SMTP user and password are None by default, add From Email tag

apps/activity/views.py

@@ -38,6 +38,9 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
     table_class = ActivityTable
     ordering = ('-date_start',)
 
+    def get_queryset(self):
+        return super().get_queryset().distinct()
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 

apps/member/views.py

@@ -642,7 +642,7 @@ class ClubManageRolesView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
         del form.fields['bank']
 
         club = self.object.club
-        form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=isinstance(club, WEIClub))
+        form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=not isinstance(club, WEIClub))
                                                             & (Q(for_club__isnull=True) | Q(for_club=club))).all()
 
         return form

apps/permission/backends.py

@@ -36,27 +36,20 @@ class PermissionBackend(ModelBackend):
             # Unauthenticated users have no permissions
             return Permission.objects.none()
 
-        qs = Permission.objects.annotate(
+        memberships = Membership.objects.filter(user=user).all()
-            club=F("role__membership__club"),
+        
-            membership=F("role__membership"),
+        perms = []
-        ).filter(
+
-            (
+        for membership in memberships:
-                Q(
+            for role in membership.roles.all():
-                    role__membership__date_start__lte=timezone.now().today(),
+                for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", 42)).all():
-                    role__membership__date_end__gte=timezone.now().today(),
+                    if not perm.permanent:
-                )
+                        if membership.date_start > timezone.now().date() or membership.date_end < timezone.now().date():
-                | Q(permanent=True)
+                            continue
-            )
+                    perm.membership = membership
-            & Q(role__membership__user=user)
+                    perms.append(perm)
-            & Q(type=t)
+        return perms
-            & Q(mask__rank__lte=get_current_session().get("permission_mask", 0))
-        )
 
-        if settings.DATABASES[qs.db]["ENGINE"] == 'django.db.backends.postgresql_psycopg2':
-            qs = qs.distinct('pk', 'club')
-        else:  # SQLite doesn't support distinct fields.
-            qs = qs.distinct()
-        return qs
 
     @staticmethod
     def permissions(user, model, type):
@@ -67,22 +60,13 @@ class PermissionBackend(ModelBackend):
         :param type: The type of the permissions: view, change, add or delete
         :return: A generator of the requested permissions
         """
-        clubs = {}
-        memberships = {}
 
         for permission in PermissionBackend.get_raw_permissions(user, type):
-            if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.club:
+            if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.membership:
                 continue
 
-            if permission.club not in clubs:
+            membership = permission.membership
-                clubs[permission.club] = club = Club.objects.get(pk=permission.club)
+            club = membership.club
-            else:
-                club = clubs[permission.club]
-
-            if permission.membership not in memberships:
-                memberships[permission.membership] = membership = Membership.objects.get(pk=permission.membership)
-            else:
-                membership = memberships[permission.membership]
 
             permission = permission.about(
                 user=user,
@@ -113,7 +97,6 @@ class PermissionBackend(ModelBackend):
         :param field: The field of the model to test, if concerned
         :return: A query that corresponds to the filter to give to a queryset
         """
-
         if user is None or isinstance(user, AnonymousUser):
             # Anonymous users can't do anything
             return Q(pk=-1)
@@ -163,6 +146,7 @@ class PermissionBackend(ModelBackend):
         perm = perm.split('.')[-1].split('_', 2)
         perm_type = perm[0]
         perm_field = perm[2] if len(perm) == 3 else None
+
         ct = ContentType.objects.get_for_model(obj)
         if any(permission.applies(obj, perm_type, perm_field)
                for permission in PermissionBackend.permissions(user_obj, ct, perm_type)):

apps/permission/fixtures/initial.json

@@ -2094,8 +2094,6 @@
 				39,
 				40,
 				70,
-				108,
-				109,
 				14,
 				15,
 				16,
@@ -2103,7 +2101,15 @@
 				18,
 				78,
 				79,
-				83
+				83,
+				90,
+				93,
+				95,
+				97,
+				99,
+				101,
+				108,
+				109
 			]
 		}
 	},
@@ -2493,18 +2499,18 @@
 			"for_club": null,
 			"name": "Adhérent WEI",
 			"permissions": [
-				97,
-				99,
-				101,
-				108,
 				77,
-				109,
-				114,
 				84,
 				87,
 				90,
 				93,
-				95
+				95,
+				97,
+				99,
+				101,
+				108,
+				109,
+				114
 			]
 		}
 	},

apps/scripts

@@ -1 +0,0 @@
-Subproject commit fc29147c876c33d4cf41a86d46d736ff69d176ff

apps/wei/views.py

@@ -132,6 +132,7 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
         else:
             # Check if the user has the right to create a registration of a random first year member.
             empty_fy_registration = WEIRegistration(
+                wei=club,
                 user=random_user,
                 first_year=True,
                 birth_date="1970-01-01",
@@ -144,6 +145,7 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
 
             # Check if the user has the right to create a registration of a random old member.
             empty_old_registration = WEIRegistration(
+                wei=club,
                 user=User.objects.filter(~Q(wei__wei__in=[club])).first(),
                 first_year=False,
                 birth_date="1970-01-01",

note_kfet/settings/production.py

@@ -37,10 +37,11 @@ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
 EMAIL_USE_SSL = False
 EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.example.org')
 EMAIL_PORT = os.getenv('EMAIL_PORT', 465)
-EMAIL_HOST_USER = os.getenv('EMAIL_USER', 'change_me')
+EMAIL_HOST_USER = os.getenv('EMAIL_USER', None)
-EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD', 'change_me')
+EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD', None)
 
 SERVER_EMAIL = os.getenv("NOTE_MAIL", "notekfet@example.com")
+DEFAULT_FROM_EMAIL = "NoteKfet2020 <" + SERVER_EMAIL + ">"
 
 # Security settings
 SECURE_CONTENT_TYPE_NOSNIFF = False

templates/base.html

@@ -178,6 +178,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
             </div>
         {% endif %}
         {% block contenttitle %}<h1>{{ title }}</h1>{% endblock %}
+        <div class="alert alert-warning">
+            Attention : la Note Kfet 2020 est en phase de beta. Des fonctionnalités pourront être rajoutées d'ici à la version
+            finale, et des bugs peuvent survenir. Pour tout problème, merci d'envoyer un mail à l'adresse
+            <a href="mailto:&#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;">
+                &#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;</a>,
+            ou bien levez une issue sur le dépôt <a href="https://gitlab.crans.org/bde/nk20/-/issues">Gitlab</a>,
+            ou encore posez un commentaire sur le <a href="https://pad.crans.org/p/todoNK20">pad</a>.<br><br>
+
+            Certaines données ont été anonymisées afin de limiter les fuites de données, et peuvent ne pas correspondre avec vos données réelles.
+        </div>
         <div id="messages"></div>
         {% block content %}
             <p>Default content...</p>