Commit Graph

231 Commits

Author SHA1 Message Date
Yohann D'ANELLO e60994e065
API Documentation
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 21:06:30 +01:00
Yohann D'ANELLO 016ab5a9c9
Remove dead code, don't try to cover unnecessary things
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 18:45:05 +01:00
Yohann D'ANELLO f570ff3cd5
Check that permissions are working when accessing to API pages
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 18:21:59 +01:00
Yohann D'ANELLO 3a20555663
Unit tests for API pages, closes #83
Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>
2020-12-23 14:54:21 +01:00
Yohann D'ANELLO d47799e6ee
More API filters for the permission app 2020-12-22 12:42:54 +01:00
Yohann D'ANELLO 290848f904 Non-member people can update their profile everytime 2020-12-02 14:58:14 +01:00
Yohann D'ANELLO 7bd895c1df Grant treasurers to update a note picture 2020-10-26 17:58:30 +01:00
Yohann D'ANELLO 051591cb7a Don't see user detail in update form 2020-10-25 21:49:16 +01:00
Yohann D'ANELLO 0e7390b669 PC Kfet can see limited user information and clubs. It can create memberships but not see them 2020-10-25 21:38:04 +01:00
Yohann D'ANELLO 6e80016b38 Don't delete object when checking an add permission: this is useless since we rollback to the initial DB state 2020-10-25 21:08:36 +01:00
Yohann D'ANELLO cb7f3c9f18 Note account can manage BDE memberships 2020-10-23 16:42:06 +02:00
Yohann D'ANELLO f910feca9e PC Kfet can create and renew memberships 2020-10-23 13:17:07 +02:00
Yohann D'ANELLO 91f784872c Treasurers can update any roles, not only the BDE-related 2020-10-23 09:50:18 +02:00
Yohann D'ANELLO 2097e67321 Add permissions to PC Kfet 2020-10-20 00:19:49 +02:00
Yohann D'ANELLO b5fa428bad Non-Kfet members can see their old aliases only, but no one else 2020-10-07 11:22:02 +02:00
Yohann D'ANELLO 0b1bed8048 Temporary give the right to treasurers to manage membership roles, but need to find a proper solution 2020-10-07 10:43:58 +02:00
Yohann D'ANELLO a00d95608b Add permission to treasurers to create a club, fix the permission check to renew a membership 2020-09-23 21:36:04 +02:00
Yohann D'ANELLO 7353348d7a Rollback transaction when checking an add permission (experimental) 2020-09-20 09:07:51 +02:00
Yohann D'ANELLO f63e2e088e Don't log when the permission to lock a note is checked 2020-09-20 08:56:42 +02:00
Yohann D'ANELLO eaf6769e8b Treasurers can make transactions with people that are no longer a member 2020-09-19 16:33:52 +02:00
Yohann D'ANELLO 180cd3e1ec Fix registration permissions and procedure 2020-09-14 09:49:30 +02:00
ynerant 73ca65aa91 Merge branch 'atomicity' into 'beta'
Atomicité

See merge request bde/nk20!122
2020-09-14 09:38:54 +02:00
Yohann D'ANELLO 5ed0560953 Fix linting 2020-09-14 09:09:20 +02:00
Yohann D'ANELLO 872fd8f86d Don't cache permissions in debug mode, that's very slow 2020-09-14 08:58:12 +02:00
Yohann D'ANELLO 80e3cba4c6 BDE Treasurers can see the remittance interface 2020-09-12 18:40:14 +02:00
Yohann D'ANELLO 9b090a145c All transactions are now atomic 2020-09-11 22:52:16 +02:00
Yohann D'ANELLO 72cc1638e6 Authenticate correctly users that connect with an authorization token 2020-09-10 09:31:27 +02:00
Yohann D'ANELLO 6a0dc4cb10 Users can see every API page since querysets are filtered and modifications are protected 2020-09-09 22:27:07 +02:00
Yohann D'ANELLO 428de69d93 Fix permissions to let treasurers to make some initial registrations 2020-09-07 23:36:50 +02:00
