mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-12-23 16:02:25 +00:00
Merge branch 'beta' into 'master'
Permissions PC Kfet See merge request bde/nk20!138
This commit is contained in:
commit
e5e94c52f2
@ -43,8 +43,24 @@ class UserTable(tables.Table):
|
|||||||
|
|
||||||
section = tables.Column(accessor='profile__section')
|
section = tables.Column(accessor='profile__section')
|
||||||
|
|
||||||
|
# Override the column to let replace the URL
|
||||||
|
email = tables.EmailColumn(linkify=lambda record: "mailto:{}".format(record.email))
|
||||||
|
|
||||||
balance = tables.Column(accessor='note__balance', verbose_name=_("Balance"))
|
balance = tables.Column(accessor='note__balance', verbose_name=_("Balance"))
|
||||||
|
|
||||||
|
def render_email(self, record, value):
|
||||||
|
# Replace the email by a dash if the user can't see the profile detail
|
||||||
|
# Replace also the URL
|
||||||
|
if not PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile):
|
||||||
|
value = "—"
|
||||||
|
record.email = value
|
||||||
|
return value
|
||||||
|
|
||||||
|
def render_section(self, record, value):
|
||||||
|
return value \
|
||||||
|
if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile) \
|
||||||
|
else "—"
|
||||||
|
|
||||||
def render_balance(self, record, value):
|
def render_balance(self, record, value):
|
||||||
return pretty_money(value)\
|
return pretty_money(value)\
|
||||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", record.note) else "—"
|
if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", record.note) else "—"
|
||||||
|
@ -25,25 +25,27 @@
|
|||||||
</a>
|
</a>
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
<dt class="col-xl-6">{% trans 'section'|capfirst %}</dt>
|
{% if "member.view_profile"|has_perm:user_object.profile %}
|
||||||
<dd class="col-xl-6">{{ user_object.profile.section }}</dd>
|
<dt class="col-xl-6">{% trans 'section'|capfirst %}</dt>
|
||||||
|
<dd class="col-xl-6">{{ user_object.profile.section }}</dd>
|
||||||
|
|
||||||
<dt class="col-xl-6">{% trans 'email'|capfirst %}</dt>
|
<dt class="col-xl-6">{% trans 'email'|capfirst %}</dt>
|
||||||
<dd class="col-xl-6"><a href="mailto:{{ user_object.email }}">{{ user_object.email }}</a></dd>
|
<dd class="col-xl-6"><a href="mailto:{{ user_object.email }}">{{ user_object.email }}</a></dd>
|
||||||
|
|
||||||
<dt class="col-xl-6">{% trans 'phone number'|capfirst %}</dt>
|
<dt class="col-xl-6">{% trans 'phone number'|capfirst %}</dt>
|
||||||
<dd class="col-xl-6"><a href="tel:{{ user_object.profile.phone_number }}">{{ user_object.profile.phone_number }}</a>
|
<dd class="col-xl-6"><a href="tel:{{ user_object.profile.phone_number }}">{{ user_object.profile.phone_number }}</a>
|
||||||
</dd>
|
</dd>
|
||||||
|
|
||||||
<dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
|
<dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
|
||||||
<dd class="col-xl-6">{{ user_object.profile.address }}</dd>
|
<dd class="col-xl-6">{{ user_object.profile.address }}</dd>
|
||||||
|
|
||||||
{% if user_object.note and "note.view_note"|has_perm:user_object.note %}
|
{% if user_object.note and "note.view_note"|has_perm:user_object.note %}
|
||||||
<dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
|
<dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
|
||||||
<dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
|
<dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
|
||||||
|
|
||||||
<dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt>
|
<dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt>
|
||||||
<dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd>
|
<dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd>
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</dl>
|
</dl>
|
||||||
|
|
||||||
|
@ -70,10 +70,11 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
|
|||||||
form.fields['email'].required = True
|
form.fields['email'].required = True
|
||||||
form.fields['email'].help_text = _("This address must be valid.")
|
form.fields['email'].help_text = _("This address must be valid.")
|
||||||
|
|
||||||
context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
|
if PermissionBackend.check_perm(self.request.user, "member.change_profile", context['user_object'].profile):
|
||||||
data=self.request.POST if self.request.POST else None)
|
context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
|
||||||
if not self.object.profile.report_frequency:
|
data=self.request.POST if self.request.POST else None)
|
||||||
del context['profile_form'].fields["last_report"]
|
if not self.object.profile.report_frequency:
|
||||||
|
del context['profile_form'].fields["last_report"]
|
||||||
|
|
||||||
return context
|
return context
|
||||||
|
|
||||||
@ -677,11 +678,13 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
|
|||||||
if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"):
|
if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"):
|
||||||
if not last_name:
|
if not last_name:
|
||||||
form.add_error('last_name', _("This field is required."))
|
form.add_error('last_name', _("This field is required."))
|
||||||
|
error = True
|
||||||
if not first_name:
|
if not first_name:
|
||||||
form.add_error('first_name', _("This field is required."))
|
form.add_error('first_name', _("This field is required."))
