Add "Lock note" feature

This commit is contained in:
Yohann D'ANELLO 2020-08-31 20:15:48 +02:00
parent 0c753c3288
commit 5e65e2d74a
11 changed files with 279 additions and 81 deletions

View File

@ -12,7 +12,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
<div class="row mt-4">
<div class="col-xl-4">
{% block profile_info %}
<div class="card bg-light">
<div class="card bg-light" id="card-infos">
<h4 class="card-header text-center">
{% if user_object %}
{% trans "Account #" %}{{ user_object.pk }}
@ -31,6 +31,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
</a>
{% endif %}
</div>
{% if note.inactivity_reason %}
<div class="alert alert-danger polymorphic-add-choice">
{{ note.get_inactivity_reason_display }}
</div>
{% endif %}
<div class="card-body" id="profile_infos">
{% if user_object %}
{% include "member/includes/profile_info.html" %}
@ -63,6 +68,15 @@ SPDX-License-Identifier: GPL-3.0-or-later
<a class="btn btn-sm btn-primary" href="{{ club_detail_url }}">{% trans 'View Profile' %}</a>
{% endif %}
{% endif %}
{% if can_lock_note %}
<button class="btn btn-sm btn-danger" data-toggle="modal" data-target="#lock-note-modal">
<i class="fas fa-ban"></i> {% trans 'Lock note' %}
</button>
{% elif can_unlock_note %}
<button class="btn btn-sm btn-success" data-toggle="modal" data-target="#unlock-note-modal">
<i class="fas fa-check-circle"></i> {% trans 'Unlock note' %}
</button>
{% endif %}
</div>
</div>
{% endblock %}
@ -70,16 +84,102 @@ SPDX-License-Identifier: GPL-3.0-or-later
<div class="col-xl-8">
{% block profile_content %}{% endblock %}
</div>
{# Popup to confirm the action of locking the note. Managed by a button #}
<div class="modal fade" id="lock-note-modal" tabindex="-1" role="dialog" aria-labelledby="lockNote"
aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="lockNote">{% trans "Lock note" %}</h5>
<button type="button" class="close btn-modal" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
{% blocktrans trimmed %}
Are you sure you want to lock this note? This will prevent any transaction that would be performed,
until the note is unlocked.
{% endblocktrans %}
{% if can_force_lock %}
{% blocktrans trimmed %}
If you use the force mode, the user won't be able to unlock the note by itself.
{% endblocktrans %}
{% endif %}
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary btn-modal" data-dismiss="modal">{% trans "Close" %}</button>
{% if can_force_lock %}
<button type="button" class="btn btn-danger btn-modal" onclick="lock_note(true, 'forced')">{% trans "Force mode" %}</button>
{% endif %}
<button type="button" class="btn btn-warning btn-modal" onclick="lock_note(true, 'manual')">{% trans "Lock note" %}</button>
</div>
</div>
</div>
</div>
{# Popup to confirm the action of unlocking the note. Managed by a button #}
<div class="modal fade" id="unlock-note-modal" tabindex="-1" role="dialog" aria-labelledby="unlockNote"
aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="unlockNote">{% trans "Unlock note" %}</h5>
<button type="button" class="close btn-modal" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
{% blocktrans trimmed %}
Are you sure you want to unlock this note? Transactions will be re-enabled.
{% endblocktrans %}
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary btn-modal" data-dismiss="modal">{% trans "Close" %}</button>
<button type="button" class="btn btn-success btn-modal" onclick="lock_note(false, null)">{% trans "Unlock note" %}</button>
</div>
</div>
</div>
</div>
</div>
{% endblock %}
{% block extrajavascript %}
{% if object %}
<script>
function refreshHistory() {
$("#history_list").load("{% url 'member:user_detail' pk=object.pk %} #history_list");
$("#profile_infos").load("{% url 'member:user_detail' pk=object.pk %} #profile_infos");
{% if user_object %}
$("#history_list").load("{% url 'member:user_detail' pk=user_object.pk %} #history_list");
$("#profile_infos").load("{% url 'member:user_detail' pk=user_object.pk %} #profile_infos");
{% else %}
$("#history_list").load("{% url 'member:club_detail' pk=club.pk %} #history_list");
$("#profile_infos").load("{% url 'member:club_detail' pk=club.pk %} #profile_infos");
{% endif %}
}
function lock_note(locked, mode) {
$("button.btn-modal").attr("disabled", "disabled");
$.ajax({
url: "/api/note/note/{{ note.pk }}/",
type: "PATCH",
dataType: "json",
headers: {
"X-CSRFTOKEN": CSRF_TOKEN
},
data: {
is_active: !locked,
inactivity_reason: mode,
resourcetype: "{% if user_object %}NoteUser{% else %}NoteClub{% endif %}"
}
}).done(function () {
$("#card-infos").load("#card-infos #card-infos", function () {
$(".modal").modal("hide");
$("button.btn-modal").removeAttr("disabled");
});
}).fail(function(xhr, textStatus, error) {
$(".modal").modal("hide");
$("button.btn-modal").removeAttr("disabled");
errMsg(xhr.responseJSON);
});
}
</script>
{% endif %}
{% endblock %}

