mirror of https://gitlab.crans.org/bde/nk20
Add a public rights page to view which permissions are granted to which role, update Font Awesome to 5.13
This commit is contained in:
parent
b0f6ec1061
commit
a83ab4bf85
|
@ -305,14 +305,15 @@ class RolePermissions(models.Model):
|
|||
"""
|
||||
Permissions associated with a Role
|
||||
"""
|
||||
role = models.ForeignKey(
|
||||
role = models.OneToOneField(
|
||||
Role,
|
||||
on_delete=models.PROTECT,
|
||||
related_name='+',
|
||||
related_name='permissions',
|
||||
verbose_name=_('role'),
|
||||
)
|
||||
permissions = models.ManyToManyField(
|
||||
Permission,
|
||||
verbose_name=_("permissions"),
|
||||
)
|
||||
|
||||
def __str__(self):
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from django.urls import path
|
||||
from permission.views import RightsView
|
||||
|
||||
app_name = 'permission'
|
||||
urlpatterns = [
|
||||
path('rights', RightsView.as_view(), name="rights"),
|
||||
]
|
|
@ -1,14 +1,18 @@
|
|||
# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
from datetime import date
|
||||
|
||||
from django.forms import HiddenInput
|
||||
from django.views.generic import UpdateView
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views.generic import UpdateView, TemplateView
|
||||
from member.models import Role, Membership
|
||||
|
||||
from .backends import PermissionBackend
|
||||
|
||||
|
||||
class ProtectQuerysetMixin:
|
||||
"""
|
||||
This is a View class decorator and not a proper View class.
|
||||
Ensure that the user has the right to see or update objects.
|
||||
Display 404 error if the user can't see an object, remove the fields the user can't
|
||||
update on an update form (useful if the user can't change only specified fields).
|
||||
|
@ -32,3 +36,25 @@ class ProtectQuerysetMixin:
|
|||
form.fields[key].widget = HiddenInput()
|
||||
|
||||
return form
|
||||
|
||||
|
||||
class RightsView(TemplateView):
|
||||
template_name = "permission/all_rights.html"
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
|
||||
context["title"] = _("All rights")
|
||||
roles = Role.objects.all()
|
||||
context["roles"] = roles
|
||||
if self.request.user.is_authenticated:
|
||||
active_memberships = Membership.objects.filter(user=self.request.user,
|
||||
date_start__lte=date.today(),
|
||||
date_end__gte=date.today()).all()
|
||||
else:
|
||||
active_memberships = Membership.objects.none()
|
||||
|
||||
for role in roles:
|
||||
role.clubs = [membership.club for membership in active_memberships if role in membership.roles.all()]
|
||||
|
||||
return context
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2020-04-25 19:12+0200\n"
|
||||
"POT-Creation-Date: 2020-04-26 00:45+0200\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -856,7 +856,7 @@ msgstr ""
|
|||
msgid "permission"
|
||||
msgstr ""
|
||||
|
||||
#: apps/permission/models.py:182
|
||||
#: apps/permission/models.py:182 apps/permission/models.py:316
|
||||
msgid "permissions"
|
||||
msgstr ""
|
||||
|
||||
|
@ -864,7 +864,7 @@ msgstr ""
|
|||
msgid "Specifying field applies only to view and change permission types."
|
||||
msgstr ""
|
||||
|
||||
#: apps/permission/models.py:322 apps/permission/models.py:323
|
||||
#: apps/permission/models.py:323 apps/permission/models.py:324
|
||||
msgid "role permissions"
|
||||
msgstr ""
|
||||
|
||||
|
@ -882,13 +882,17 @@ msgid ""
|
|||
"{model_name}."
|
||||
msgstr ""
|
||||
|
||||
#: apps/permission/signals.py:100
|
||||
#: apps/permission/signals.py:99
|
||||
#, python-brace-format
|
||||
msgid ""
|
||||
"You don't have the permission to delete this instance of model {app_label}."
|
||||
"{model_name}."
