See user information does not imply see the note balance

2020-08-10 16:32:45 +02:00 · 2020-08-10 16:32:45 +02:00 · c612e159cf
parent 1b84c8c603
commit c612e159cf
3 changed files with 13 additions and 9 deletions
--- a/apps/member/tables.py
+++ b/apps/member/tables.py
@ -1,9 +1,9 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-from datetime import datetime

 import django_tables2 as tables
 from django.contrib.auth.models import User
+from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.urls import reverse_lazy
 from django.utils.html import format_html
@ -44,8 +44,9 @@ class UserTable(tables.Table):

    balance = tables.Column(accessor='note.balance', verbose_name=_("Balance"))

-    def render_balance(self, value):
-        return pretty_money(value)
+    def render_balance(self, record, value):
+        return pretty_money(value)\
+            if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", record.note) else "—"

    class Meta:
        attrs = {
@ -105,8 +106,8 @@ class MembershipTable(tables.Table):
                    empty_membership = Membership(
                        club=record.club,
                        user=record.user,
-                        date_start=datetime.now().date(),
-                        date_end=datetime.now().date(),
+                        date_start=timezone.now().date(),
+                        date_end=timezone.now().date(),
                        fee=0,
                    )
                    if PermissionBackend.check_perm(get_current_authenticated_user(),
--- a/apps/member/templates/member/profile_info.html
+++ b/apps/member/templates/member/profile_info.html
@ -1,4 +1,4 @@
-{% load i18n static pretty_money %}
+{% load i18n static pretty_money perms %}

 <div class="card bg-light shadow">
    <div class="card-header text-center" >
@ -32,8 +32,10 @@
            <dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
            <dd class="col-xl-6">{{ user_object.profile.address }}</dd>

-            <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
-            <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
+            {% if "note.view_note"|has_perm:user_object.note %}
+                <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
+                <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
+            {% endif %}

            <dt class="col-xl-6"> <a href="{% url 'member:user_alias' user_object.pk %}">{% trans 'aliases'|capfirst %}</a></dt>
            <dd class="col-xl-6 text-truncate">{{ user_object.note.alias_set.all|join:", " }}</dd>
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@ -2910,7 +2910,8 @@
 				140,
 				145,
 				146,
-				147
+				147,
+				150
 			]
 		}
 	},