|
9b26207515
|
Rework templates for OAuth2
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-09-02 20:59:43 +02:00 |
|
|
7ea36a5415
|
[oauth2] Add view to generate authorization link per application with given scopes
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-09-02 20:59:33 +02:00 |
|
|
898f6d52bf
|
Better templates for OAuth2 authentication
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-09-02 20:59:20 +02:00 |
|
|
8be16e7b58
|
Permissions support fully OAuth2 scopes
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-09-02 20:58:05 +02:00 |
|
|
ea092803d7
|
Check permissions per request instead of per user
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-09-02 20:58:05 +02:00 |
|
|
b4d87bc6b5
|
Fix import
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-09-02 20:58:04 +02:00 |
|
|
dd639d829e
|
Implement OAuth2 scopes based on permissions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-09-02 20:58:04 +02:00 |
|
|
e8f4ca1e09
|
Fix note account
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-08-29 14:40:55 +02:00 |
|
|
8056dc096d
|
[WEI] Old members can create WEI registrations to renew their membership easily
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-08-29 14:33:17 +02:00 |
|
|
d5ecb72a71
|
Update copyright for 2021
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-06-14 21:45:56 +02:00 |
|
|
ec0bcbf015
|
PC Kfet can see all users
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-03-21 10:28:50 +01:00 |
|
|
56c5fa4057
|
We don't need a session to have permissions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
|
2021-03-09 09:41:27 +01:00 |
|
Rida LALI
|
a704b92c3d
|
Prez BDE : ajout transaction random + see all buttons
|
2021-02-20 15:12:08 +01:00 |
|
Yohann D'ANELLO
|
e60994e065
|
API Documentation
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
|
2020-12-23 21:06:30 +01:00 |
|
Yohann D'ANELLO
|
016ab5a9c9
|
Remove dead code, don't try to cover unnecessary things
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
|
2020-12-23 18:45:05 +01:00 |
|
Yohann D'ANELLO
|
f570ff3cd5
|
Check that permissions are working when accessing to API pages
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
|
2020-12-23 18:21:59 +01:00 |
|
Yohann D'ANELLO
|
3a20555663
|
Unit tests for API pages, closes #83
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
|
2020-12-23 14:54:21 +01:00 |
|
Yohann D'ANELLO
|
d47799e6ee
|
More API filters for the permission app
|
2020-12-22 12:42:54 +01:00 |
|
Yohann D'ANELLO
|
290848f904
|
Non-member people can update their profile everytime
|
2020-12-02 14:58:14 +01:00 |
|
Yohann D'ANELLO
|
7bd895c1df
|
Grant treasurers to update a note picture
|
2020-10-26 17:58:30 +01:00 |
|
Yohann D'ANELLO
|
051591cb7a
|
Don't see user detail in update form
|
2020-10-25 21:49:16 +01:00 |
|
Yohann D'ANELLO
|
0e7390b669
|
PC Kfet can see limited user information and clubs. It can create memberships but not see them
|
2020-10-25 21:38:04 +01:00 |
|
Yohann D'ANELLO
|
6e80016b38
|
Don't delete object when checking an add permission: this is useless since we rollback to the initial DB state
|
2020-10-25 21:08:36 +01:00 |
|
Yohann D'ANELLO
|
cb7f3c9f18
|
Note account can manage BDE memberships
|
2020-10-23 16:42:06 +02:00 |
|
Yohann D'ANELLO
|
f910feca9e
|
PC Kfet can create and renew memberships
|
2020-10-23 13:17:07 +02:00 |
|
Yohann D'ANELLO
|
91f784872c
|
Treasurers can update any roles, not only the BDE-related
|
2020-10-23 09:50:18 +02:00 |
|
Yohann D'ANELLO
|
2097e67321
|
Add permissions to PC Kfet
|
2020-10-20 00:19:49 +02:00 |
|
Yohann D'ANELLO
|
b5fa428bad
|
Non-Kfet members can see their old aliases only, but no one else
|
2020-10-07 11:22:02 +02:00 |
|
Yohann D'ANELLO
|
0b1bed8048
|
Temporary give the right to treasurers to manage membership roles, but need to find a proper solution
|
2020-10-07 10:43:58 +02:00 |
|
Yohann D'ANELLO
|
a00d95608b
|
