From dc56deaf85e296ee4b0f05be215ba54b3dcb3875 Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 21:17:57 +0100 Subject: [PATCH 1/6] Final modifications --- apps/member/forms.py | 2 +- apps/member/views.py | 24 ++++++++-- apps/permission/fixtures/initial.json | 68 +++++++++++++++++++++++++++ locale/fr/LC_MESSAGES/django.po | 8 ++-- 4 files changed, 92 insertions(+), 10 deletions(-) diff --git a/apps/member/forms.py b/apps/member/forms.py index 352a5625..ef9cb24d 100644 --- a/apps/member/forms.py +++ b/apps/member/forms.py @@ -45,7 +45,7 @@ class ProfileForm(forms.ModelForm): A form for the extras field provided by the :model:`member.Profile` model. """ # Remove widget=forms.HiddenInput() if you want to use report frequency. - report_frequency = forms.IntegerField(required=False, initial=0, label=_("Report frequency"), widget=forms.HiddenInput()) + report_frequency = forms.IntegerField(required=False, initial=0, label=_("Report frequency")) last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last report date")) diff --git a/apps/member/views.py b/apps/member/views.py index 348bf089..66980c7d 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -26,6 +26,7 @@ from note_kfet.middlewares import _set_current_request from permission.backends import PermissionBackend from permission.models import Role from permission.views import ProtectQuerysetMixin, ProtectedCreateView +from django import forms from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \ CustomAuthenticationForm, MembershipRolesForm @@ -72,11 +73,24 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].required = True form.fields['email'].help_text = _("This address must be valid.") - if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): - context['profile_form'] = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None) - if not self.object.profile.report_frequency: - del context['profile_form'].fields["last_report"] + profile_form = self.profile_form(instance=context['user_object'].profile, + data=self.request.POST if self.request.POST else None) + + if not self.object.profile.report_frequency: + del profile_form.fields["last_report"] + + fields_to_check = list(profile_form.fields.keys()) + fields_modifiable = False + + # Delete the fields for which the user does not have the permission to modify + for field_name in fields_to_check: + if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + profile_form.fields[field_name].widget = forms.HiddenInput() + else: + fields_modifiable = True + + if fields_modifiable: + context['profile_form'] = profile_form return context diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 00f952cc..36134dee 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3832,6 +3832,74 @@ "description": "Voir les profils des membres du club" } }, + { + "model": "permission.permission", + "pk": 244, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_events_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter BDE pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 245, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_art_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Art pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 246, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_sport_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 247, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "view", + "mask": 3, + "field": [ + "ml_events_registration", + "ml_art_registration", + "ml_sport_registration" + ], + "permanent": false, + "description": "Voir les abonnements aux Newsletters de n'importe quel profil" + } + }, { "model": "permission.role", "pk": 1, diff --git a/locale/fr/LC_MESSAGES/django.po b/locale/fr/LC_MESSAGES/django.po index 2af3257e..a95cb766 100644 --- a/locale/fr/LC_MESSAGES/django.po +++ b/locale/fr/LC_MESSAGES/django.po @@ -795,11 +795,11 @@ msgstr "Masque de permissions" #: apps/member/forms.py:46 msgid "Report frequency" -msgstr "Fréquence des rapports (en jours)" +msgstr "Fréquence des relevés (en jours)" #: apps/member/forms.py:48 msgid "Last report date" -msgstr "Date de dernier rapport" +msgstr "Date de dernier relevé" #: apps/member/forms.py:52 msgid "" @@ -1045,11 +1045,11 @@ msgstr "" #: apps/member/models.py:117 msgid "report frequency (in days)" -msgstr "fréquence des rapports (en jours)" +msgstr "fréquence des relevés (en jours)" #: apps/member/models.py:122 msgid "last report date" -msgstr "date de dernier rapport" +msgstr "date de dernier relevé" #: apps/member/models.py:127 msgid "email confirmed" From 983d7ec052e060e8e720f0050e9cee67cb519e01 Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 21:35:29 +0100 Subject: [PATCH 2/6] linters --- apps/member/views.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index 66980c7d..4d18a40a 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -77,8 +77,8 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): data=self.request.POST if self.request.POST else None) if not self.object.profile.report_frequency: - del profile_form.fields["last_report"] - + del profile_form.fields["last_report"] + fields_to_check = list(profile_form.fields.keys()) fields_modifiable = False @@ -88,7 +88,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): profile_form.fields[field_name].widget = forms.HiddenInput() else: fields_modifiable = True - + if fields_modifiable: context['profile_form'] = profile_form From eb5044490bb59a4ac44867091826a5597ffaa75f Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 21:37:58 +0100 Subject: [PATCH 3/6] Delete a useless permission --- apps/permission/fixtures/initial.json | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 36134dee..44341309 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3880,26 +3880,6 @@ "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" } }, - { - "model": "permission.permission", - "pk": 247, - "fields": { - "model": [ - "member", - "profile" - ], - "query": "{}", - "type": "view", - "mask": 3, - "field": [ - "ml_events_registration", - "ml_art_registration", - "ml_sport_registration" - ], - "permanent": false, - "description": "Voir les abonnements aux Newsletters de n'importe quel profil" - } - }, { "model": "permission.role", "pk": 1, From e7a98c86f07292c414fb3765f5edd17d5ffe960d Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 21:51:26 +0100 Subject: [PATCH 4/6] Tried something with permissions --- apps/permission/fixtures/initial.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 44341309..25048ab6 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -127,7 +127,7 @@ "auth", "user" ], - "query": "{\"pk\": [\"user\", \"pk\"]}", + "query": "{[\"AND\", {\"pk\": [\"user\", \"pk\"]}, {\"memberships__club__parent_club__isnull\": true}]", "type": "change", "mask": 1, "field": "last_login", From 1836677c47d34a91b697a9db93b220d71c7a76ab Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 22:30:36 +0100 Subject: [PATCH 5/6] Update file initial.json --- apps/permission/fixtures/initial.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 25048ab6..70ec6650 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -127,7 +127,7 @@ "auth", "user" ], - "query": "{[\"AND\", {\"pk\": [\"user\", \"pk\"]}, {\"memberships__club__parent_club__isnull\": true}]", + "query": "[\"AND\", {\"pk\": [\"user\", \"pk\"]}, {\"memberships__club__parent_club__isnull\": true}]", "type": "change", "mask": 1, "field": "last_login", From 26b351a51c28da755a08dc683cd884eef4834a4a Mon Sep 17 00:00:00 2001 From: thomasl Date: Fri, 14 Feb 2025 18:14:35 +0100 Subject: [PATCH 6/6] Add another permission for model guest in activity --- apps/permission/fixtures/initial.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 70ec6650..d49cbb41 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3880,6 +3880,22 @@ "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" } }, + { + "model": "permission.permission", + "pk": 247, + "fields": { + "model": [ + "activity", + "guest" + ], + "query": "{\"activity__organizer\": [\"club\"]}", + "type": "view", + "mask": 2, + "field": "", + "permanent": false, + "description": "Voir les personnes invitées aux événements organisés par son club" + } + }, { "model": "permission.role", "pk": 1,