View File

@ -46,12 +46,3 @@ SPDX-License-Identifier: GPL-3.0-or-later
</div>
{% endif %}
{% endblock %}
{% block extrajavascript %}
<script>
function refreshHistory() {
$("#history_list").load("{% url 'member:club_detail' pk=object.pk %} #history_list");
$("#profile_infos").load("{% url 'member:club_detail' pk=object.pk %} #profile_infos");
}
</script>
{% endblock %}

View File

@ -37,12 +37,3 @@ SPDX-License-Identifier: GPL-3.0-or-later
</div>
</div>
{% endblock %}
{% block extrajavascript %}
<script>
function refreshHistory() {
$("#history_list").load("{% url 'member:user_detail' pk=user_object.pk %} #history_list");
$("#profile_infos").load("{% url 'member:user_detail' pk=user_object.pk %} #profile_infos");
}
</script>
{% endblock %}

View File

@ -10,6 +10,7 @@ from django.contrib.auth import logout
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.models import User
from django.contrib.auth.views import LoginView
from django.db import transaction
from django.db.models import Q, F
from django.shortcuts import redirect
from django.urls import reverse_lazy
@ -151,6 +152,7 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
"""
context = super().get_context_data(**kwargs)
user = context['user_object']
context["note"] = user.note
history_list = \
Transaction.objects.all().filter(Q(source=user.note) | Q(destination=user.note))\
.order_by("-created_at")\
@ -164,6 +166,28 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
membership_table = MembershipTable(data=club_list, prefix='membership-')
membership_table.paginate(per_page=10, page=self.request.GET.get("membership-page", 1))
context['club_list'] = membership_table
# Check permissions to see if the authenticated user can lock/unlock the note
with transaction.atomic():
modified_note = NoteUser.objects.get(pk=user.note.pk)
modified_note.is_active = True
modified_note.inactivity_reason = 'manual'
context["can_lock_note"] = user.note.is_active and PermissionBackend\
.check_perm(self.request.user, "note.change_noteuser_is_active",
modified_note)
old_note = NoteUser.objects.select_for_update().get(pk=user.note.pk)
modified_note.inactivity_reason = 'forced'
modified_note._force_save = True
modified_note.save()
context["can_force_lock"] = user.note.is_active and PermissionBackend\
.check_perm(self.request.user, "note.change_note_is_active", modified_note)
old_note._force_save = True
old_note.save()
modified_note.refresh_from_db()
modified_note.is_active = True
context["can_unlock_note"] = not user.note.is_active and PermissionBackend\
.check_perm(self.request.user, "note.change_note_is_active", modified_note)
return context
@ -203,7 +227,7 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
else:
qs = qs.none()
return qs[:20]
return qs
class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):

