Commit Graph

227 Commits

Author SHA1 Message Date
bleizi 103e2d0635
add GC anti-VSS 2023-08-31 15:25:44 +02:00
bleizi aedf0e87ba
prez BDE can block note 2023-08-31 13:46:27 +02:00
bleizi 03d2d5f03e
change -50€ to -20€ and doc 2023-08-22 21:51:02 +02:00
bleizi d2057a9f45
remove respo-info perm and change Prez BDE prem 2023-08-22 21:19:05 +02:00
bleizi 6b1cd3ba7a
manage self aliases for BDE member instead of kfet 2023-07-24 12:42:44 +02:00
bleizi e0132b6dc8
migration permission 2023-07-24 12:20:16 +02:00
bleizi 31e67ae3f6
typo 2023-07-09 16:06:30 +02:00
bleizi 2839d3de1e
club facultatif pour un role lors du changement dans l'interface admin 2023-06-22 14:52:11 +02:00
bleizi 30afa6da0a
création d'une permission pour faire les crédits uniquement 2023-06-12 18:29:23 +02:00
bleizi 84fc77696f
see activities: BDE members instead of kfet 2023-06-05 19:04:19 +02:00
bleizi 19fc620d1f
see kfet members' note for respot 2023-06-05 17:26:49 +02:00
Théo Le Moigne 62cf8f9d84
forgetted coma 2023-03-28 20:41:53 +02:00
Théo Le Moigne 2dd1c3fb89
change mask for some perm 2023-03-20 22:35:51 +01:00
Théo Le Moigne c8665c5798
change permissions for role 2023-03-20 22:21:18 +01:00
Théo Le Moigne e9f1b6f52d
change permanent permissions 2023-03-20 17:19:14 +01:00
Théo Le Moigne 1d95ae4810
sort perm by number 2023-03-20 16:16:32 +01:00
Théo Le Moigne c429734810
fix bug 2022-11-12 14:51:22 +01:00
Nicolas Margulies e29b42eecc
Add permissions related to trusting 2022-04-13 12:30:22 +02:00
Yohann D'ANELLO 4161248bff
Add permissions to view/create/change/delete OAuth2 applications
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2022-03-09 12:06:19 +01:00
Yohann D'ANELLO 18a1282773
Implement optional scopes : clients can request scopes, but they are not guaranteed to get them
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-23 21:59:37 +01:00
Yohann D'ANELLO 132afc3d15
Fix scope view
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-15 18:59:23 +01:00
Yohann D'ANELLO 4b6e3ba546
Display club transactions only with note rights, fixes #107
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 20:01:00 +01:00
Yohann D'ANELLO b204805ce2
Add permissions to (un)lock club notes
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 18:31:36 +01:00
Yohann D'ANELLO 2f28e34cec
Fix permissions to lock our own note
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-12-13 18:27:24 +01:00
Yohann D'ANELLO 38ca414ef6
Res[pot] can display user information in order to get first/last name in credits
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-06 10:44:24 +02:00
Yohann D'ANELLO 654c01631a
BDE members can see aliases from other people now
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 18:29:34 +02:00
Yohann D'ANELLO 62431a4910
Treasurers can manage activity entries
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-10-04 13:49:16 +02:00
Yohann D'ANELLO 7edd622755
BDE members can now use their note balance for personal transactions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-08 18:35:36 +02:00
Yohann D'ANELLO 03411ac9bd
Don't check permissions in a script
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-08 16:59:44 +02:00
Yohann D'ANELLO 4b03a78ad6
Fix password change form from unauthenticated users
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-07 12:57:03 +02:00
Yohann D'ANELLO ad04e45992
PC Kfet can create and update Sogé credits (but not see them)
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-06 11:43:39 +02:00
Yohann D'ANELLO fbf64db16e
Simple test to check permissions with the new OAuth2 implementation
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:59:45 +02:00
Yohann D'ANELLO a3fd8ba063
Bad paste in comment
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:59:45 +02:00
Yohann D'ANELLO 9b26207515
Rework templates for OAuth2
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:59:43 +02:00
Yohann D'ANELLO 7ea36a5415
[oauth2] Add view to generate authorization link per application with given scopes
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:59:33 +02:00
Yohann D'ANELLO 898f6d52bf
Better templates for OAuth2 authentication
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:59:20 +02:00
Yohann D'ANELLO 8be16e7b58
Permissions support fully OAuth2 scopes
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:05 +02:00
Yohann D'ANELLO ea092803d7
Check permissions per request instead of per user
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:05 +02:00
Yohann D'ANELLO b4d87bc6b5
Fix import
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:04 +02:00
Yohann D'ANELLO dd639d829e
Implement OAuth2 scopes based on permissions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:04 +02:00
Yohann D'ANELLO e8f4ca1e09
Fix note account
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-08-29 14:40:55 +02:00
Yohann D'ANELLO 8056dc096d
[WEI] Old members can create WEI registrations to renew their membership easily
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-08-29 14:33:17 +02:00
Yohann D'ANELLO d5ecb72a71
Update copyright for 2021
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-06-14 21:45:56 +02:00
Yohann D'ANELLO ec0bcbf015
PC Kfet can see all users
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-03-21 10:28:50 +01:00
Yohann D'ANELLO 56c5fa4057
We don't need a session to have permissions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-03-09 09:41:27 +01:00
Rida LALI a704b92c3d
Prez BDE : ajout transaction random + see all buttons 2021-02-20 15:12:08 +01:00
Yohann D'ANELLO e60994e065
API Documentation
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 21:06:30 +01:00
Yohann D'ANELLO 016ab5a9c9
Remove dead code, don't try to cover unnecessary things
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 18:45:05 +01:00
Yohann D'ANELLO f570ff3cd5
Check that permissions are working when accessing to API pages
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 18:21:59 +01:00
Yohann D'ANELLO 3a20555663
Unit tests for API pages, closes #83
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 14:54:21 +01:00