contrib.auth.decorators import login_required, permission_required from django.core.mail import send_mail from django.core.paginator import EmptyPage, PageNotAnInteger, Paginator from django.core.urlresolvers import reverse from django.db import transaction from django.shortcuts import get_object_or_404, redirect, render from django.template import loader from django.template.context_processors import csrf from django.utils import timezone from reversion import revisions as reversion from med.settings import ASSO_EMAIL, ASSO_NAME, EMAIL_FROM, \ PAGINATION_NUMBER, REQ_EXPIRE_STR, SITE_NAME from media.models import Emprunt from users.forms import BaseInfoForm, InfoForm from users.forms import PassForm from users.models import Adhesion, Clef, Request, Right, User def form(ctx, template, request): c = ctx c.update(csrf(request)) return render(request, template, c) def password_change_action(u_form, user, request, req=False): """ Fonction qui effectue le changeemnt de mdp bdd""" if u_form.cleaned_data['passwd1'] != u_form.cleaned_data['passwd2']: messages.error(request, "Les 2 mots de passe différent") return form({'userform': u_form}, 'users/user.html', request) user.set_password(u_form.cleaned_data['passwd1']) with transaction.atomic(), reversion.create_revision(): user.save() reversion.set_comment("Réinitialisation du mot de passe") messages.success(request, "Le mot de passe a changé") if req: req.delete() return redirect("/") return redirect("/users/profil/" + str(user.id)) def reset_passwd_mail(req, request): """ Envoie un mail de réinitialisation de mot de passe """ t = loader.get_template('users/email_passwd_request') c = { 'name': str(req.user.first_name) + ' ' + str(req.user.last_name), 'asso': ASSO_NAME, 'asso_mail': ASSO_EMAIL, 'site_name': SITE_NAME, 'url': request.build_absolute_uri( reverse('users:process', kwargs={'token': req.token})), 'expire_in': REQ_EXPIRE_STR, } send_mail('Votre compte %s' % SITE_NAME, t.render(c), EMAIL_FROM, [req.user.email], fail_silently=False) return @login_required @permission_required('bureau') def new_user(request): """ Vue de création d'un nouvel utilisateur """ user = BaseInfoForm(request.POST or None) if user.is_valid(): user = user.save(commit=False) with transaction.atomic(), reversion.create_revision(): user.save() reversion.set_comment("Création") req = Request() req.type = Request.PASSWD req.user = user req.save() reset_passwd_mail(req, request) messages.success(request, "L'utilisateur %s a été crée, un mail pour " "l'initialisation du mot de passe a été " "envoyé" % user.username) return redirect("/users/profil/" + str(user.id)) return form({'userform': user}, 'users/user.html', request) @login_required def edit_info(request, userid): """ Edite un utilisateur à partir de son id, si l'id est différent de request.user, vérifie la possession du droit admin """ try: user = User.objects.get(pk=userid) except User.DoesNotExist: messages.error(request, "Utilisateur inexistant") return redirect("/users/") if not request.user.has_perms(('bureau',)) and user != request.user: messages.error(request, "Vous ne pouvez pas modifier un autre user que vous " "sans droit admin") return redirect("/users/profil/" + str(request.user.id)) if not request.user.has_perms(('bureau',)): user = BaseInfoForm(request.POST or None, instance=user) else: user = InfoForm(request.POST or None, instance=user) if user.is_valid(): with transaction.atomic(), reversion.create_revision(): user.save() reversion.set_user(request.user) reversion.set_comment("Champs modifié(s) : %s" % ', '.join( field for field in user.changed_data)) messages.success(request, "L'user a bien été modifié") return redirect("/users/profil/" + userid) return form({'userform': user}, 'users/user.html', request) @login_required def password(request, userid): """ Reinitialisation d'un mot de passe à partir de l'userid, pour self par défaut, pour tous sans droit si droit admin, pour tous si droit bureau """ try: user = User.objects.get(pk=userid) except User.DoesNotExist: messages.error(request, "Utilisateur inexistant") return redirect("/users/") if not request.user.has_perms(('bureau',)) and user != request.user: messages.error(request, "Vous ne pouvez pas modifier un autre user que vous " "sans droit admin") return redirect("/users/profil/" + str(request.user.id)) u_form = PassForm(request.POST or None) if u_form.is_valid(): return password_change_action(u_form, user, request) return form({'userform': u_form}, 'users/user.html', request) @login_required @permission_required('perm') def index_clef(request): clef_list = Clef.objects.all().order_by('nom') return render(request, 'users/index_clef.html', {'clef_list': clef_list}) @login_required @permission_required('perm') def index(request): """ Affiche l'ensemble des users, need droit admin """ users_list = User.objects.order_by('first_name') paginator = Paginator(users_list, PAGINATION_NUMBER) page = request.GET.get('page') try: users_list = paginator.page(page) except PageNotAnInteger: # If page is not an integer, deliver first page. users_list = paginator.page(1) except EmptyPage: # If page is out of range (e.g. 9999), deliver last page of results. users_list = paginator.page(paginator.num_pages) return render(request, 'users/index.html', {'users_list': users_list}) @login_required @permission_required('perm') def index_ajour(request): """ Affiche l'ensemble des users, need droit admin """ users_list = Adhesion.objects.all().order_by( 'annee_debut').reverse().first().adherent.all().order_by('first_name') paginator = Paginator(users_list, PAGINATION_NUMBER) page = request.GET.get('page') try: users_list = paginator.page(page) except PageNotAnInteger: # If page is not an integer, deliver first page. users_list = paginator.page(1) except EmptyPage: # If page is out of range (e.g. 9999), deliver last page of results. users_list = paginator.page(paginator.num_pages) return render(request, 'users/index.html', {'users_list': users_list}) @login_required def mon_profil(request): return redirect("/users/profil/" + str(request.user.id)) @login_required def profil(request, userid): try: users = User.objects.get(pk=userid) except User.DoesNotExist: messages.error(request, "Utilisateur inexistant") return redirect("/users/") if not request.user.has_perms(('perm',)) and users != request.user: messages.error(request, "Vous ne pouvez pas afficher un autre user " "que vous sans droit perm") return redirect("/users/profil/" + str(request.user.id)) emprunts_list = Emprunt.objects.filter(user=users) list_droits = Right.objects.filter(user=users) return render( request, 'users/profil.html', { 'user': users, 'emprunts_list': emprunts_list, 'list_droits': list_droits, } ) @login_required @permission_required('bureau') def adherer(request, userid): try: users = User.objects.get(pk=userid) except User.DoesNotExist: messages.error(request, "Utilisateur inexistant") return redirect("/users/") adh_year = Adhesion.objects.all().order_by('annee_debut').reverse().first() with transaction.atomic(), reversion.create_revision(): reversion.set_user(request.user) adh_year.adherent.add(users) adh_year.save() reversion.set_comment("Adhesion de %s" % users) messages.success(request, "Adhesion effectuee") return redirect("/users/profil/" + userid) def process(request, token): valid_reqs = Request.objects.filter(expires_at__gt=timezone.now()) req = get_object_or_404(valid_reqs, token=token) if req.type == Request.PASSWD: return process_passwd(request, req) else: messages.error(request, "Entrée incorrecte, contactez un admin") redirect("/") def process_passwd(request, req): u_form = PassForm(request.POST or None) user = req.user if u_form.is_valid(): return password_change_action(u_form, user, request, req=req) return form({'userform': u_form}, 'users/user.html', request)