ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2024-11-30 04:13:01 +00:00
Code Issues Releases Wiki Activity

Fix note display for users that don't have enough rights

Browse Source
This commit is contained in:
Yohann D'ANELLO 2020-03-19 14:25:43 +01:00
parent 7a4f929b36
commit d083894e9b
6 changed files with 34 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/note/api/serializers.py
View File

@ -4,6 +4,7 @@
from rest_framework import serializers from rest_framework import serializers
from rest_polymorphic.serializers import PolymorphicSerializer from rest_polymorphic.serializers import PolymorphicSerializer
from logs.middlewares import get_current_authenticated_user
from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias
from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \ from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \
TemplateTransaction, SpecialTransaction TemplateTransaction, SpecialTransaction
@ -77,7 +78,10 @@ class AliasSerializer(serializers.ModelSerializer):
fields = '__all__' fields = '__all__'
def get_note(self, alias): def get_note(self, alias):
return NotePolymorphicSerializer().to_representation(alias.note) if get_current_authenticated_user().has_perm("note.view_note", alias.note):
return NotePolymorphicSerializer().to_representation(alias.note)
else:
return alias.note.id
class NotePolymorphicSerializer(PolymorphicSerializer): class NotePolymorphicSerializer(PolymorphicSerializer):

34
apps/note/api/views.py
View File

@ -75,20 +75,7 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
alias = self.request.query_params.get("alias", ".*") alias = self.request.query_params.get("alias", ".*")
queryset = queryset.filter( queryset = queryset.filter(
Q(alias__name__regex="^" + alias) Q(alias__name__regex="^" + alias) | Q(alias__normalized_name__regex="^" + alias.lower()))
| Q(alias__normalized_name__regex="^" + alias.lower()))
note_type = self.request.query_params.get("type", None)
if note_type:
types = str(note_type).lower()
if "user" in types:
queryset = queryset.filter(polymorphic_ctype__model="noteuser")
elif "club" in types:
queryset = queryset.filter(polymorphic_ctype__model="noteclub")
elif "special" in types:
queryset = queryset.filter(polymorphic_ctype__model="notespecial")
else:
queryset = queryset.none()
return queryset.distinct() return queryset.distinct()
@ -117,25 +104,6 @@ class AliasViewSet(ReadProtectedModelViewSet):
queryset = queryset.filter( queryset = queryset.filter(
Q(name__regex="^" + alias) | Q(normalized_name__regex="^" + alias.lower())) Q(name__regex="^" + alias) | Q(normalized_name__regex="^" + alias.lower()))
note_id = self.request.query_params.get("note", None)
if note_id:
queryset = queryset.filter(id=note_id)
note_type = self.request.query_params.get("type", None)
if note_type:
types = str(note_type).lower()
if "user" in types:
queryset = queryset.filter(
note__polymorphic_ctype__model="noteuser")
elif "club" in types:
queryset = queryset.filter(
note__polymorphic_ctype__model="noteclub")
elif "special" in types:
queryset = queryset.filter(
note__polymorphic_ctype__model="notespecial")
else:
queryset = queryset.none()
return queryset return queryset

8
apps/permission/templatetags/perms.py
View File

@ -17,7 +17,9 @@ def has_perm(value):
@stringfilter @stringfilter
def not_empty_model_list(model_name): def not_empty_model_list(model_name):
user = get_current_authenticated_user() user = get_current_authenticated_user()
if user.is_superuser: if user is None:
return False
elif user.is_superuser:
return True return True
spl = model_name.split(".") spl = model_name.split(".")
ct = ContentType.objects.get(app_label=spl[0], model=spl[1]) ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
@ -28,7 +30,9 @@ def not_empty_model_list(model_name):
@stringfilter @stringfilter
def not_empty_model_change_list(model_name): def not_empty_model_change_list(model_name):
user = get_current_authenticated_user() user = get_current_authenticated_user()
if user.is_superuser: if user is None:
return False
elif user.is_superuser:
return True return True
spl = model_name.split(".") spl = model_name.split(".")
ct = ContentType.objects.get(app_label=spl[0], model=spl[1]) ct = ContentType.objects.get(app_label=spl[0], model=spl[1])

9
static/js/base.js
View File

@ -67,7 +67,7 @@ function displayNote(note, alias, user_note_field=null, profile_pic_field=null)
if (note !== null && alias !== note.name) if (note !== null && alias !== note.name)
alias += " (aka. " + note.name + ")"; alias += " (aka. " + note.name + ")";
if (note !== null && user_note_field !== null) if (note !== null && user_note_field !== null)
$("#" + user_note_field).text(alias + " : " + pretty_money(note.balance)); $("#" + user_note_field).text(alias + (note.balance == null ? "" : (" : " + pretty_money(note.balance))));
if (profile_pic_field != null) if (profile_pic_field != null)
$("#" + profile_pic_field).attr('src', img); $("#" + profile_pic_field).attr('src', img);
} }
@ -173,6 +173,13 @@ function autoCompleteNote(field_id, alias_matched_id, note_list_id, notes, notes
aliases.results.forEach(function (alias) { aliases.results.forEach(function (alias) {
let note = alias.note; let note = alias.note;
if (typeof note === "number") {
note = {
id: note,
name: alias.name,
balance: null
};
}
aliases_matched_html += li(alias_prefix + "_" + alias.id, alias.name); aliases_matched_html += li(alias_prefix + "_" + alias.id, alias.name);
note.alias = alias; note.alias = alias;
notes.push(note); notes.push(note);

3
static/js/consos.js
View File

@ -154,7 +154,8 @@ function reset() {
$("#note_list").html(""); $("#note_list").html("");
$("#alias_matched").html(""); $("#alias_matched").html("");
$("#consos_list").html(""); $("#consos_list").html("");
displayNote(null, ""); $("#user_note").text("");
$("#profile_pic").attr("src", "/media/pic/default.png");
refreshHistory(); refreshHistory();
refreshBalance(); refreshBalance();
} }

20
static/js/transfer.js
View File

@ -21,6 +21,8 @@ function reset() {
$("#last_name").val(""); $("#last_name").val("");
$("#first_name").val(""); $("#first_name").val("");
$("#bank").val(""); $("#bank").val("");
$("#user_note").val("");
$("#profile_pic").attr("src", "/media/pic/default.png");
refreshBalance(); refreshBalance();
refreshHistory(); refreshHistory();
} }
@ -30,16 +32,18 @@ $(document).ready(function() {
"source_alias", "source_note", "user_note", "profile_pic"); "source_alias", "source_note", "user_note", "profile_pic");
autoCompleteNote("dest_note", "dest_alias_matched", "dest_note_list", dests, dests_notes_display, autoCompleteNote("dest_note", "dest_alias_matched", "dest_note_list", dests, dests_notes_display,
"dest_alias", "dest_note", "user_note", "profile_pic", function() { "dest_alias", "dest_note", "user_note", "profile_pic", function() {
let last = dests_notes_display[dests_notes_display.length - 1]; if ($("#type_credit").is(":checked") || $("#type_debit").is(":checked")) {
dests_notes_display.length = 0; let last = dests_notes_display[dests_notes_display.length - 1];
dests_notes_display.push(last); dests_notes_display.length = 0;
dests_notes_display.push(last);
last.quantity = 1; last.quantity = 1;
$.getJSON("/api/user/" + last.note.user + "/", function(user) { $.getJSON("/api/user/" + last.note.user + "/", function(user) {
$("#last_name").val(user.last_name); $("#last_name").val(user.last_name);
$("#first_name").val(user.first_name); $("#first_name").val(user.first_name);
}); });
}
return true; return true;
}); });