Yohann D'ANELLO fa3c723140 The BDE offers 80 € to each new member that registers to the Société générale 2020-09-07 21:33:23 +02:00
Yohann D'ANELLO 346aa94ead Don't trigger signals when we add an object through a permission check 2020-09-07 14:57:30 +02:00
Yohann D'ANELLO 78586b9343 Don't trigger signals when we add an object through a permission check 2020-09-07 14:52:37 +02:00
Alexandre Iooss 89b2ff52e3 Fix I'm the emitter button 2020-09-06 21:38:55 +02:00
Yohann D'ANELLO d5f324c2d5 Test the render of the rights page (more coverage, yeah) 2020-09-06 15:32:18 +02:00
Yohann D'ANELLO 8aac738c4a Treasurers can see any profile and change the note picture of their clubs 2020-09-06 12:55:27 +02:00
Yohann D'ANELLO 96954b1afd Club managers can change the picture of the club note 2020-09-05 14:32:47 +02:00
Yohann D'ANELLO 751a4291ab We are in production, then we commit migrations 2020-09-05 10:05:17 +02:00
Yohann D'ANELLO 5c7fe716ad Fix JSON 2020-09-04 16:43:57 +02:00
Yohann D'ANELLO 9b4923fc04 Fix some permissions, grant temporary all treasurers to make transactions from anyone to anyone while a better system is not implemented 2020-09-04 16:37:17 +02:00
Yohann D'ANELLO c93c81861d Users can change their password, fix #59 2020-09-04 16:28:50 +02:00
Yohann D'ANELLO d76aa3fec9 Some table accessors weren't updated 2020-09-01 19:04:35 +02:00
Yohann D'ANELLO 361ea8cad3 Update Django Tables 2, change accessor from dot to __ 2020-09-01 17:58:58 +02:00
erdnaxe 08defd84e6 Merge branch 'debian_deps' into 'beta'
Debian deps

See merge request bde/nk20!103
2020-09-01 16:09:00 +02:00
Yohann D'ANELLO 7c9287e387 Test and cover note app 2020-09-01 15:54:56 +02:00
Alexandre Iooss 5feb23ad51 Use Debian font awesome 2020-09-01 14:33:38 +02:00
Alexandre Iooss dd9ca315fa Clean up templates header 2020-09-01 10:20:16 +02:00
Alexandre Iooss d9e003a8f4 Remove contenttitle 2020-09-01 10:13:05 +02:00
Yohann D'ANELLO ee26850e34 Add a line to describe superusers, remove useless roles in rights table 2020-08-31 21:49:02 +02:00
Yohann D'ANELLO a9da4a38e1 Order superusers by last name 2020-08-31 21:15:09 +02:00
Yohann D'ANELLO b8c1cfba40 Display superusers in rights list 2020-08-31 21:11:00 +02:00
Yohann D'ANELLO 5e65e2d74a Add "Lock note" feature 2020-08-31 20:15:48 +02:00
Yohann D'ANELLO 56c41258b9 Highlight non-validated activities 2020-08-30 23:54:54 +02:00
Yohann D'ANELLO 7d539d44e5 Display form error when a permission is missing rather than display a 403 page 2020-08-30 16:23:55 +02:00
Yohann D'ANELLO 374e6ed7f8 💚 Fix CI 2020-08-30 11:59:10 +02:00
Alexandre Iooss 891955cedf Cards for all rights template 2020-08-22 10:01:22 +02:00
Rida Lali 2672721235 Add blocks with collapse animation instead of display all 2020-08-21 08:18:00 +02:00
Yohann D'ANELLO b8c3dda95b Replace timezone.now().date() by date.today() 2020-08-16 00:35:13 +02:00
Yohann D'ANELLO da23df05cb Kfet members can edit their own WEI registration 2020-08-16 00:15:33 +02:00
Yohann D'ANELLO 4997a37058 Ensure that the user is authenticated before that it has the permission to see page 2020-08-15 23:27:58 +02:00
Yohann D'ANELLO 5abbb84254 Permissions for activities must be more specific to prevent that anyone can validate its own activity 2020-08-15 22:24:48 +02:00
Yohann D'ANELLO a43abee00b Don't log database changes when we check a permission 2020-08-14 19:00:57 +02:00
Yohann D'ANELLO bb2704323a Spam click on invalidity button is no longer possible 2020-08-13 17:04:10 +02:00
Yohann D'ANELLO c466715e8a Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 15:20:15 +02:00
