From b8a88eeda4e9e5b58883ecd2ae473aff71de6f53 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 29 Jul 2020 11:38:59 +0200 Subject: [PATCH] Only staff with good permission mask can visit Django Admin --- apps/member/admin.py | 8 +- apps/note/admin.py | 20 +++-- apps/permission/admin.py | 7 +- apps/permission/backends.py | 6 +- apps/permission/templatetags/perms.py | 17 ++-- apps/treasury/admin.py | 7 +- apps/wei/admin.py | 15 ++-- locale/de/LC_MESSAGES/django.po | 119 ++++++++++++------------- locale/fr/LC_MESSAGES/django.po | 122 +++++++++++++------------- note_kfet/admin.py | 25 ++++++ note_kfet/urls.py | 5 +- templates/base.html | 2 +- templates/registration/login.html | 5 +- 13 files changed, 196 insertions(+), 162 deletions(-) create mode 100644 note_kfet/admin.py diff --git a/apps/member/admin.py b/apps/member/admin.py index 2e50e8dc..76edb762 100644 --- a/apps/member/admin.py +++ b/apps/member/admin.py @@ -5,6 +5,7 @@ from django.contrib import admin from django.contrib.auth.admin import UserAdmin from django.contrib.auth.models import User +from note_kfet.admin import admin_site from .forms import ProfileForm from .models import Club, Membership, Profile @@ -33,9 +34,8 @@ class CustomUserAdmin(UserAdmin): # Update Django User with profile -admin.site.unregister(User) -admin.site.register(User, CustomUserAdmin) +admin_site.register(User, CustomUserAdmin) # Add other models -admin.site.register(Club) -admin.site.register(Membership) +admin_site.register(Club) +admin_site.register(Membership) diff --git a/apps/note/admin.py b/apps/note/admin.py index dc6470d2..96823d2b 100644 --- a/apps/note/admin.py +++ b/apps/note/admin.py @@ -6,6 +6,8 @@ from django.utils.translation import gettext_lazy as _ from polymorphic.admin import PolymorphicChildModelAdmin, \ PolymorphicChildModelFilter, PolymorphicParentModelAdmin +from note_kfet.admin import admin_site + from .models.notes import Alias, Note, NoteClub, NoteSpecial, NoteUser from .models.transactions import Transaction, TemplateCategory, TransactionTemplate, \ RecurrentTransaction, MembershipTransaction, SpecialTransaction @@ -19,7 +21,7 @@ class AliasInlines(admin.TabularInline): model = Alias -@admin.register(Note) +@admin.register(Note, site=admin_site) class NoteAdmin(PolymorphicParentModelAdmin): """ Parent regrouping all note types as children @@ -42,7 +44,7 @@ class NoteAdmin(PolymorphicParentModelAdmin): search_fields = ['alias__name'] -@admin.register(NoteClub) +@admin.register(NoteClub, site=admin_site) class NoteClubAdmin(PolymorphicChildModelAdmin): """ Child for a club note, see NoteAdmin @@ -66,7 +68,7 @@ class NoteClubAdmin(PolymorphicChildModelAdmin): return False -@admin.register(NoteSpecial) +@admin.register(NoteSpecial, site=admin_site) class NoteSpecialAdmin(PolymorphicChildModelAdmin): """ Child for a special note, see NoteAdmin @@ -74,7 +76,7 @@ class NoteSpecialAdmin(PolymorphicChildModelAdmin): readonly_fields = ('balance',) -@admin.register(NoteUser) +@admin.register(NoteUser, site=admin_site) class NoteUserAdmin(PolymorphicChildModelAdmin): """ Child for an user note, see NoteAdmin @@ -97,7 +99,7 @@ class NoteUserAdmin(PolymorphicChildModelAdmin): return False -@admin.register(Transaction) +@admin.register(Transaction, site=admin_site) class TransactionAdmin(PolymorphicParentModelAdmin): """ Admin customisation for Transaction @@ -138,21 +140,21 @@ class TransactionAdmin(PolymorphicParentModelAdmin): return [] -@admin.register(MembershipTransaction) +@admin.register(MembershipTransaction, site=admin_site) class MembershipTransactionAdmin(PolymorphicChildModelAdmin): """ Admin customisation for MembershipTransaction """ -@admin.register(SpecialTransaction) +@admin.register(SpecialTransaction, site=admin_site) class SpecialTransactionAdmin(PolymorphicChildModelAdmin): """ Admin customisation for SpecialTransaction """ -@admin.register(TransactionTemplate) +@admin.register(TransactionTemplate, site=admin_site) class TransactionTemplateAdmin(admin.ModelAdmin): """ Admin customisation for TransactionTemplate @@ -170,7 +172,7 @@ class TransactionTemplateAdmin(admin.ModelAdmin): poly_destination.short_description = _('destination') -@admin.register(TemplateCategory) +@admin.register(TemplateCategory, site=admin_site) class TemplateCategoryAdmin(admin.ModelAdmin): """ Admin customisation for TransactionTemplate diff --git a/apps/permission/admin.py b/apps/permission/admin.py index 41e59695..7d189c94 100644 --- a/apps/permission/admin.py +++ b/apps/permission/admin.py @@ -3,10 +3,11 @@ from django.contrib import admin +from note_kfet.admin import admin_site from .models import Permission, PermissionMask, Role -@admin.register(PermissionMask) +@admin.register(PermissionMask, site=admin_site) class PermissionMaskAdmin(admin.ModelAdmin): """ Admin customisation for PermissionMask @@ -14,7 +15,7 @@ class PermissionMaskAdmin(admin.ModelAdmin): list_display = ('description', 'rank', ) -@admin.register(Permission) +@admin.register(Permission, site=admin_site) class PermissionAdmin(admin.ModelAdmin): """ Admin customisation for Permission @@ -22,7 +23,7 @@ class PermissionAdmin(admin.ModelAdmin): list_display = ('type', 'model', 'field', 'mask', 'description', ) -@admin.register(Role) +@admin.register(Role, site=admin_site) class RoleAdmin(admin.ModelAdmin): """ Admin customisation for Role diff --git a/apps/permission/backends.py b/apps/permission/backends.py index 374e67e6..c1291a2f 100644 --- a/apps/permission/backends.py +++ b/apps/permission/backends.py @@ -42,7 +42,7 @@ class PermissionBackend(ModelBackend): for membership in memberships: for role in membership.roles.all(): - for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", 42)).all(): + for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", -1)).all(): if not perm.permanent: if membership.date_start > timezone.now().date() or membership.date_end < timezone.now().date(): continue @@ -101,7 +101,7 @@ class PermissionBackend(ModelBackend): # Anonymous users can't do anything return Q(pk=-1) - if user.is_superuser and get_current_session().get("permission_mask", 42) >= 42: + if user.is_superuser and get_current_session().get("permission_mask", -1) >= 42: # Superusers have all rights return Q() @@ -137,7 +137,7 @@ class PermissionBackend(ModelBackend): if sess is not None and sess.session_key is None: return False - if user_obj.is_superuser and get_current_session().get("permission_mask", 42) >= 42: + if user_obj.is_superuser and get_current_session().get("permission_mask", -1) >= 42: return True if obj is None: diff --git a/apps/permission/templatetags/perms.py b/apps/permission/templatetags/perms.py index 101be6e7..335721a1 100644 --- a/apps/permission/templatetags/perms.py +++ b/apps/permission/templatetags/perms.py @@ -1,6 +1,7 @@ # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay # SPDX-License-Identifier: GPL-3.0-or-later +from django.contrib.auth.models import AnonymousUser from django.contrib.contenttypes.models import ContentType from django.template.defaultfilters import stringfilter from django import template @@ -16,9 +17,9 @@ def not_empty_model_list(model_name): """ user = get_current_authenticated_user() session = get_current_session() - if user is None: + if user is None or isinstance(user, AnonymousUser): return False - elif user.is_superuser and session.get("permission_mask", 0) >= 42: + elif user.is_superuser and session.get("permission_mask", -1) >= 42: return True qs = model_list(model_name) return qs.exists() @@ -31,9 +32,9 @@ def not_empty_model_change_list(model_name): """ user = get_current_authenticated_user() session = get_current_session() - if user is None: + if user is None or isinstance(user, AnonymousUser): return False - elif user.is_superuser and session.get("permission_mask", 0) >= 42: + elif user.is_superuser and session.get("permission_mask", -1) >= 42: return True qs = model_list(model_name, "change") return qs.exists() @@ -45,11 +46,11 @@ def model_list(model_name, t="view", fetch=True): Return the queryset of all visible instances of the given model. """ user = get_current_authenticated_user() - if user is None: - return False spl = model_name.split(".") ct = ContentType.objects.get(app_label=spl[0], model=spl[1]) qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(user, ct, t)) + if user is None or isinstance(user, AnonymousUser): + return qs.none() if fetch: qs = qs.all() return qs @@ -73,9 +74,9 @@ def can_create_transaction(): """ user = get_current_authenticated_user() session = get_current_session() - if user is None: + if user is None or isinstance(user, AnonymousUser): return False - elif user.is_superuser and session.get("permission_mask", 0) >= 42: + elif user.is_superuser and session.get("permission_mask", -1) >= 42: return True if session.get("can_create_transaction", None): return session.get("can_create_transaction", None) == 1 diff --git a/apps/treasury/admin.py b/apps/treasury/admin.py index 9c8aaf2e..e1b597b9 100644 --- a/apps/treasury/admin.py +++ b/apps/treasury/admin.py @@ -3,10 +3,11 @@ from django.contrib import admin +from note_kfet.admin import admin_site from .models import RemittanceType, Remittance, SogeCredit -@admin.register(RemittanceType) +@admin.register(RemittanceType, site=admin_site) class RemittanceTypeAdmin(admin.ModelAdmin): """ Admin customisation for RemiitanceType @@ -14,7 +15,7 @@ class RemittanceTypeAdmin(admin.ModelAdmin): list_display = ('note', ) -@admin.register(Remittance) +@admin.register(Remittance, site=admin_site) class RemittanceAdmin(admin.ModelAdmin): """ Admin customisation for Remittance @@ -27,4 +28,4 @@ class RemittanceAdmin(admin.ModelAdmin): return not obj.closed and super().has_change_permission(request, obj) -admin.site.register(SogeCredit) +admin_site.register(SogeCredit) diff --git a/apps/wei/admin.py b/apps/wei/admin.py index f93a44ed..a3e1d546 100644 --- a/apps/wei/admin.py +++ b/apps/wei/admin.py @@ -1,13 +1,12 @@ # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay # SPDX-License-Identifier: GPL-3.0-or-later -from django.contrib import admin - +from note_kfet.admin import admin_site from .models import WEIClub, WEIRegistration, WEIMembership, WEIRole, Bus, BusTeam -admin.site.register(WEIClub) -admin.site.register(WEIRegistration) -admin.site.register(WEIMembership) -admin.site.register(WEIRole) -admin.site.register(Bus) -admin.site.register(BusTeam) +admin_site.register(WEIClub) +admin_site.register(WEIRegistration) +admin_site.register(WEIMembership) +admin_site.register(WEIRole) +admin_site.register(Bus) +admin_site.register(BusTeam) diff --git a/locale/de/LC_MESSAGES/django.po b/locale/de/LC_MESSAGES/django.po index b9d24fd5..1e22bacd 100644 --- a/locale/de/LC_MESSAGES/django.po +++ b/locale/de/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2020-07-28 20:42+0200\n" +"POT-Creation-Date: 2020-07-29 10:56+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -186,12 +186,12 @@ msgstr "" msgid "Type" msgstr "" -#: apps/activity/tables.py:77 apps/member/forms.py:83 +#: apps/activity/tables.py:77 apps/member/forms.py:92 #: apps/registration/forms.py:64 apps/treasury/forms.py:120 msgid "Last name" msgstr "" -#: apps/activity/tables.py:79 apps/member/forms.py:88 +#: apps/activity/tables.py:79 apps/member/forms.py:97 #: apps/registration/forms.py:69 apps/treasury/forms.py:122 #: templates/note/transaction_form.html:126 msgid "First name" @@ -205,7 +205,7 @@ msgstr "" msgid "Balance" msgstr "" -#: apps/activity/views.py:47 templates/base.html:120 +#: apps/activity/views.py:47 templates/base.html:121 msgid "Activities" msgstr "" @@ -279,31 +279,35 @@ msgstr "" msgid "member" msgstr "" -#: apps/member/forms.py:62 apps/registration/forms.py:44 +#: apps/member/forms.py:46 apps/member/views.py:77 +msgid "An alias with a similar name already exists." +msgstr "" + +#: apps/member/forms.py:71 apps/registration/forms.py:44 msgid "Inscription paid by Société Générale" msgstr "" -#: apps/member/forms.py:64 apps/registration/forms.py:46 +#: apps/member/forms.py:73 apps/registration/forms.py:46 msgid "Check this case is the Société Générale paid the inscription." msgstr "" -#: apps/member/forms.py:69 apps/registration/forms.py:51 +#: apps/member/forms.py:78 apps/registration/forms.py:51 msgid "Credit type" msgstr "" -#: apps/member/forms.py:70 apps/registration/forms.py:52 +#: apps/member/forms.py:79 apps/registration/forms.py:52 msgid "No credit" msgstr "" -#: apps/member/forms.py:72 +#: apps/member/forms.py:81 msgid "You can credit the note of the user." msgstr "" -#: apps/member/forms.py:76 apps/registration/forms.py:57 +#: apps/member/forms.py:85 apps/registration/forms.py:57 msgid "Credit amount" msgstr "" -#: apps/member/forms.py:93 apps/registration/forms.py:74 +#: apps/member/forms.py:102 apps/registration/forms.py:74 #: apps/treasury/forms.py:124 templates/note/transaction_form.html:132 msgid "Bank" msgstr "" @@ -541,14 +545,10 @@ msgstr "" #: apps/member/views.py:67 templates/member/profile_info.html:47 #: templates/registration/future_profile_detail.html:48 -#: templates/wei/weimembership_form.html:124 +#: templates/wei/weimembership_form.html:130 msgid "Update Profile" msgstr "" -#: apps/member/views.py:77 -msgid "An alias with a similar name already exists." -msgstr "" - #: apps/member/views.py:183 msgid "Search user" msgstr "" @@ -760,7 +760,7 @@ msgid "" msgstr "" #: apps/note/models/transactions.py:228 -#: templates/activity/activity_entry.html:13 templates/base.html:98 +#: