1
0
mirror of https://gitlab.crans.org/bde/nk20 synced 2024-12-18 13:32:28 +00:00
Commit Graph

192 Commits

Author SHA1 Message Date
898f6d52bf
Better templates for OAuth2 authentication
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:59:20 +02:00
8be16e7b58
Permissions support fully OAuth2 scopes
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:05 +02:00
ea092803d7
Check permissions per request instead of per user
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:05 +02:00
b4d87bc6b5
Fix import
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:04 +02:00
dd639d829e
Implement OAuth2 scopes based on permissions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-09-02 20:58:04 +02:00
e8f4ca1e09
Fix note account
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-08-29 14:40:55 +02:00
8056dc096d
[WEI] Old members can create WEI registrations to renew their membership easily
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-08-29 14:33:17 +02:00
d5ecb72a71
Update copyright for 2021
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-06-14 21:45:56 +02:00
ec0bcbf015
PC Kfet can see all users
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-03-21 10:28:50 +01:00
56c5fa4057
We don't need a session to have permissions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-03-09 09:41:27 +01:00
Rida LALI
a704b92c3d
Prez BDE : ajout transaction random + see all buttons 2021-02-20 15:12:08 +01:00
Yohann D'ANELLO
e60994e065
API Documentation
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 21:06:30 +01:00
Yohann D'ANELLO
016ab5a9c9
Remove dead code, don't try to cover unnecessary things
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 18:45:05 +01:00
Yohann D'ANELLO
f570ff3cd5
Check that permissions are working when accessing to API pages
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 18:21:59 +01:00
Yohann D'ANELLO
3a20555663
Unit tests for API pages, closes #83
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 14:54:21 +01:00
Yohann D'ANELLO
d47799e6ee
More API filters for the permission app 2020-12-22 12:42:54 +01:00
Yohann D'ANELLO
290848f904 Non-member people can update their profile everytime 2020-12-02 14:58:14 +01:00
Yohann D'ANELLO
7bd895c1df Grant treasurers to update a note picture 2020-10-26 17:58:30 +01:00
Yohann D'ANELLO
051591cb7a Don't see user detail in update form 2020-10-25 21:49:16 +01:00
Yohann D'ANELLO
0e7390b669 PC Kfet can see limited user information and clubs. It can create memberships but not see them 2020-10-25 21:38:04 +01:00
Yohann D'ANELLO
6e80016b38 Don't delete object when checking an add permission: this is useless since we rollback to the initial DB state 2020-10-25 21:08:36 +01:00
Yohann D'ANELLO
cb7f3c9f18 Note account can manage BDE memberships 2020-10-23 16:42:06 +02:00
Yohann D'ANELLO
f910feca9e PC Kfet can create and renew memberships 2020-10-23 13:17:07 +02:00
Yohann D'ANELLO
91f784872c Treasurers can update any roles, not only the BDE-related 2020-10-23 09:50:18 +02:00
Yohann D'ANELLO
2097e67321 Add permissions to PC Kfet 2020-10-20 00:19:49 +02:00
Yohann D'ANELLO
b5fa428bad Non-Kfet members can see their old aliases only, but no one else 2020-10-07 11:22:02 +02:00
Yohann D'ANELLO
0b1bed8048 Temporary give the right to treasurers to manage membership roles, but need to find a proper solution 2020-10-07 10:43:58 +02:00
Yohann D'ANELLO
a00d95608b Add permission to treasurers to create a club, fix the permission check to renew a membership 2020-09-23 21:36:04 +02:00
Yohann D'ANELLO
7353348d7a Rollback transaction when checking an add permission (experimental) 2020-09-20 09:07:51 +02:00
Yohann D'ANELLO
f63e2e088e Don't log when the permission to lock a note is checked 2020-09-20 08:56:42 +02:00
Yohann D'ANELLO
eaf6769e8b Treasurers can make transactions with people that are no longer a member 2020-09-19 16:33:52 +02:00
Yohann D'ANELLO
180cd3e1ec Fix registration permissions and procedure 2020-09-14 09:49:30 +02:00
ynerant
73ca65aa91 Merge branch 'atomicity' into 'beta'
Atomicité

See merge request bde/nk20!122
2020-09-14 09:38:54 +02:00
Yohann D'ANELLO
5ed0560953 Fix linting 2020-09-14 09:09:20 +02:00
Yohann D'ANELLO
872fd8f86d Don't cache permissions in debug mode, that's very slow 2020-09-14 08:58:12 +02:00
Yohann D'ANELLO
80e3cba4c6 BDE Treasurers can see the remittance interface 2020-09-12 18:40:14 +02:00
Yohann D'ANELLO
9b090a145c All transactions are now atomic 2020-09-11 22:52:16 +02:00
Yohann D'ANELLO
72cc1638e6 Authenticate correctly users that connect with an authorization token 2020-09-10 09:31:27 +02:00
Yohann D'ANELLO
6a0dc4cb10 Users can see every API page since querysets are filtered and modifications are protected 2020-09-09 22:27:07 +02:00
Yohann D'ANELLO
428de69d93 Fix permissions to let treasurers to make some initial registrations 2020-09-07 23:36:50 +02:00
Yohann D'ANELLO
fa3c723140 The BDE offers 80 € to each new member that registers to the Société générale 2020-09-07 21:33:23 +02:00
Yohann D'ANELLO
346aa94ead Don't trigger signals when we add an object through a permission check 2020-09-07 14:57:30 +02:00
Yohann D'ANELLO
78586b9343 Don't trigger signals when we add an object through a permission check 2020-09-07 14:52:37 +02:00
Alexandre Iooss
89b2ff52e3 Fix I'm the emitter button 2020-09-06 21:38:55 +02:00
Yohann D'ANELLO
d5f324c2d5 Test the render of the rights page (more coverage, yeah) 2020-09-06 15:32:18 +02:00
Yohann D'ANELLO
8aac738c4a Treasurers can see any profile and change the note picture of their clubs 2020-09-06 12:55:27 +02:00
Yohann D'ANELLO
96954b1afd Club managers can change the picture of the club note 2020-09-05 14:32:47 +02:00
Yohann D'ANELLO
751a4291ab We are in production, then we commit migrations 2020-09-05 10:05:17 +02:00
Yohann D'ANELLO
5c7fe716ad Fix JSON 2020-09-04 16:43:57 +02:00
Yohann D'ANELLO
9b4923fc04 Fix some permissions, grant temporary all treasurers to make transactions from anyone to anyone while a better system is not implemented 2020-09-04 16:37:17 +02:00