diff --git a/apps/api/serializers.py b/apps/api/serializers.py index d6403dd1..0bae937f 100644 --- a/apps/api/serializers.py +++ b/apps/api/serializers.py @@ -60,12 +60,12 @@ class OAuthSerializer(serializers.ModelSerializer): def get_profile(self, obj): # Display the profile of the user only if we have rights to see it. return ProfileSerializer().to_representation(obj.profile) \ - if PermissionBackend.has_perm(get_current_request(), obj.profile, 'view') else None + if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None def get_note(self, obj): # Display the note of the user only if we have rights to see it. return NoteSerializer().to_representation(obj.note) \ - if PermissionBackend.has_perm(get_current_request(), obj.note, 'view') else None + if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None def get_memberships(self, obj): # Display only memberships that we are allowed to see. diff --git a/apps/member/models.py b/apps/member/models.py index 89be7a3a..0b471f12 100644 --- a/apps/member/models.py +++ b/apps/member/models.py @@ -258,7 +258,7 @@ class Club(models.Model): This function is called each time the club detail view is displayed. Update the year of the membership dates. """ - if not self.membership_start: + if not self.membership_start or not self.membership_end: return today = datetime.date.today() diff --git a/apps/member/tables.py b/apps/member/tables.py index 37c17b47..7f7e54fd 100644 --- a/apps/member/tables.py +++ b/apps/member/tables.py @@ -120,7 +120,7 @@ class MembershipTable(tables.Table): club=record.club, user=record.user, date_start__gte=record.club.membership_start, - date_end__lte=record.club.membership_end, + date_end__lte=record.club.membership_end or date(9999, 12, 31), ).exists(): # If the renew is not yet performed empty_membership = Membership( club=record.club, diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index a7ed75f4..ddd5b0d2 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -2903,6 +2903,70 @@ "description": "(Dé)bloquer la note de son club et indiquer que cela a été fait manuellement" } }, + { + "model": "permission.permission", + "pk": 186, + "fields": { + "model": [ + "oauth2_provider", + "application" + ], + "query": "{\"user\": [\"user\"]}", + "type": "view", + "mask": 1, + "field": "", + "permanent": true, + "description": "Voir ses applications OAuth2" + } + }, + { + "model": "permission.permission", + "pk": 187, + "fields": { + "model": [ + "oauth2_provider", + "application" + ], + "query": "{\"user\": [\"user\"]}", + "type": "create", + "mask": 1, + "field": "", + "permanent": true, + "description": "Créer une application OAuth2" + } + }, + { + "model": "permission.permission", + "pk": 188, + "fields": { + "model": [ + "oauth2_provider", + "application" + ], + "query": "{\"user\": [\"user\"]}", + "type": "change", + "mask": 1, + "field": "", + "permanent": true, + "description": "Modifier une application OAuth2" + } + }, + { + "model": "permission.permission", + "pk": 189, + "fields": { + "model": [ + "oauth2_provider", + "application" + ], + "query": "{\"user\": [\"user\"]}", + "type": "delete", + "mask": 1, + "field": "", + "permanent": true, + "description": "Supprimer une application OAuth2" + } + }, { "model": "permission.role", "pk": 1, @@ -2933,7 +2997,11 @@ 126, 161, 162, - 165 + 165, + 186, + 187, + 188, + 189 ] } }, @@ -3314,7 +3382,11 @@ 182, 183, 184, - 185 + 185, + 186, + 187, + 188, + 189 ] } }, diff --git a/note_kfet/settings/base.py b/note_kfet/settings/base.py index 2ee10c25..549399d7 100644 --- a/note_kfet/settings/base.py +++ b/note_kfet/settings/base.py @@ -24,6 +24,15 @@ ALLOWED_HOSTS = [ os.getenv('NOTE_URL', 'localhost'), ] +# Use secure cookies in production +SESSION_COOKIE_SECURE = not DEBUG +CSRF_COOKIE_SECURE = not DEBUG + +# Remember HTTPS for 1 year +SECURE_HSTS_SECONDS = 31536000 +SECURE_HSTS_INCLUDE_SUBDOMAINS = True +SECURE_HSTS_PRELOAD = True + # Application definition