templates/activity/activity_entry.html:13 templates/base.html:99 #: templates/note/transaction_form.html:19 #: templates/note/transaction_form.html:140 msgid "Transfer" @@ -831,7 +831,7 @@ msgstr "" msgid "Transfer money" msgstr "" -#: apps/note/views.py:140 templates/base.html:93 +#: apps/note/views.py:140 templates/base.html:94 msgid "Consumptions" msgstr "" @@ -975,7 +975,7 @@ msgid "" "The entered amount is not enough for the memberships, should be at least {}" msgstr "" -#: apps/treasury/apps.py:12 templates/base.html:125 +#: apps/treasury/apps.py:12 templates/base.html:126 msgid "Treasury" msgstr "" @@ -1173,7 +1173,7 @@ msgid "No" msgstr "" #: apps/wei/apps.py:10 apps/wei/models.py:48 apps/wei/models.py:49 -#: apps/wei/models.py:60 apps/wei/models.py:166 templates/base.html:130 +#: apps/wei/models.py:60 apps/wei/models.py:166 templates/base.html:131 msgid "WEI" msgstr "" @@ -1267,7 +1267,7 @@ msgstr "" msgid "Caution check given" msgstr "" -#: apps/wei/models.py:180 templates/wei/weimembership_form.html:62 +#: apps/wei/models.py:180 templates/wei/weimembership_form.html:68 msgid "birth date" msgstr "" @@ -1287,39 +1287,39 @@ msgstr "" msgid "gender" msgstr "" -#: apps/wei/models.py:199 +#: apps/wei/models.py:199 templates/wei/weimembership_form.html:62 msgid "clothing cut" msgstr "" -#: apps/wei/models.py:212 +#: apps/wei/models.py:212 templates/wei/weimembership_form.html:65 msgid "clothing size" msgstr "" -#: apps/wei/models.py:218 templates/wei/weimembership_form.html:65 +#: apps/wei/models.py:218 templates/wei/weimembership_form.html:71 msgid "health issues" msgstr "" -#: apps/wei/models.py:223 templates/wei/weimembership_form.html:68 +#: apps/wei/models.py:223 templates/wei/weimembership_form.html:74 msgid "emergency contact name" msgstr "" -#: apps/wei/models.py:228 templates/wei/weimembership_form.html:71 +#: apps/wei/models.py:228 templates/wei/weimembership_form.html:77 msgid "emergency contact phone" msgstr "" -#: apps/wei/models.py:233 templates/wei/weimembership_form.html:74 +#: apps/wei/models.py:233 templates/wei/weimembership_form.html:80 msgid "" "Register on the mailing list to stay informed of the events of the campus (1 " "mail/week)" msgstr "" -#: apps/wei/models.py:238 templates/wei/weimembership_form.html:77 +#: apps/wei/models.py:238 templates/wei/weimembership_form.html:83 msgid "" "Register on the mailing list to stay informed of the sport events of the " "campus (1 mail/week)" msgstr "" -#: apps/wei/models.py:243 templates/wei/weimembership_form.html:80 +#: apps/wei/models.py:243 templates/wei/weimembership_form.html:86 msgid "" "Register on the mailing list to stay informed of the art events of the " "campus (1 mail/week)" @@ -1550,27 +1550,27 @@ msgstr "" msgid "The ENS Paris-Saclay BDE note." msgstr "" -#: templates/base.html:103 +#: templates/base.html:104 msgid "Users" msgstr "" -#: templates/base.html:108 +#: templates/base.html:109 msgid "Clubs" msgstr "" -#: templates/base.html:114 +#: templates/base.html:115 msgid "Registrations" msgstr "" -#: templates/base.html:134 +#: templates/base.html:135 msgid "Rights" msgstr "" -#: templates/base.html:138 +#: templates/base.html:139 msgid "Administration" msgstr "" -#: templates/base.html:177 +#: templates/base.html:178 msgid "" "Your e-mail address is not validated. Please check your mail inbox and click " "on the validation link." @@ -1850,8 +1850,8 @@ msgid "Validate account" msgstr "" #: templates/registration/future_profile_detail.html:64 -#: templates/wei/weimembership_form.html:134 -#: templates/wei/weimembership_form.html:192 +#: templates/wei/weimembership_form.html:140 +#: templates/wei/weimembership_form.html:198 msgid "Validate registration" msgstr "" @@ -1872,7 +1872,7 @@ msgid "Log in again" msgstr "" #: templates/registration/login.html:7 templates/registration/login.html:8 -#: templates/registration/login.html:21 +#: templates/registration/login.html:22 #: templates/registration/password_reset_complete.html:10 msgid "Log in" msgstr "" @@ -1881,10 +1881,11 @@ msgstr "" #, python-format msgid "" "You are authenticated as %(username)s, but are not authorized to access this " -"page. Would you like to login to a different account?" +"page. Would you like to login to a different account, or with a higher " +"permission mask?" msgstr "" -#: templates/registration/login.html:22 +#: templates/registration/login.html:23 msgid "Forgotten your password or username?" msgstr "" @@ -2204,64 +2205,64 @@ msgstr "" msgid "ENS year" msgstr "" -#: templates/wei/weimembership_form.html:83 +#: templates/wei/weimembership_form.html:89 msgid "Payment from Société générale" msgstr "" -#: templates/wei/weimembership_form.html:87 +#: templates/wei/weimembership_form.html:93 msgid "Suggested bus from the survey:" msgstr "" -#: templates/wei/weimembership_form.html:92 +#: templates/wei/weimembership_form.html:98 msgid "Raw survey information" msgstr "" -#: templates/wei/weimembership_form.html:102 +#: templates/wei/weimembership_form.html:108 msgid "The algorithm didn't run." msgstr "" -#: templates/wei/weimembership_form.html:105 +#: templates/wei/weimembership_form.html:111 msgid "caution check given" msgstr "" -#: templates/wei/weimembership_form.html:109 +#: templates/wei/weimembership_form.html:115 msgid "preferred bus" msgstr "" -#: templates/wei/weimembership_form.html:112 +#: templates/wei/weimembership_form.html:118 msgid "preferred team" msgstr "" -#: templates/wei/weimembership_form.html:115 +#: templates/wei/weimembership_form.html:121 msgid "preferred roles" msgstr "" -#: templates/wei/weimembership_form.html:122 +#: templates/wei/weimembership_form.html:128 #: templates/wei/weiregistration_confirm_delete.html:31 msgid "Update registration" msgstr "" -#: templates/wei/weimembership_form.html:138 +#: templates/wei/weimembership_form.html:144 msgid "The registration is already validated and can't be unvalidated." msgstr "" -#: templates/wei/weimembership_form.html:139 +#: templates/wei/weimembership_form.html:145 msgid "The user joined the bus" msgstr "" -#: templates/wei/weimembership_form.html:140 +#: templates/wei/weimembership_form.html:146 msgid "in the team" msgstr "" -#: templates/wei/weimembership_form.html:141 +#: templates/wei/weimembership_form.html:147 msgid "in no team (staff)" msgstr "" -#: templates/wei/weimembership_form.html:141 +#: templates/wei/weimembership_form.html:147 msgid "with the following roles:" msgstr "" -#: templates/wei/weimembership_form.html:146 +#: templates/wei/weimembership_form.html:152 msgid "" "\n" " The WEI will be paid by Société générale. The " @@ -2273,7 +2274,7 @@ msgid "" " " msgstr "" -#: templates/wei/weimembership_form.html:156 +#: templates/wei/weimembership_form.html:162 #, python-format msgid "" "\n" @@ -2282,15 +2283,15 @@ msgid "" " " msgstr "" -#: templates/wei/weimembership_form.html:163 +#: templates/wei/weimembership_form.html:169 msgid "The note has enough money, the registration is possible." msgstr "" -#: templates/wei/weimembership_form.html:170 +#: templates/wei/weimembership_form.html:176 msgid "The user didn't give her/his caution check." msgstr "" -#: templates/wei/weimembership_form.html:178 +#: templates/wei/weimembership_form.html:184 #, python-format msgid "" "\n" diff --git a/locale/fr/LC_MESSAGES/django.po b/locale/fr/LC_MESSAGES/django.po index 62abc447..b53f558a 100644 --- a/locale/fr/LC_MESSAGES/django.po +++ b/locale/fr/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2020-07-28 20:42+0200\n" +"POT-Creation-Date: 2020-07-29 10:56+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -187,12 +187,12 @@ msgstr "supprimer" msgid "Type" msgstr "Type" -#: apps/activity/tables.py:77 apps/member/forms.py:83 +#: apps/activity/tables.py:77 apps/member/forms.py:92 #: apps/registration/forms.py:64 apps/treasury/forms.py:120 msgid "Last name" msgstr "Nom de famille" -#: apps/activity/tables.py:79 apps/member/forms.py:88 +#: apps/activity/tables.py:79 apps/member/forms.py:97 #: apps/registration/forms.py:69 apps/treasury/forms.py:122 #: templates/note/transaction_form.html:126 msgid "First name" @@ -206,7 +206,7 @@ msgstr "Note" msgid "Balance" msgstr "Solde du compte" -#: apps/activity/views.py:47 templates/base.html:120 +#: apps/activity/views.py:47 templates/base.html:121 msgid "Activities" msgstr "Activités" @@ -280,31 +280,35 @@ msgstr "journaux de modifications" msgid "member" msgstr "adhérent" -#: apps/member/forms.py:62 apps/registration/forms.py:44 +#: apps/member/forms.py:46 apps/member/views.py:77 +msgid "An alias with a similar name already exists." +msgstr "Un alias avec un nom similaire existe déjà." + +#: apps/member/forms.py:71 apps/registration/forms.py:44 msgid "Inscription paid by Société Générale" msgstr "Inscription payée par la Société générale" -#: apps/member/forms.py:64 apps/registration/forms.py:46 +#: apps/member/forms.py:73 apps/registration/forms.py:46 msgid "Check this case is the Société Générale paid the inscription." msgstr "Cochez cette case si la Société Générale a