1
0
mirror of https://gitlab.crans.org/bde/nk20 synced 2024-11-27 02:43:01 +00:00

Merge branch 'beta' into 'main'

Corrections de bugs

See merge request bde/nk20!195
This commit is contained in:
ynerant 2022-03-09 15:10:37 +01:00
commit 3633f66a87
5 changed files with 87 additions and 6 deletions

View File

@ -60,12 +60,12 @@ class OAuthSerializer(serializers.ModelSerializer):
def get_profile(self, obj): def get_profile(self, obj):
# Display the profile of the user only if we have rights to see it. # Display the profile of the user only if we have rights to see it.
return ProfileSerializer().to_representation(obj.profile) \ return ProfileSerializer().to_representation(obj.profile) \
if PermissionBackend.has_perm(get_current_request(), obj.profile, 'view') else None if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None
def get_note(self, obj): def get_note(self, obj):
# Display the note of the user only if we have rights to see it. # Display the note of the user only if we have rights to see it.
return NoteSerializer().to_representation(obj.note) \ return NoteSerializer().to_representation(obj.note) \
if PermissionBackend.has_perm(get_current_request(), obj.note, 'view') else None if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None
def get_memberships(self, obj): def get_memberships(self, obj):
# Display only memberships that we are allowed to see. # Display only memberships that we are allowed to see.

View File

@ -258,7 +258,7 @@ class Club(models.Model):
This function is called each time the club detail view is displayed. This function is called each time the club detail view is displayed.
Update the year of the membership dates. Update the year of the membership dates.
""" """
if not self.membership_start: if not self.membership_start or not self.membership_end:
return return
today = datetime.date.today() today = datetime.date.today()

View File

@ -120,7 +120,7 @@ class MembershipTable(tables.Table):
club=record.club, club=record.club,
user=record.user, user=record.user,
date_start__gte=record.club.membership_start, date_start__gte=record.club.membership_start,
date_end__lte=record.club.membership_end, date_end__lte=record.club.membership_end or date(9999, 12, 31),
).exists(): # If the renew is not yet performed ).exists(): # If the renew is not yet performed
empty_membership = Membership( empty_membership = Membership(
club=record.club, club=record.club,

View File

@ -2903,6 +2903,70 @@
"description": "(Dé)bloquer la note de son club et indiquer que cela a été fait manuellement" "description": "(Dé)bloquer la note de son club et indiquer que cela a été fait manuellement"
} }
}, },
{
"model": "permission.permission",
"pk": 186,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "view",
"mask": 1,
"field": "",
"permanent": true,
"description": "Voir ses applications OAuth2"
}
},
{
"model": "permission.permission",
"pk": 187,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "create",
"mask": 1,
"field": "",
"permanent": true,
"description": "Créer une application OAuth2"
}
},
{
"model": "permission.permission",
"pk": 188,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "change",
"mask": 1,
"field": "",
"permanent": true,
"description": "Modifier une application OAuth2"
}
},
{
"model": "permission.permission",
"pk": 189,
"fields": {
"model": [
"oauth2_provider",
"application"
],
"query": "{\"user\": [\"user\"]}",
"type": "delete",
"mask": 1,
"field": "",
"permanent": true,
"description": "Supprimer une application OAuth2"
}
},
{ {
"model": "permission.role", "model": "permission.role",
"pk": 1, "pk": 1,
@ -2933,7 +2997,11 @@
126, 126,
161, 161,
162, 162,
165 165,
186,
187,
188,
189
] ]
} }
}, },
@ -3314,7 +3382,11 @@
182, 182,
183, 183,
184, 184,
185 185,
186,
187,
188,
189
] ]
} }
}, },

View File

@ -24,6 +24,15 @@ ALLOWED_HOSTS = [
os.getenv('NOTE_URL', 'localhost'), os.getenv('NOTE_URL', 'localhost'),
] ]
# Use secure cookies in production
SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG
# Remember HTTPS for 1 year
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Application definition # Application definition