|
||||
msgstr ""
|
||||
|
||||
#: apps/permission/views.py:47
|
||||
msgid "All rights"
|
||||
msgstr ""
|
||||
|
||||
#: apps/registration/apps.py:10
|
||||
msgid "registration"
|
||||
msgstr ""
|
||||
|
@ -1517,7 +1521,11 @@ msgstr ""
|
|||
msgid "Registrations"
|
||||
msgstr ""
|
||||
|
||||
#: templates/base.html:155
|
||||
#: templates/base.html:120
|
||||
msgid "Rights"
|
||||
msgstr ""
|
||||
|
||||
#: templates/base.html:158
|
||||
msgid ""
|
||||
"Your e-mail address is not validated. Please check your mail inbox and click "
|
||||
"on the validation link."
|
||||
|
@ -1729,6 +1737,22 @@ msgstr ""
|
|||
msgid "Unable to delete button "
|
||||
msgstr ""
|
||||
|
||||
#: templates/permission/all_rights.html:10
|
||||
msgid "Filter with roles that I have in at least one club"
|
||||
msgstr ""
|
||||
|
||||
#: templates/permission/all_rights.html:21
|
||||
msgid "Own this role in the clubs"
|
||||
msgstr ""
|
||||
|
||||
#: templates/permission/all_rights.html:26
|
||||
msgid "Query:"
|
||||
msgstr ""
|
||||
|
||||
#: templates/permission/all_rights.html:28
|
||||
msgid "No associated permission"
|
||||
msgstr ""
|
||||
|
||||
#: templates/registration/email_validation_complete.html:6
|
||||
msgid "Your email have successfully been validated."
|
||||
msgstr ""
|
||||
|
|
|
@ -8,7 +8,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Project-Id-Version: PACKAGE VERSION\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2020-04-25 19:12+0200\n"
|
||||
"POT-Creation-Date: 2020-04-26 00:45+0200\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language-Team: LANGUAGE <LL@li.org>\n"
|
||||
|
@ -864,7 +864,7 @@ msgstr "champ"
|
|||
msgid "permission"
|
||||
msgstr "permission"
|
||||
|
||||
#: apps/permission/models.py:182
|
||||
#: apps/permission/models.py:182 apps/permission/models.py:316
|
||||
msgid "permissions"
|
||||
msgstr "permissions"
|
||||
|
||||
|
@ -874,7 +874,7 @@ msgstr ""
|
|||
"Spécifie le champ concerné, ne fonctionne que pour les permissions view et "
|
||||
"change."
|
||||
|
||||
#: apps/permission/models.py:322 apps/permission/models.py:323
|
||||
#: apps/permission/models.py:323 apps/permission/models.py:324
|
||||
msgid "role permissions"
|
||||
msgstr "Permissions par rôles"
|
||||
|
||||
|
@ -896,7 +896,7 @@ msgstr ""
|
|||
"Vous n'avez pas la permission d'ajouter cette instance du modèle {app_label}."
|
||||
"{model_name}."
|
||||
|
||||
#: apps/permission/signals.py:100
|
||||
#: apps/permission/signals.py:99
|
||||
#, python-brace-format
|
||||
msgid ""
|
||||
"You don't have the permission to delete this instance of model {app_label}."
|
||||
|
@ -905,6 +905,10 @@ msgstr ""
|
|||
"Vous n'avez pas la permission de supprimer cette instance du modèle "
|
||||
"{app_label}.{model_name}."
|
||||
|
||||
#: apps/permission/views.py:47
|
||||
msgid "All rights"
|
||||
msgstr "Tous les droits"
|
||||
|
||||
#: apps/registration/apps.py:10
|
||||
msgid "registration"
|
||||
msgstr "inscription"
|
||||
|
@ -1566,7 +1570,11 @@ msgstr "Clubs"
|
|||
msgid "Registrations"
|
||||
msgstr "Inscriptions"
|
||||
|
||||
#: templates/base.html:155
|
||||
#: templates/base.html:120
|
||||
msgid "Rights"
|
||||
msgstr "Droits"
|
||||
|
||||
#: templates/base.html:158
|
||||
msgid ""
|
||||
"Your e-mail address is not validated. Please check your mail inbox and click "
|
||||
"on the validation link."