View File

@ -1,7 +1,9 @@
# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later
from django.utils.translation import gettext_lazy as _
from rest_framework import serializers
from rest_framework.exceptions import ValidationError
from rest_polymorphic.serializers import PolymorphicSerializer
from member.api.serializers import MembershipSerializer
from member.models import Membership
@ -23,7 +25,7 @@ class NoteSerializer(serializers.ModelSerializer):
class Meta:
model = Note
fields = '__all__'
read_only_fields = [f.name for f in model._meta.get_fields()] # Notes are read-only protected
read_only_fields = ('balance', 'last_negative', 'created_at', ) # Note balances are read-only protected
class NoteClubSerializer(serializers.ModelSerializer):
@ -36,7 +38,7 @@ class NoteClubSerializer(serializers.ModelSerializer):
class Meta:
model = NoteClub
fields = '__all__'
read_only_fields = ('note', 'club', )
read_only_fields = ('note', 'club', 'balance', 'last_negative', 'created_at', )
def get_name(self, obj):
return str(obj)
@ -52,7 +54,7 @@ class NoteSpecialSerializer(serializers.ModelSerializer):
class Meta:
model = NoteSpecial
fields = '__all__'
read_only_fields = ('note', )
read_only_fields = ('note', 'balance', 'last_negative', 'created_at', )
def get_name(self, obj):
return str(obj)
@ -68,7 +70,7 @@ class NoteUserSerializer(serializers.ModelSerializer):
class Meta:
model = NoteUser
fields = '__all__'
read_only_fields = ('note', 'user', )
read_only_fields = ('note', 'user', 'balance', 'last_negative', 'created_at', )
def get_name(self, obj):
return str(obj)
@ -170,13 +172,22 @@ class TransactionSerializer(serializers.ModelSerializer):
REST API Serializer for Transactions.
The djangorestframework plugin will analyse the model `Transaction` and parse all fields in the API.
"""
def validate_source(self, value):
if value.is_active:
raise ValidationError(_("The transaction can't be saved since the source note "
"or the destination note is not active."))
def validate_destination(self, value):
if value.is_active:
raise ValidationError(_("The transaction can't be saved since the source note "
"or the destination note is not active."))
class Meta:
model = Transaction
fields = '__all__'
class RecurrentTransactionSerializer(serializers.ModelSerializer):
class RecurrentTransactionSerializer(TransactionSerializer):
"""
REST API Serializer for Transactions.
The djangorestframework plugin will analyse the model `RecurrentTransaction` and parse all fields in the API.
@ -187,7 +198,7 @@ class RecurrentTransactionSerializer(serializers.ModelSerializer):
fields = '__all__'
class MembershipTransactionSerializer(serializers.ModelSerializer):
class MembershipTransactionSerializer(TransactionSerializer):
"""
REST API Serializer for Membership transactions.
The djangorestframework plugin will analyse the model `MembershipTransaction` and parse all fields in the API.
@ -198,7 +209,7 @@ class MembershipTransactionSerializer(serializers.ModelSerializer):
fields = '__all__'
class SpecialTransactionSerializer(serializers.ModelSerializer):
class SpecialTransactionSerializer(TransactionSerializer):
"""
REST API Serializer for Special transactions.
The djangorestframework plugin will analyse the model `SpecialTransaction` and parse all fields in the API.

View File

@ -18,7 +18,7 @@ from ..models.notes import Note, Alias
from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory
class NotePolymorphicViewSet(ReadOnlyProtectedModelViewSet):
class NotePolymorphicViewSet(ReadProtectedModelViewSet):
"""
REST API View set.
The djangorestframework plugin will get all `Note` objects (with polymorhism), serialize it to JSON with the given serializer,
@ -36,25 +36,16 @@ class NotePolymorphicViewSet(ReadOnlyProtectedModelViewSet):
Parse query and apply filters.
:return: The filtered set of requested notes
"""
queryset = super().get_queryset()
queryset = super().get_queryset().distinct()
alias = self.request.query_params.get("alias", ".*")
queryset = queryset.filter(
name__iregex="^" + alias
).union(
queryset.filter(
Q(normalized_name__iregex="^" + Alias.normalize(alias))
& ~Q(name__iregex="^" + alias)
),
all=True).union(
queryset.filter(
Q(normalized_name__iregex="^" + alias.lower())
& ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
& ~Q(name__iregex="^" + alias)
),
all=True)
Q(alias__name__iregex="^" + alias)
| Q(alias__normalized_name__iregex="^" + Alias.normalize(alias))
| Q(alias__normalized_name__iregex="^" + alias.lower())
)
return queryset.distinct()
return queryset
class AliasViewSet(ReadProtectedModelViewSet):

