Full membership support

apps/permission/backends.py

@@ -1,6 +1,8 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+import datetime
+
 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User, AnonymousUser
 from django.contrib.contenttypes.models import ContentType
@@ -32,7 +34,8 @@ class PermissionBackend(ModelBackend):
         for permission in Permission.objects.annotate(club=F("rolepermissions__role__membership__club")) \
                 .filter(
             rolepermissions__role__membership__user=user,
-            rolepermissions__role__membership__valid=True,
+            rolepermissions__role__membership__date_start__lte=datetime.date.today(),
+            rolepermissions__role__membership__date_end__gte=datetime.date.today(),
             model__app_label=model.app_label,  # For polymorphic models, we don't filter on model type
             type=type,
         ).all():

apps/permission/models.py

@@ -45,11 +45,13 @@ class InstancedPermission:
                 else:
                     oldpk = obj.pk
                 # Ensure previous models are deleted
-                self.model.model_class().objects.filter(pk=obj.pk).delete()
+                self.model.model_class().objects.filter(pk=obj.pk).annotate(_force_delete=F("pk") + 1).delete()
                 # Force insertion, no data verification, no trigger
+                obj._force_save = True
                 Model.save(obj, force_insert=True)
                 ret = self.model.model_class().objects.filter(self.query & Q(pk=obj.pk)).exists()
                 # Delete testing object
+                obj._force_delete = True
                 Model.delete(obj)
 
                 # If the primary key was specified, we restore it

apps/permission/signals.py

@@ -29,6 +29,9 @@ def pre_save_object(sender, instance, **kwargs):
     if instance._meta.label_lower in EXCLUDED:
         return
 
+    if hasattr(instance, "_force_save"):
+        return
+
     user = get_current_authenticated_user()
     if user is None:
         # Action performed on shell is always granted
@@ -58,32 +61,14 @@ def pre_save_object(sender, instance, **kwargs):
             if not PermissionBackend().has_perm(user, app_label + ".change_" + model_name + "_" + field_name, instance):
                 raise PermissionDenied
     else:
-        # We check if the user can add the model
-
-        # While checking permissions, the object will be inserted in the DB, then removed.
-        # We disable temporary the connectors
-        pre_save.disconnect(pre_save_object)
-        pre_delete.disconnect(pre_delete_object)
-        # We disable also logs connectors
-        pre_save.disconnect(logs_signals.pre_save_object)
-        post_save.disconnect(logs_signals.save_object)
-        post_delete.disconnect(logs_signals.delete_object)
-
         # We check if the user has right to add the object
         has_perm = PermissionBackend().has_perm(user, app_label + ".add_" + model_name, instance)
 
-        # Then we reconnect all
-        pre_save.connect(pre_save_object)
-        pre_delete.connect(pre_delete_object)
-        pre_save.connect(logs_signals.pre_save_object)
-        post_save.connect(logs_signals.save_object)
-        post_delete.connect(logs_signals.delete_object)
-
         if not has_perm:
             raise PermissionDenied
 
 
-def pre_delete_object(sender, instance, **kwargs):
+def pre_delete_object(instance, **kwargs):
     """
     Before a model get deleted, we check the permissions
     """
@@ -91,6 +76,9 @@ def pre_delete_object(sender, instance, **kwargs):
     if instance._meta.label_lower in EXCLUDED:
         return
 
+    if hasattr(instance, "_force_delete"):
+        return
+
     user = get_current_authenticated_user()
     if user is None:
         # Action performed on shell is always granted