|
||||
|
@ -1783,6 +1791,22 @@ msgstr "Le bouton a bien été supprimé"
|
|||
msgid "Unable to delete button "
|
||||
msgstr "Impossible de supprimer le bouton "
|
||||
|
||||
#: templates/permission/all_rights.html:10
|
||||
msgid "Filter with roles that I have in at least one club"
|
||||
msgstr "Filtrer les rôles que je possède dans au moins un club"
|
||||
|
||||
#: templates/permission/all_rights.html:21
|
||||
msgid "Own this role in the clubs"
|
||||
msgstr "Possède ce rôle dans les clubs"
|
||||
|
||||
#: templates/permission/all_rights.html:26
|
||||
msgid "Query:"
|
||||
msgstr "Requête :"
|
||||
|
||||
#: templates/permission/all_rights.html:28
|
||||
msgid "No associated permission"
|
||||
msgstr "Pas de permission associée"
|
||||
|
||||
#: templates/registration/email_validation_complete.html:6
|
||||
msgid "Your email have successfully been validated."
|
||||
msgstr "Votre adresse e-mail a bien été validée."
|
||||
|
|
|
@ -25,10 +25,11 @@ urlpatterns = [
|
|||
# Include Django Contrib and Core routers
|
||||
path('i18n/', include('django.conf.urls.i18n')),
|
||||
path('admin/doc/', include('django.contrib.admindocs.urls')),
|
||||
path('admin/', admin.site.urls),
|
||||
path('admin/', admin.site.urls, name="admin"),
|
||||
path('accounts/login/', CustomLoginView.as_view()),
|
||||
path('accounts/', include('django.contrib.auth.urls')),
|
||||
path('api/', include('api.urls')),
|
||||
path('permission/', include('permission.urls')),
|
||||
]
|
||||
|
||||
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
|
||||
|
|
|
@ -31,8 +31,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
|||
href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"
|
||||
integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh"
|
||||
crossorigin="anonymous">
|
||||
<link rel="stylesheet"
|
||||
href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
|
||||
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.13.0/css/all.css">
|
||||
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.13.0/css/v4-shims.css">
|
||||
|
||||
{# JQuery, Bootstrap and Turbolinks JavaScript #}
|
||||
<script src="https://code.jquery.com/jquery-3.4.1.min.js"
|
||||
|
@ -76,44 +76,52 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
|||
<ul class="navbar-nav">
|
||||
{% if "note.transactiontemplate"|not_empty_model_list %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'note:consos' %}"><i class="fa fa-coffee"></i> {% trans 'Consumptions' %}</a>
|
||||
<a class="nav-link" href="{% url 'note:consos' %}"><i class="fas fa-coffee"></i> {% trans 'Consumptions' %}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "note.transaction"|not_empty_model_list %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'note:transfer' %}"><i class="fa fa-exchange"></i>{% trans 'Transfer' %} </a>
|
||||
<a class="nav-link" href="{% url 'note:transfer' %}"><i class="fas fa-exchange-alt"></i>{% trans 'Transfer' %} </a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "auth.user"|model_list|length >= 2 %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'member:user_list' %}"><i class="fa fa-user"></i> {% trans 'Users' %}</a>
|
||||
<a class="nav-link" href="{% url 'member:user_list' %}"><i class="fas fa-user"></i> {% trans 'Users' %}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "member.club"|not_empty_model_list %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'member:club_list' %}"><i class="fa fa-users"></i> {% trans 'Clubs' %}</a>
|
||||
<a class="nav-link" href="{% url 'member:club_list' %}"><i class="fas fa-users"></i> {% trans 'Clubs' %}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "member.change_profile_registration_valid"|has_perm:user %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'registration:future_user_list' %}">
|
||||
<i class="fa fa-user-plus"></i> {% trans "Registrations" %}
|
||||
<i class="fas fa-user-plus"></i> {% trans "Registrations" %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "activity.activity"|not_empty_model_list %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'activity:activity_list' %}"><i class="fa fa-calendar"></i> {% trans 'Activities' %}</a>