View File

@ -25,24 +25,20 @@ class Note(PolymorphicModel):
A Note can be searched find throught an :model:`note.Alias`
"""
balance = models.BigIntegerField(
verbose_name=_('account balance'),
help_text=_('in centimes, money credited for this instance'),
default=0,
)
last_negative = models.DateTimeField(
verbose_name=_('last negative date'),
help_text=_('last time the balance was negative'),
null=True,
blank=True,
)
is_active = models.BooleanField(
_('active'),
default=True,
help_text=_(
'Designates whether this note should be treated as active. '
'Unselect this instead of deleting notes.'),
)
display_image = models.ImageField(
verbose_name=_('display image'),
max_length=255,
@ -51,11 +47,31 @@ class Note(PolymorphicModel):
upload_to='pic/',
default='pic/default.png'
)
created_at = models.DateTimeField(
verbose_name=_('created at'),
default=timezone.now,
)
is_active = models.BooleanField(
_('active'),
default=True,
help_text=_(
'Designates whether this note should be treated as active. '
'Unselect this instead of deleting notes.'),
)
inactivity_reason = models.CharField(
max_length=255,
choices=[
('manual', _("The user blocked his/her note manually, eg. when he/she left the school for holidays. "
"It can be reactivated at any time.")),
('forced', _("The note is blocked by the the BDE and can't be manually reactivated.")),
],
null=True,
default=None,
)
class Meta:
verbose_name = _("note")
verbose_name_plural = _("notes")
@ -141,8 +157,12 @@ class NoteUser(Note):
old_note = NoteUser.objects.get(pk=self.pk)
if old_note.balance >= 0:
# Passage en négatif
super().save(*args, **kwargs)
self.last_negative = timezone.now()
self._force_save = True
self.save(*args, **kwargs)
self.send_mail_negative_balance()
else:
super().save(*args, **kwargs)
def send_mail_negative_balance(self):
@ -178,7 +198,10 @@ class NoteClub(Note):
old_note = NoteClub.objects.get(pk=self.pk)
if old_note.balance >= 0:
# Passage en négatif
super().save(*args, **kwargs)
self.last_negative = timezone.now()
self._force_save = True
self.save(*args, **kwargs)
self.send_mail_negative_balance()
super().save(*args, **kwargs)

View File

@ -221,8 +221,6 @@ class Transaction(PolymorphicModel):
diff_source, diff_dest = self.validate()
if not self.source.is_active or not self.destination.is_active:
if 'force_insert' not in kwargs or not kwargs['force_insert']:
if 'force_update' not in kwargs or not kwargs['force_update']:
raise ValidationError(_("The transaction can't be saved since the source note "
"or the destination note is not active."))

