ynerant
/
nk20
mirror of https://gitlab.crans.org/bde/nk20
1
0
Fork 0
Code Issues Releases Wiki Activity

Compare commits

base: ynerant:76a6260b1823fcd1ab24f632024b6a99a753fd54
Branches Tags
ynerant:main
ynerant:beta
ynerant:non-BDE-members-permission-fix
ynerant:survey_wei_2024
ynerant:migration-django-4-2
ynerant:food_traceability
ynerant:summary_notes
ynerant:traduction_inclusive_fr
ynerant:migration-django-5-0
ynerant:potvieux
ynerant:qrcode
ynerant:VSS
ynerant:update_permission
ynerant:fix_pipeline
ynerant:permission_var
ynerant:inclusive
ynerant:nix-shell
ynerant:sheets
ynerant:svg_icons
ynerant:faster_ci
ynerant:v1.0.3
ynerant:v1.0.2
ynerant:v1.0.1
ynerant:v1.0.0
..
compare: ynerant:09027ea35e887231f4edcd2a30806114eb4d9f45
Branches Tags
ynerant:main
ynerant:beta
ynerant:non-BDE-members-permission-fix
ynerant:survey_wei_2024
ynerant:migration-django-4-2
ynerant:food_traceability
ynerant:summary_notes
ynerant:traduction_inclusive_fr
ynerant:migration-django-5-0
ynerant:potvieux
ynerant:qrcode
ynerant:VSS
ynerant:update_permission
ynerant:fix_pipeline
ynerant:permission_var
ynerant:inclusive
ynerant:nix-shell
ynerant:sheets
ynerant:svg_icons
ynerant:faster_ci
ynerant:v1.0.3
ynerant:v1.0.2
ynerant:v1.0.1
ynerant:v1.0.0

No commits in common. "76a6260b1823fcd1ab24f632024b6a99a753fd54" and "09027ea35e887231f4edcd2a30806114eb4d9f45" have entirely different histories.
76a6260b18 ... 09027ea35e

8 changed files with 47 additions and 52 deletions
Show Stats Expand all files Collapse all files

3
apps/activity/views.py
View File

@ -38,9 +38,6 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
table_class = ActivityTable table_class = ActivityTable
ordering = ('-date_start',) ordering = ('-date_start',)
def get_queryset(self):
return super().get_queryset().distinct()
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)

2
apps/member/views.py
View File

@ -642,7 +642,7 @@ class ClubManageRolesView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
del form.fields['bank'] del form.fields['bank']
club = self.object.club club = self.object.club
form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=not isinstance(club, WEIClub)) form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=isinstance(club, WEIClub))
& (Q(for_club__isnull=True) | Q(for_club=club))).all() & (Q(for_club__isnull=True) | Q(for_club=club))).all()
return form return form

50
apps/permission/backends.py
View File

@ -36,20 +36,27 @@ class PermissionBackend(ModelBackend):
# Unauthenticated users have no permissions # Unauthenticated users have no permissions
return Permission.objects.none() return Permission.objects.none()
memberships = Membership.objects.filter(user=user).all() qs = Permission.objects.annotate(
club=F("role__membership__club"),
perms = [] membership=F("role__membership"),
).filter(
for membership in memberships: (
for role in membership.roles.all(): Q(
for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", 42)).all(): role__membership__date_start__lte=timezone.now().today(),
if not perm.permanent: role__membership__date_end__gte=timezone.now().today(),
if membership.date_start > timezone.now().date() or membership.date_end < timezone.now().date(): )
continue | Q(permanent=True)
perm.membership = membership )
perms.append(perm) & Q(role__membership__user=user)
return perms & Q(type=t)
& Q(mask__rank__lte=get_current_session().get("permission_mask", 0))
)
if settings.DATABASES[qs.db]["ENGINE"] == 'django.db.backends.postgresql_psycopg2':
qs = qs.distinct('pk', 'club')
else: # SQLite doesn't support distinct fields.
qs = qs.distinct()
return qs
@staticmethod @staticmethod
def permissions(user, model, type): def permissions(user, model, type):
@ -60,13 +67,22 @@ class PermissionBackend(ModelBackend):
:param type: The type of the permissions: view, change, add or delete :param type: The type of the permissions: view, change, add or delete
:return: A generator of the requested permissions :return: A generator of the requested permissions
""" """
clubs = {}
memberships = {}
for permission in PermissionBackend.get_raw_permissions(user, type): for permission in PermissionBackend.get_raw_permissions(user, type):
if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.membership: if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.club:
continue continue
membership = permission.membership if permission.club not in clubs:
club = membership.club clubs[permission.club] = club = Club.objects.get(pk=permission.club)
else:
club = clubs[permission.club]
if permission.membership not in memberships:
memberships[permission.membership] = membership = Membership.objects.get(pk=permission.membership)
else:
membership = memberships[permission.membership]
permission = permission.about( permission = permission.about(
user=user, user=user,
@ -97,6 +113,7 @@ class PermissionBackend(ModelBackend):
:param field: The field of the model to test, if concerned :param field: The field of the model to test, if concerned
:return: A query that corresponds to the filter to give to a queryset :return: A query that corresponds to the filter to give to a queryset
""" """
if user is None or isinstance(user, AnonymousUser): if user is None or isinstance(user, AnonymousUser):
# Anonymous users can't do anything # Anonymous users can't do anything
return Q(pk=-1) return Q(pk=-1)
@ -146,7 +163,6 @@ class PermissionBackend(ModelBackend):
perm = perm.split('.')[-1].split('_', 2) perm = perm.split('.')[-1].split('_', 2)
perm_type = perm[0] perm_type = perm[0]
perm_field = perm[2] if len(perm) == 3 else None perm_field = perm[2] if len(perm) == 3 else None
ct = ContentType.objects.get_for_model(obj) ct = ContentType.objects.get_for_model(obj)
if any(permission.applies(obj, perm_type, perm_field) if any(permission.applies(obj, perm_type, perm_field)
for permission in PermissionBackend.permissions(user_obj, ct, perm_type)): for permission in PermissionBackend.permissions(user_obj, ct, perm_type)):