|
||||||
|
error = True
|
||||||
if not bank and credit_type.special_type == "Chèque":
|
if not bank and credit_type.special_type == "Chèque":
|
||||||
form.add_error('bank', _("This field is required."))
|
form.add_error('bank', _("This field is required."))
|
||||||
return self.form_invalid(form)
|
error = True
|
||||||
|
|
||||||
return not error
|
return not error
|
||||||
|
|
||||||
|
@ -2839,6 +2839,22 @@
|
|||||||
"description": "Voir n'importe quel profil non encore inscrit"
|
"description": "Voir n'importe quel profil non encore inscrit"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"model": "permission.permission",
|
||||||
|
"pk": 182,
|
||||||
|
"fields": {
|
||||||
|
"model": [
|
||||||
|
"auth",
|
||||||
|
"user"
|
||||||
|
],
|
||||||
|
"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
|
||||||
|
"type": "view",
|
||||||
|
"mask": 2,
|
||||||
|
"field": "",
|
||||||
|
"permanent": false,
|
||||||
|
"description": "Voir n'importe quel utilisateur qui est adhérent BDE"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"model": "permission.role",
|
"model": "permission.role",
|
||||||
"pk": 1,
|
"pk": 1,
|
||||||
@ -2971,14 +2987,14 @@
|
|||||||
62,
|
62,
|
||||||
127,
|
127,
|
||||||
133,
|
133,
|
||||||
135,
|
|
||||||
136,
|
136,
|
||||||
141,
|
141,
|
||||||
142,
|
142,
|
||||||
150,
|
150,
|
||||||
166,
|
166,
|
||||||
167,
|
167,
|
||||||
168
|
168,
|
||||||
|
182
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@ -3271,7 +3287,12 @@
|
|||||||
170,
|
170,
|
||||||
171,
|
171,
|
||||||
176,
|
176,
|
||||||
177
|
177,
|
||||||
|
178,
|
||||||
|
179,
|
||||||
|
180,
|
||||||
|
181,
|
||||||
|
182
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@ -3466,7 +3487,9 @@
|
|||||||
56,
|
56,
|
||||||
57,
|
57,
|
||||||
58,
|
58,
|
||||||
|
137,
|
||||||
143,
|
143,
|
||||||
|
147,
|
||||||
150,
|
150,
|
||||||
166,
|
166,
|
||||||
167,
|
167,
|
||||||
@ -3474,7 +3497,8 @@
|
|||||||
176,
|
176,
|
||||||
177,
|
177,
|
||||||
180,
|
180,
|
||||||
181
|
181,
|
||||||
|
182
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -45,6 +45,7 @@ class InstancedPermission:
|
|||||||
with transaction.atomic():
|
with transaction.atomic():
|
||||||
sid = transaction.savepoint()
|
sid = transaction.savepoint()
|
||||||
for o in self.model.model_class().objects.filter(pk=0).all():
|
for o in self.model.model_class().objects.filter(pk=0).all():
|
||||||
|
o._no_signal = True
|
||||||
o._force_delete = True
|
o._force_delete = True
|
||||||
Model.delete(o)
|
Model.delete(o)
|
||||||
# An object with pk 0 wouldn't deleted. That's not normal, we alert admins.
|
# An object with pk 0 wouldn't deleted. That's not normal, we alert admins.
|
||||||
@ -62,10 +63,6 @@ class InstancedPermission:
|
|||||||
obj._no_signal = True
|
obj._no_signal = True
|
||||||
Model.save(obj, force_insert=True)
|
Model.save(obj, force_insert=True)
|
||||||
ret = self.model.model_class().objects.filter(self.query & Q(pk=0)).exists()
|
ret = self.model.model_class().objects.filter(self.query & Q(pk=0)).exists()
|
||||||
# Delete testing object
|
|
||||||
obj._no_signal = True
|
|
||||||
obj._force_delete = True
|
|
||||||
Model.delete(obj)
|
|
||||||
transaction.savepoint_rollback(sid)
|
transaction.savepoint_rollback(sid)
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
|
@ -51,8 +51,10 @@ class ProtectQuerysetMixin:
|
|||||||
# No worry if the user change the hidden fields: a 403 error will be performed if the user tries to make
|
# No worry if the user change the hidden fields: a 403 error will be performed if the user tries to make
|
||||||
# a custom request.
|
# a custom request.
|
||||||
# We could also delete the field, but some views might be affected.
|
# We could also delete the field, but some views might be affected.
|
||||||
|
meta = form.instance._meta
|
||||||
for key in form.base_fields:
|
for key in form.base_fields:
|
||||||
if not PermissionBackend.check_perm(self.request.user, "wei.change_weiregistration_" + key, self.object):
|
if not PermissionBackend.check_perm(self.request.user,
|
||||||
|
f"{meta.app_label}.change_{meta.model_name}_" + key, self.object):
|
||||||
form.fields[key].widget = HiddenInput()
|
form.fields[key].widget = HiddenInput()
|
||||||
|
|
||||||
return form
|
return form
|
||||||
|
Loading…
Reference in New Issue
Block a user