Yohann D'ANELLO b7a88a387c More tests in WEI app, but we can still go further 2020-08-11 01:03:29 +02:00
Yohann D'ANELLO c612e159cf See user information does not imply see the note balance 2020-08-10 16:32:45 +02:00
Yohann D'ANELLO 1b84c8c603 🐛 The balance must be greater than the *total* amount of a transaction, not the unit price 2020-08-10 16:05:50 +02:00
Alexandre Iooss 7b40ee1ca4 Reorder templates 2020-08-09 19:06:57 +02:00
Yohann D'ANELLO 29f84ea007 Remove test code 2020-08-09 15:42:07 +02:00
Yohann D'ANELLO 679ac3a652 Lock invoices, delete them 2020-08-07 11:04:54 +02:00
Yohann D'ANELLO 0de69cbfaf 💚 Fix linters 2020-08-06 12:50:24 +02:00
Yohann D'ANELLO 24ac3ce45f Display users that have surnormal roles 2020-08-05 21:07:31 +02:00
Yohann D'ANELLO c205219d47 🐛 Fix transaction update concurency 2020-08-05 19:42:44 +02:00
Yohann D'ANELLO 6c9cf73848 Update permissions to see our own note 2020-08-05 12:22:35 +02:00
Yohann D'ANELLO 5ea8d8f870 🎨 Update activity interface 2020-08-03 16:11:05 +02:00
Yohann D'ANELLO 0e8174aacd 🐛 Fix objects with pk 0 2020-08-03 10:50:55 +02:00
Yohann D'ANELLO 58fe8914cf 🐛 Fix infinite loop in permission check 2020-08-02 22:39:30 +02:00
Yohann D'ANELLO f870af139e Typos 2020-08-02 09:51:39 +02:00
Yohann D'ANELLO 7742358b8f Secretaries can view and add memberships 2020-08-02 09:49:45 +02:00
Yohann D'ANELLO 8de7ba14bd Add permission for secretaries 2020-08-02 09:35:32 +02:00
Yohann D'ANELLO 8497dbb25c Club members can see the club 2020-08-02 09:30:18 +02:00
Yohann D'ANELLO 2f018f8c9d Always query distinct objects 2020-08-02 08:57:16 +02:00
Yohann D'ANELLO b706efe463 2A+ can change their selected bus or team if the registration is not validated 2020-08-01 23:27:07 +02:00
Yohann D'ANELLO 8434841ec5 Fix one permission 2020-08-01 22:28:28 +02:00
Yohann D'ANELLO b6453ce03d 💄 Improve Django Admin 2020-08-01 15:13:29 +02:00
Yohann D'ANELLO d7b834d908 Translate rights 2020-07-31 22:29:23 +02:00
Yohann D'ANELLO dca655949e Improve transfer UI 2020-07-31 21:24:23 +02:00
Yohann D'ANELLO 72dcc93136 Club managers can register new members to a club, even if they don't have the right to create a transaction 2020-07-31 09:49:43 +02:00
Yohann D'ANELLO ae629b55ad Add HTML titles 2020-07-30 17:30:21 +02:00
Yohann D'ANELLO aa66361ac7 Update permissions to create clubs.
For now, only superusers can edit the roles of a user.
2020-07-30 16:36:44 +02:00
Yohann D'ANELLO e9cbc8e623 Fix linters 2020-07-30 15:53:23 +02:00
Yohann D'ANELLO 9361f3f2f0 Aliases should load really faster 2020-07-30 15:07:30 +02:00
Yohann D'ANELLO e63219f7ad Force delete some objects 2020-07-30 14:58:18 +02:00
Yohann D'ANELLO 0c0aed0234 🐛 Force delete didn't work as well when trying to check add permissions 2020-07-30 13:10:03 +02:00
Yohann D'ANELLO fb775de923 Add backdoor to login as other users (in debug mode only) 2020-07-30 12:50:48 +02:00
Yohann D'ANELLO cbd36f110a Another uplicated permission 2020-07-29 19:13:29 +02:00
Yohann D'ANELLO c9e68ca66b Duplicated permission 2020-07-29 19:12:16 +02:00
Yohann D'ANELLO 5a91cac08d Add permissions to see clubs and users 2020-07-29 18:37:42 +02:00
Yohann D'ANELLO 4549255198 Treasurers can update invalidity reason 2020-07-29 17:42:06 +02:00
Yohann D'ANELLO 750bdcb2c5 Treasurers can of course click on buttons. Fix PATCH requests on the API 2020-07-29 12:25:53 +02:00
Yohann D'ANELLO b8a88eeda4 Only staff with good permission mask can visit Django Admin 2020-07-29 11:38:59 +02:00