View File

@ -55,17 +55,19 @@ class HistoryTable(tables.Table):
"id": lambda record: "validate_" + str(record.id),
"class": lambda record:
str(record.valid).lower()
+ (' validate' if PermissionBackend.check_perm(get_current_authenticated_user(),
"note.change_transaction_invalidity_reason",
record) else ''),
+ (' validate' if record.source.is_active and record.destination.is_active and PermissionBackend
.check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
else ''),
"data-toggle": "tooltip",
"title": lambda record: (_("Click to invalidate") if record.valid else _("Click to validate"))
if PermissionBackend.check_perm(get_current_authenticated_user(),
"note.change_transaction_invalidity_reason", record) else None,
"note.change_transaction_invalidity_reason", record)
and record.source.is_active and record.destination.is_active else None,
"onclick": lambda record: 'de_validate(' + str(record.id) + ', ' + str(record.valid).lower()
+ ', "' + str(record.__class__.__name__) + '")'
if PermissionBackend.check_perm(get_current_authenticated_user(),
"note.change_transaction_invalidity_reason", record) else None,
"note.change_transaction_invalidity_reason", record)
and record.source.is_active and record.destination.is_active else None,
"onmouseover": lambda record: '$("#invalidity_reason_'
+ str(record.id) + '").show();$("#invalidity_reason_'
+ str(record.id) + '").focus();',
@ -108,7 +110,7 @@ class HistoryTable(tables.Table):
val += "<input type='text' class='form-control' id='invalidity_reason_" + str(record.id) \
+ "' value='" + (html.escape(record.invalidity_reason)
if record.invalidity_reason else ("" if value else str(_("No reason specified")))) \
+ "'" + ("" if value and has_perm else " disabled") \
+ "'" + ("" if value and record.source.is_active and record.destination.is_active else " disabled") \
+ " placeholder='" + html.escape(_("invalidity reason").capitalize()) + "'" \
+ " style='position: absolute; width: 15em; margin-left: -15.5em; margin-top: -2em; display: none;'>"
return format_html(val)
@ -135,16 +137,10 @@ class AliasTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')},
attrs=
{'td':
{'class':
lambda record: 'col-sm-1'
+ (' d-none' if not PermissionBackend
.check_perm(get_current_authenticated_user(),
"note.delete_alias", record) else '')
}
},
verbose_name=_("Delete"), )
attrs={'td': {'class': lambda record: 'col-sm-1' + (
' d-none' if not PermissionBackend.check_perm(
get_current_authenticated_user(), "note.delete_alias",
record) else '')}}, verbose_name=_("Delete"), )
class ButtonTable(tables.Table):

View File

@ -2503,6 +2503,70 @@
"description": "Supprimer ses propres invitations non validées à une activité"
}
},
{
"model": "permission.permission",
"pk": 161,
"fields": {
"model": [
"note",
"noteuser"
],
"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"inactivity_reason\": null}]]",
"type": "change",
"mask": 1,
"field": "is_active",
"permanent": true,
"description": "(Dé)bloquer sa propre note manuellement"
}
},
{
"model": "permission.permission",
"pk": 162,
"fields": {
"model": [
"note",
"noteuser"
],
"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"inactivity_reason\": null}]]",
"type": "change",
"mask": 1,
"field": "inactivity_reason",
"permanent": true,
"description": "(Dé)bloquer sa propre note et indiquer que cela a été fait manuellement"
}
},
{
"model": "permission.permission",
"pk": 163,
"fields": {
"model": [
"note",
"note"
],
"query": "{}",
"type": "change",
"mask": 3,
"field": "is_active",
"permanent": false,
"description": "(Dé)bloquer n'importe quelle note, y compris en mode forcé"
}
},
{
"model": "permission.permission",
"pk": 164,
"fields": {
"model": [
"note",
"note"
],
"query": "{}",
"type": "change",
"mask": 3,
"field": "inactivity_reason",
"permanent": false,
"description": "(Dé)bloquer sa propre note et modifier la raison"
}
},
{
"model": "permission.role",
"pk": 1,
@ -2525,7 +2589,9 @@
22,
48,
52,
126
126,
161,
162
]
}
},
@ -2695,7 +2761,9 @@
146,
147,
150,
151
151,
163,
164
]
}
},
@ -2859,7 +2927,12 @@
156,
157,
158,
159
159,
160,
161,
162,
163,
164
]
}
},

View File

@ -107,7 +107,7 @@ function displayStyle (note) {
css += " text-warning";
else if (!note.email_confirmed)
css += " text-white bg-primary";
else if (note.membership && note.membership.date_end < new Date().toISOString())
else if (!note.is_active || (note.membership && note.membership.date_end < new Date().toISOString()))
css += "text-white bg-info";
return css;
}