payé l'inscription." -#: apps/member/forms.py:69 apps/registration/forms.py:51 +#: apps/member/forms.py:78 apps/registration/forms.py:51 msgid "Credit type" msgstr "Type de rechargement" -#: apps/member/forms.py:70 apps/registration/forms.py:52 +#: apps/member/forms.py:79 apps/registration/forms.py:52 msgid "No credit" msgstr "Pas de rechargement" -#: apps/member/forms.py:72 +#: apps/member/forms.py:81 msgid "You can credit the note of the user." msgstr "Vous pouvez créditer la note de l'utisateur avant l'adhésion." -#: apps/member/forms.py:76 apps/registration/forms.py:57 +#: apps/member/forms.py:85 apps/registration/forms.py:57 msgid "Credit amount" msgstr "Montant à créditer" -#: apps/member/forms.py:93 apps/registration/forms.py:74 +#: apps/member/forms.py:102 apps/registration/forms.py:74 #: apps/treasury/forms.py:124 templates/note/transaction_form.html:132 msgid "Bank" msgstr "Banque" @@ -546,14 +550,10 @@ msgstr "Cette adresse doit être valide." #: apps/member/views.py:67 templates/member/profile_info.html:47 #: templates/registration/future_profile_detail.html:48 -#: templates/wei/weimembership_form.html:124 +#: templates/wei/weimembership_form.html:130 msgid "Update Profile" msgstr "Modifier le profil" -#: apps/member/views.py:77 -msgid "An alias with a similar name already exists." -msgstr "Un alias avec un nom similaire existe déjà." - #: apps/member/views.py:183 msgid "Search user" msgstr "Chercher un utilisateur" @@ -770,7 +770,7 @@ msgstr "" "note de destination n'est pas active." #: apps/note/models/transactions.py:228 -#: templates/activity/activity_entry.html:13 templates/base.html:98 +#: templates/activity/activity_entry.html:13 templates/base.html:99 #: templates/note/transaction_form.html:19 #: templates/note/transaction_form.html:140 msgid "Transfer" @@ -843,7 +843,7 @@ msgstr "Éditer" msgid "Transfer money" msgstr "Transférer de l'argent" -#: apps/note/views.py:140 templates/base.html:93 +#: apps/note/views.py:140 templates/base.html:94 msgid "Consumptions" msgstr "Consommations" @@ -1002,7 +1002,7 @@ msgstr "" "Le montant crédité est trop faible pour adhérer, il doit être au minimum de " "{}" -#: apps/treasury/apps.py:12 templates/base.html:125 +#: apps/treasury/apps.py:12 templates/base.html:126 msgid "Treasury" msgstr "Trésorerie" @@ -1202,7 +1202,7 @@ msgid "No" msgstr "Non" #: apps/wei/apps.py:10 apps/wei/models.py:48 apps/wei/models.py:49 -#: apps/wei/models.py:60 apps/wei/models.py:166 templates/base.html:130 +#: apps/wei/models.py:60 apps/wei/models.py:166 templates/base.html:131 msgid "WEI" msgstr "WEI" @@ -1303,7 +1303,7 @@ msgstr "Crédit de la Société générale" msgid "Caution check given" msgstr "Chèque de caution donné" -#: apps/wei/models.py:180 templates/wei/weimembership_form.html:62 +#: apps/wei/models.py:180 templates/wei/weimembership_form.html:68 msgid "birth date" msgstr "date de naissance" @@ -1323,27 +1323,27 @@ msgstr "Non-binaire" msgid "gender" msgstr "genre" -#: apps/wei/models.py:199 +#: apps/wei/models.py:199 templates/wei/weimembership_form.html:62 msgid "clothing cut" msgstr "coupe de vêtement" -#: apps/wei/models.py:212 +#: apps/wei/models.py:212 templates/wei/weimembership_form.html:65 msgid "clothing size" msgstr "taille de vêtement" -#: apps/wei/models.py:218 templates/wei/weimembership_form.html:65 +#: apps/wei/models.py:218 templates/wei/weimembership_form.html:71 msgid "health issues" msgstr "problèmes de santé" -#: apps/wei/models.py:223 templates/wei/weimembership_form.html:68 +#: apps/wei/models.py:223 templates/wei/weimembership_form.html:74 msgid "emergency contact name" msgstr "Nom du contact en cas d'urgence" -#: apps/wei/models.py:228 templates/wei/weimembership_form.html:71 +#: apps/wei/models.py:228 templates/wei/weimembership_form.html:77 msgid "emergency contact phone" msgstr "Téléphone du contact en cas d'urgence" -#: apps/wei/models.py:233 templates/wei/weimembership_form.html:74 +#: apps/wei/models.py:233 templates/wei/weimembership_form.html:80 msgid "" "Register on the mailing list to stay informed of the events of the campus (1 " "mail/week)" @@ -1351,7 +1351,7 @@ msgstr "" "S'inscrire sur la liste de diffusion pour rester informé des événements sur " "le campus (1 mail par semaine)" -#: apps/wei/models.py:238 templates/wei/weimembership_form.html:77 +#: apps/wei/models.py:238 templates/wei/weimembership_form.html:83 msgid "" "Register on the mailing list to stay informed of the sport events of the " "campus (1 mail/week)" @@ -1359,7 +1359,7 @@ msgstr "" "S'inscrire sur la liste de diffusion pour rester informé des actualités " "sportives sur le campus (1 mail par semaine)" -#: apps/wei/models.py:243 templates/wei/weimembership_form.html:80 +#: apps/wei/models.py:243 templates/wei/weimembership_form.html:86 msgid "" "Register on the mailing list to stay informed of the art events of the " "campus (1 mail/week)" @@ -1605,29 +1605,29 @@ msgstr "Toutes les activités" msgid "The ENS Paris-Saclay BDE note." msgstr "La note du BDE de l'ENS Paris-Saclay." -#: templates/base.html:103 +#: templates/base.html:104 msgid "Users" msgstr "Utilisateurs" -#: templates/base.html:108 +#: templates/base.html:109 msgid "Clubs" msgstr "Clubs" -#: templates/base.html:114 +#: templates/base.html:115 msgid "Registrations" msgstr "Inscriptions" -#: templates/base.html:134 +#: templates/base.html:135 msgid "Rights" msgstr "Droits" -#: templates/base.html:138 +#: templates/base.html:139 #, fuzzy #| msgid "registration" msgid "Administration" msgstr "inscription" -#: templates/base.html:177 +#: templates/base.html:178 msgid "" "Your e-mail address is not validated. Please check your mail inbox and click " "on the validation link." @@ -1916,8 +1916,8 @@ msgid "Validate account" msgstr "Valider le compte" #: templates/registration/future_profile_detail.html:64 -#: templates/wei/weimembership_form.html:134 -#: templates/wei/weimembership_form.html:192 +#: templates/wei/weimembership_form.html:140 +#: templates/wei/weimembership_form.html:198 msgid "Validate registration" msgstr "Valider l'inscription" @@ -1938,7 +1938,7 @@ msgid "Log in again" msgstr "Se connecter à nouveau" #: templates/registration/login.html:7 templates/registration/login.html:8 -#: templates/registration/login.html:21 +#: templates/registration/login.html:22 #: templates/registration/password_reset_complete.html:10 msgid "Log in" msgstr "Se connecter" @@ -1947,12 +1947,14 @@ msgstr "Se connecter" #, python-format msgid "" "You are authenticated as %(username)s, but are not authorized to access this " -"page. Would you like to login to a different account?" +"page. Would you like to login to a different account, or with a higher " +"permission mask?" msgstr "" "Vous êtes connecté en tant que %(username)s, mais vous n'avez le droit " -"d'accéder à cette page. Voulez vous essayer avec un autre compte ?" +"d'accéder à cette page. Voulez-vous essayer avec un autre compte, ou avec " +"un masque de permissions plus fort ?" -#: templates/registration/login.html:22 +#: templates/registration/login.html:23 msgid "Forgotten your password or username?" msgstr "Mot de passe ou pseudo oublié ?" @@ -2309,64 +2311,64 @@ msgstr "Vérifier l'inscription" msgid "ENS year" msgstr "Année à l'ENS" -#: templates/wei/weimembership_form.html:83 +#: templates/wei/weimembership_form.html:89 msgid "Payment from Société générale" msgstr "Paiement de la Société générale" -#: templates/wei/weimembership_form.html:87 +#: templates/wei/weimembership_form.html:93 msgid "Suggested bus from the survey:" msgstr "Bus suggéré par le sondage :" -#: templates/wei/weimembership_form.html:92 +#: templates/wei/weimembership_form.html:98 msgid "Raw survey information" msgstr "Informations brutes du sondage" -#: templates/wei/weimembership_form.html:102 +#: templates/wei/weimembership_form.html:108 msgid "The algorithm didn't run." msgstr "L'algorithme n'a pas été exécuté." -#: templates/wei/weimembership_form.html:105 +#: templates/wei/weimembership_form.html:111 msgid "caution check given" msgstr "chèque de caution donné" -#: templates/wei/weimembership_form.html:109 +#: templates/wei/weimembership_form.html:115 msgid "preferred bus" msgstr "bus préféré" -#: templates/wei/weimembership_form.html:112 +#: templates/wei/weimembership_form.html:118 msgid "preferred team" msgstr "équipe préférée" -#: templates/wei/weimembership_form.html:115 +#: templates/wei/weimembership_form.html:121 msgid "preferred roles" msgstr "rôles préférés" -#: templates/wei/weimembership_form.html:122 +#: templates/wei/weimembership_form.html:128 #: templates/wei/weiregistration_confirm_delete.html:31 msgid "Update registration" msgstr "Mettre à jour l'inscription" -#: templates/wei/weimembership_form.html:138 +#: templates/wei/weimembership_form.html:144 msgid "The registration is already validated and can't be unvalidated." msgstr "L'inscription a déjà été validée et ne peut pas être dévalidée." -#: templates/wei/weimembership_form.html:139 +#: templates/wei/weimembership_form.html:145 