26
apps/permission/fixtures/initial.json
View File

@ -2094,6 +2094,8 @@
39, 39,
40, 40,
70, 70,
108,
109,
14, 14,
15, 15,
16, 16,
@ -2101,15 +2103,7 @@
18, 18,
78, 78,
79, 79,
83, 83
90,
93,
95,
97,
99,
101,
108,
109
] ]
} }
}, },
@ -2499,18 +2493,18 @@
"for_club": null, "for_club": null,
"name": "Adhérent WEI", "name": "Adhérent WEI",
"permissions": [ "permissions": [
77,
84,
87,
90,
93,
95,
97, 97,
99, 99,
101, 101,
108, 108,
77,
109, 109,
114 114,
84,
87,
90,
93,
95
] ]
} }
}, },

1
apps/scripts Submodule

@ -0,0 +1 @@
Subproject commit fc29147c876c33d4cf41a86d46d736ff69d176ff

2
apps/wei/views.py
View File

@ -132,7 +132,6 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
else: else:
# Check if the user has the right to create a registration of a random first year member. # Check if the user has the right to create a registration of a random first year member.
empty_fy_registration = WEIRegistration( empty_fy_registration = WEIRegistration(
wei=club,
user=random_user, user=random_user,
first_year=True, first_year=True,
birth_date="1970-01-01", birth_date="1970-01-01",
@ -145,7 +144,6 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
# Check if the user has the right to create a registration of a random old member. # Check if the user has the right to create a registration of a random old member.
empty_old_registration = WEIRegistration( empty_old_registration = WEIRegistration(
wei=club,
user=User.objects.filter(~Q(wei__wei__in=[club])).first(), user=User.objects.filter(~Q(wei__wei__in=[club])).first(),
first_year=False, first_year=False,
birth_date="1970-01-01", birth_date="1970-01-01",

5
note_kfet/settings/production.py
View File

@ -37,11 +37,10 @@ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_USE_SSL = False EMAIL_USE_SSL = False
EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.example.org') EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.example.org')
EMAIL_PORT = os.getenv('EMAIL_PORT', 465) EMAIL_PORT = os.getenv('EMAIL_PORT', 465)
EMAIL_HOST_USER = os.getenv('EMAIL_USER', None) EMAIL_HOST_USER = os.getenv('EMAIL_USER', 'change_me')
EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD', None) EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD', 'change_me')
SERVER_EMAIL = os.getenv("NOTE_MAIL", "notekfet@example.com") SERVER_EMAIL = os.getenv("NOTE_MAIL", "notekfet@example.com")
DEFAULT_FROM_EMAIL = "NoteKfet2020 <" + SERVER_EMAIL + ">"
# Security settings # Security settings
SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_CONTENT_TYPE_NOSNIFF = False

10
templates/base.html
View File

@ -178,16 +178,6 @@ SPDX-License-Identifier: GPL-3.0-or-later
</div> </div>
{% endif %} {% endif %}
{% block contenttitle %}<h1>{{ title }}</h1>{% endblock %} {% block contenttitle %}<h1>{{ title }}</h1>{% endblock %}
<div class="alert alert-warning">
Attention : la Note Kfet 2020 est en phase de beta. Des fonctionnalités pourront être rajoutées d'ici à la version
finale, et des bugs peuvent survenir. Pour tout problème, merci d'envoyer un mail à l'adresse
<a href="mailto:&#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;">
&#110;&#111;&#116;&#101;&#107;&#102;&#101;&#116;&#50;&#48;&#50;&#48;&commat;&#108;&#105;&#115;&#116;&#115;&period;&#99;&#114;&#97;&#110;&#115;&period;&#111;&#114;&#103;</a>,
ou bien levez une issue sur le dépôt <a href="https://gitlab.crans.org/bde/nk20/-/issues">Gitlab</a>,
ou encore posez un commentaire sur le <a href="https://pad.crans.org/p/todoNK20">pad</a>.<br><br>
Certaines données ont été anonymisées afin de limiter les fuites de données, et peuvent ne pas correspondre avec vos données réelles.
</div>
<div id="messages"></div> <div id="messages"></div>
{% block content %} {% block content %}
<p>Default content...</p> <p>Default content...</p>