|
||||
<a class="nav-link" href="{% url 'activity:activity_list' %}"><i class="fas fa-calendar"></i> {% trans 'Activities' %}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "treasury.invoice"|not_empty_model_list %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'treasury:invoice_list' %}"><i class="fa fa-money"></i> {% trans 'Treasury' %}</a>
|
||||
<a class="nav-link" href="{% url 'treasury:invoice_list' %}"><i class="fas fa-credit-card"></i> {% trans 'Treasury' %}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "wei.weiclub"|not_empty_model_list %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'wei:current_wei_detail' %}"><i class="fa fa-bus"></i> {% trans 'WEI' %}</a>
|
||||
<a class="nav-link" href="{% url 'wei:current_wei_detail' %}"><i class="fas fa-bus"></i> {% trans 'WEI' %}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'permission:rights' %}"><i class="fas fa-balance-scale"></i> {% trans 'Rights' %}</a>
|
||||
</li>
|
||||
{% if user.is_staff %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'admin:index' %}"><i class="fas fa-user-cog"></i> {% trans 'Administration' %}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
|
@ -121,28 +129,28 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
|||
{% if user.is_authenticated %}
|
||||
<li class="dropdown">
|
||||
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
|
||||
<i class="fa fa-user"></i>
|
||||
<i class="fas fa-user"></i>
|
||||
<span id="user_balance">{{ user.username }} ({{ user.note.balance | pretty_money }})</span>
|
||||
</a>
|
||||
<div class="dropdown-menu dropdown-menu-right"
|
||||
aria-labelledby="navbarDropdownMenuLink">
|
||||
<a class="dropdown-item" href="{% url 'member:user_detail' pk=user.pk %}">
|
||||
<i class="fa fa-user"></i> Mon compte
|
||||
<i class="fas fa-user"></i> Mon compte
|
||||
</a>
|
||||
<a class="dropdown-item" href="{% url 'logout' %}">
|
||||
<i class="fa fa-sign-out"></i> Se déconnecter
|
||||
<i class="fas fa-sign-out-alt"></i> Se déconnecter
|
||||
</a>
|
||||
</div>
|
||||
</li>
|
||||
{% else %}
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'registration:signup' %}">
|
||||
<i class="fa fa-user-plus"></i> S'inscrire
|
||||
<i class="fas fa-user-plus"></i> S'inscrire
|
||||
</a>
|
||||
</li>
|
||||
<li class="nav-item active">
|
||||
<a class="nav-link" href="{% url 'login' %}">
|
||||
<i class="fa fa-sign-in"></i> Se connecter
|
||||
<i class="fas fa-sign-in-alt"></i> Se connecter
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
{% if user.is_authenticated %}
|
||||
<div class="form-check">
|
||||
<label for="owned_only" class="form-check-label">
|
||||
<input id="owned_only" name="owned_only" type="checkbox" class="checkboxinput form-check-input">
|
||||
{% trans "Filter with roles that I have in at least one club" %}
|
||||
</label>
|
||||
</div>
|
||||
{% endif %}
|
||||
<ul>
|
||||
{% regroup active_memberships by roles as memberships_per_role %}
|
||||
{% for role in roles %}
|
||||
<li class="{% if not role.clubs %}no-club{% endif %}">
|
||||
{{ role }} {% if role.weirole %}(<em>Pour le WEI</em>){% endif %}
|
||||
{% if role.clubs %}
|
||||
<div class="alert alert-success">
|
||||
{% trans "Own this role in the clubs" %} {{ role.clubs|join:", " }}
|
||||
</div>
|
||||
{% endif %}
|
||||
<ul>
|
||||
{% for permission in role.permissions.permissions.all %}
|
||||
<li data-toggle="tooltip" title="{% trans "Query:" %} {{ permission.query }}">{{ permission }} ({{ permission.type }} {{ permission.model }})</li>
|
||||
{% empty %}
|
||||
<em>{% trans "No associated permission" %}</em>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% endblock %}
|
||||
|
||||
{% block extrajavascript %}
|
||||
<script>
|
||||
$(document).ready(function() {
|
||||
let checkbox = $("#owned_only");
|
||||
|
||||
function update() {
|
||||
if (checkbox.is(":checked"))
|
||||
$(".no-club").addClass('d-none');
|
||||
else
|
||||
$(".no-club").removeClass('d-none');
|
||||
}
|
||||
|
||||
checkbox.change(update);
|
||||
update();
|
||||
});
|
||||
</script>
|
||||
{% endblock %}
|
Loading…
Reference in New Issue