Add permission to treasurers to create a club, fix the permission check to renew a membership
|
2020-09-23 21:36:04 +02:00 |
|
Yohann D'ANELLO
|
7353348d7a
|
Rollback transaction when checking an add permission (experimental)
|
2020-09-20 09:07:51 +02:00 |
|
Yohann D'ANELLO
|
f63e2e088e
|
Don't log when the permission to lock a note is checked
|
2020-09-20 08:56:42 +02:00 |
|
Yohann D'ANELLO
|
eaf6769e8b
|
Treasurers can make transactions with people that are no longer a member
|
2020-09-19 16:33:52 +02:00 |
|
Yohann D'ANELLO
|
180cd3e1ec
|
Fix registration permissions and procedure
|
2020-09-14 09:49:30 +02:00 |
|
ynerant
|
73ca65aa91
|
Merge branch 'atomicity' into 'beta'
Atomicité
See merge request bde/nk20!122
|
2020-09-14 09:38:54 +02:00 |
|
Yohann D'ANELLO
|
5ed0560953
|
Fix linting
|
2020-09-14 09:09:20 +02:00 |
|
Yohann D'ANELLO
|
872fd8f86d
|
Don't cache permissions in debug mode, that's very slow
|
2020-09-14 08:58:12 +02:00 |
|
Yohann D'ANELLO
|
80e3cba4c6
|
BDE Treasurers can see the remittance interface
|
2020-09-12 18:40:14 +02:00 |
|
Yohann D'ANELLO
|
9b090a145c
|
All transactions are now atomic
|
2020-09-11 22:52:16 +02:00 |
|
Yohann D'ANELLO
|
72cc1638e6
|
Authenticate correctly users that connect with an authorization token
|
2020-09-10 09:31:27 +02:00 |
|
Yohann D'ANELLO
|
6a0dc4cb10
|
Users can see every API page since querysets are filtered and modifications are protected
|
2020-09-09 22:27:07 +02:00 |
|
Yohann D'ANELLO
|
428de69d93
|
Fix permissions to let treasurers to make some initial registrations
|
2020-09-07 23:36:50 +02:00 |
|
Yohann D'ANELLO
|
fa3c723140
|
The BDE offers 80 € to each new member that registers to the Société générale
|
2020-09-07 21:33:23 +02:00 |
|
Yohann D'ANELLO
|
346aa94ead
|
Don't trigger signals when we add an object through a permission check
|
2020-09-07 14:57:30 +02:00 |
|
Yohann D'ANELLO
|
78586b9343
|
Don't trigger signals when we add an object through a permission check
|
2020-09-07 14:52:37 +02:00 |
|
Alexandre Iooss
|
89b2ff52e3
|
Fix I'm the emitter button
|
2020-09-06 21:38:55 +02:00 |
|
Yohann D'ANELLO
|
d5f324c2d5
|
Test the render of the rights page (more coverage, yeah)
|
2020-09-06 15:32:18 +02:00 |
|
Yohann D'ANELLO
|
8aac738c4a
|
Treasurers can see any profile and change the note picture of their clubs
|
2020-09-06 12:55:27 +02:00 |
|
Yohann D'ANELLO
|
96954b1afd
|
Club managers can change the picture of the club note
|
2020-09-05 14:32:47 +02:00 |
|
Yohann D'ANELLO
|
751a4291ab
|
We are in production, then we commit migrations
|
2020-09-05 10:05:17 +02:00 |
|
Yohann D'ANELLO
|
5c7fe716ad
|
Fix JSON
|
2020-09-04 16:43:57 +02:00 |
|
Yohann D'ANELLO
|
9b4923fc04
|
Fix some permissions, grant temporary all treasurers to make transactions from anyone to anyone while a better system is not implemented
|
2020-09-04 16:37:17 +02:00 |
|
Yohann D'ANELLO
|
c93c81861d
|
Users can change their password, fix #59
|
2020-09-04 16:28:50 +02:00 |
|
Yohann D'ANELLO
|
d76aa3fec9
|
Some table accessors weren't updated
|
2020-09-01 19:04:35 +02:00 |
|
Yohann D'ANELLO
|
361ea8cad3
|
Update Django Tables 2, change accessor from dot to __
|
2020-09-01 17:58:58 +02:00 |
|
erdnaxe
|
08defd84e6
|
Merge branch 'debian_deps' into 'beta'
Debian deps
See merge request bde/nk20!103
|
2020-09-01 16:09:00 +02:00 |
|
Yohann D'ANELLO
|
7c9287e387
|
Test and cover note app
|
2020-09-01 15:54:56 +02:00 |
|
Alexandre Iooss
|
5feb23ad51
|
Use Debian font awesome
|
2020-09-01 14:33:38 +02:00 |
|
Alexandre Iooss
|
dd9ca315fa
|
Clean up templates header
|
2020-09-01 10:20:16 +02:00 |
|
Alexandre Iooss
|
d9e003a8f4
|
Remove contenttitle
|
2020-09-01 10:13:05 +02:00 |
|
Yohann D'ANELLO
|
ee26850e34
|
Add a line to describe superusers, remove useless roles in rights table
|
2020-08-31 21:49:02 +02:00 |
|
Yohann D'ANELLO
|
a9da4a38e1
|
Order superusers by last name
|
2020-08-31 21:15:09 +02:00 |
|
Yohann D'ANELLO
|
b8c1cfba40
|
Display superusers in rights list
|
2020-08-31 21:11:00 +02:00 |