msgid "The user joined the bus" msgstr "L'utilisateur a rejoint le bus" -#: templates/wei/weimembership_form.html:140 +#: templates/wei/weimembership_form.html:146 msgid "in the team" msgstr "dans l'équipe" -#: templates/wei/weimembership_form.html:141 +#: templates/wei/weimembership_form.html:147 msgid "in no team (staff)" msgstr "dans aucune équipe (staff)" -#: templates/wei/weimembership_form.html:141 +#: templates/wei/weimembership_form.html:147 msgid "with the following roles:" msgstr "avec les rôles suivants :" -#: templates/wei/weimembership_form.html:146 +#: templates/wei/weimembership_form.html:152 msgid "" "\n" " The WEI will be paid by Société générale. The " @@ -2385,7 +2387,7 @@ msgstr "" "aura validé la création du compte, ou bien changer de moyen de paiement.\n" " " -#: templates/wei/weimembership_form.html:156 +#: templates/wei/weimembership_form.html:162 #, python-format msgid "" "\n" @@ -2398,15 +2400,15 @@ msgstr "" "L'inscription va échouer.\n" " " -#: templates/wei/weimembership_form.html:163 +#: templates/wei/weimembership_form.html:169 msgid "The note has enough money, the registration is possible." msgstr "La note a assez d'argent, l'inscription est possible." -#: templates/wei/weimembership_form.html:170 +#: templates/wei/weimembership_form.html:176 msgid "The user didn't give her/his caution check." msgstr "L'utilisateur n'a pas donné son chèque de caution." -#: templates/wei/weimembership_form.html:178 +#: templates/wei/weimembership_form.html:184 #, python-format msgid "" "\n" diff --git a/note_kfet/admin.py b/note_kfet/admin.py new file mode 100644 index 00000000..67ac872e --- /dev/null +++ b/note_kfet/admin.py @@ -0,0 +1,25 @@ +# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay +# SPDX-License-Identifier: GPL-3.0-or-later + +from django.contrib.admin import AdminSite +from django.contrib.sites.admin import Site, SiteAdmin + +from member.views import CustomLoginView +from .middlewares import get_current_session + + +class StrongAdminSite(AdminSite): + def has_permission(self, request): + """ + Authorize only staff that have the correct permission mask + """ + session = get_current_session() + return request.user.is_active and request.user.is_staff and session.get("permission_mask", -1) >= 42 + + def login(self, request, extra_context=None): + return CustomLoginView.as_view()(request) + + +# Instantiate admin site and register some defaults +admin_site = StrongAdminSite() +admin_site.register(Site, SiteAdmin) diff --git a/note_kfet/urls.py b/note_kfet/urls.py index 9717087a..24ab075d 100644 --- a/note_kfet/urls.py +++ b/note_kfet/urls.py @@ -3,13 +3,14 @@ from django.conf import settings from django.conf.urls.static import static -from django.contrib import admin from django.urls import path, include from django.views.defaults import bad_request, permission_denied, page_not_found, server_error from django.views.generic import RedirectView from member.views import CustomLoginView +from .admin import admin_site + urlpatterns = [ # Dev so redirect to something random path('', RedirectView.as_view(pattern_name='note:transfer'), name='index'), @@ -25,7 +26,7 @@ urlpatterns = [ # Include Django Contrib and Core routers path('i18n/', include('django.conf.urls.i18n')), path('admin/doc/', include('django.contrib.admindocs.urls')), - path('admin/', admin.site.urls, name="admin"), + path('admin/', admin_site.urls, name="admin"), path('accounts/login/', CustomLoginView.as_view()), path('accounts/', include('django.contrib.auth.urls')), path('api/', include('api.urls')), diff --git a/templates/base.html b/templates/base.html index 872fde06..9aa34437 100644 --- a/templates/base.html +++ b/templates/base.html @@ -134,7 +134,7 @@ SPDX-License-Identifier: GPL-3.0-or-later - {% if user.is_staff %} + {% if user.is_staff and ""|has_perm:user %} diff --git a/templates/registration/login.html b/templates/registration/login.html index 32e54e00..87354721 100644 --- a/templates/registration/login.html +++ b/templates/registration/login.html @@ -10,9 +10,10 @@ SPDX-License-Identifier: GPL-2.0-or-later {% block content %} {% if user.is_authenticated %}

- {% blocktrans trimmed %} + {% blocktrans trimmed with username=request.user.username %} You are authenticated as {{ username }}, but are not authorized to - access this page. Would you like to login to a different account? + access this page. Would you like to login to a different account, + or with a higher permission mask? {% endblocktrans %}

{% endif %}