|
Yohann D'ANELLO
|
5e65e2d74a
|
✨ Add "Lock note" feature
|
2020-08-31 20:15:48 +02:00 |
|
Yohann D'ANELLO
|
56c41258b9
|
Highlight non-validated activities
|
2020-08-30 23:54:54 +02:00 |
|
Yohann D'ANELLO
|
7d539d44e5
|
Display form error when a permission is missing rather than display a 403 page
|
2020-08-30 16:23:55 +02:00 |
|
Yohann D'ANELLO
|
374e6ed7f8
|
💚 Fix CI
|
2020-08-30 11:59:10 +02:00 |
|
Alexandre Iooss
|
891955cedf
|
Cards for all rights template
|
2020-08-22 10:01:22 +02:00 |
|
Rida Lali
|
2672721235
|
Add blocks with collapse animation instead of display all
|
2020-08-21 08:18:00 +02:00 |
|
Yohann D'ANELLO
|
b8c3dda95b
|
Replace timezone.now().date() by date.today()
|
2020-08-16 00:35:13 +02:00 |
|
Yohann D'ANELLO
|
da23df05cb
|
Kfet members can edit their own WEI registration
|
2020-08-16 00:15:33 +02:00 |
|
Yohann D'ANELLO
|
4997a37058
|
Ensure that the user is authenticated before that it has the permission to see page
|
2020-08-15 23:27:58 +02:00 |
|
Yohann D'ANELLO
|
5abbb84254
|
Permissions for activities must be more specific to prevent that anyone can validate its own activity
|
2020-08-15 22:24:48 +02:00 |
|
Yohann D'ANELLO
|
a43abee00b
|
Don't log database changes when we check a permission
|
2020-08-14 19:00:57 +02:00 |
|
Yohann D'ANELLO
|
bb2704323a
|
Spam click on invalidity button is no longer possible
|
2020-08-13 17:04:10 +02:00 |
|
Yohann D'ANELLO
|
c466715e8a
|
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53
|
2020-08-13 15:20:15 +02:00 |
|
Yohann D'ANELLO
|
b7a88a387c
|
More tests in WEI app, but we can still go further
|
2020-08-11 01:03:29 +02:00 |
|
Yohann D'ANELLO
|
c612e159cf
|
See user information does not imply see the note balance
|
2020-08-10 16:32:45 +02:00 |
|
Yohann D'ANELLO
|
1b84c8c603
|
🐛 The balance must be greater than the *total* amount of a transaction, not the unit price
|
2020-08-10 16:05:50 +02:00 |
|
Alexandre Iooss
|
7b40ee1ca4
|
Reorder templates
|
2020-08-09 19:06:57 +02:00 |
|
Yohann D'ANELLO
|
29f84ea007
|
Remove test code
|
2020-08-09 15:42:07 +02:00 |
|
Yohann D'ANELLO
|
679ac3a652
|
Lock invoices, delete them
|
2020-08-07 11:04:54 +02:00 |
|
Yohann D'ANELLO
|
0de69cbfaf
|
💚 Fix linters
|
2020-08-06 12:50:24 +02:00 |
|
Yohann D'ANELLO
|
24ac3ce45f
|
Display users that have surnormal roles
|
2020-08-05 21:07:31 +02:00 |
|
Yohann D'ANELLO
|
c205219d47
|
🐛 Fix transaction update concurency
|
2020-08-05 19:42:44 +02:00 |
|
Yohann D'ANELLO
|
6c9cf73848
|
Update permissions to see our own note
|
2020-08-05 12:22:35 +02:00 |
|
Yohann D'ANELLO
|
5ea8d8f870
|
🎨 Update activity interface
|
2020-08-03 16:11:05 +02:00 |
|
Yohann D'ANELLO
|
0e8174aacd
|
🐛 Fix objects with pk 0
|
2020-08-03 10:50:55 +02:00 |
|
Yohann D'ANELLO
|
58fe8914cf
|
🐛 Fix infinite loop in permission check
|
2020-08-02 22:39:30 +02:00 |
|
Yohann D'ANELLO
|
f870af139e
|
Typos
|
2020-08-02 09:51:39 +02:00 |
|
Yohann D'ANELLO
|
7742358b8f
|
Secretaries can view and add memberships
|
2020-08-02 09:49:45 +02:00 |
|
Yohann D'ANELLO
|
8de7ba14bd
|
Add permission for secretaries
|
2020-08-02 09:35:32 +02:00 |
|
Yohann D'ANELLO
|
8497dbb25c
|
Club members can see the club
|
2020-08-02 09:30:18 +02:00 |
|
Yohann D'ANELLO
|
2f018f8c9d
|
Always query distinct objects
|
2020-08-02 08:57:16 +02:00 |
|
Yohann D'ANELLO
|
b706efe463
|
2A+ can change their selected bus or team if the registration is not validated
|
2020-08-01 23:27:07 +02:00 |
|
Yohann D'ANELLO
|
8434841ec5
|
Fix one permission
|
2020-08-01 22:28:28 +02:00 |
|
Yohann D'ANELLO
|
b6453ce03d
|
💄 Improve Django Admin
|
2020-08-01 15:13:29 +02:00 |
|
Yohann D'ANELLO
|
d7b834d908
|
Translate rights
|
2020-07-31 22:29:23 +02:00 |
|
Yohann D'ANELLO
|
dca655949e
|
Improve transfer UI
|
2020-07-31 21:24:23 +02:00 |
|
Yohann D'ANELLO
|
72dcc93136
|
Club managers can register new members to a club, even if they don't have the right to create a transaction
|
2020-07-31 09:49:43 +02:00 |
|