Club managers can register new members to a club, even if they don't have the right to create a transaction

apps/member/forms.py

@@ -77,8 +77,6 @@ class ClubForm(forms.ModelForm):
 
 
 class MembershipForm(forms.ModelForm):
-    roles = forms.ModelMultipleChoiceField(queryset=Role.objects.filter(weirole=None).all())
-
     soge = forms.BooleanField(
         label=_("Inscription paid by Société Générale"),
         required=False,
@@ -117,7 +115,7 @@ class MembershipForm(forms.ModelForm):
 
     class Meta:
         model = Membership
-        fields = ('user', 'roles', 'date_start')
+        fields = ('user', 'date_start')
         # Le champ d'utilisateur est remplacé par un champ d'auto-complétion.
         # Quand des lettres sont tapées, une requête est envoyée sur l'API d'auto-complétion
         # et récupère les noms d'utilisateur valides
@@ -133,3 +131,27 @@ class MembershipForm(forms.ModelForm):
                 ),
             'date_start': DatePickerInput(),
         }
+
+class MembershipRolesForm(forms.ModelForm):
+    user = forms.ModelChoiceField(
+        queryset=User.objects,
+        label=_("User"),
+        disabled=True,
+        widget=Autocomplete(
+                    User,
+                    attrs={
+                        'api_url': '/api/user/',
+                        'name_field': 'username',
+                        'placeholder': 'Nom ...',
+                    },
+                ),
+    )
+
+    roles = forms.ModelMultipleChoiceField(
+        queryset=Role.objects.filter(weirole=None).all(),
+        label=_("Roles"),
+    )
+
+    class Meta:
+        model = Membership
+        fields = ('user', 'roles')

apps/member/views.py

@@ -27,7 +27,7 @@ from permission.backends import PermissionBackend
 from permission.models import Role
 from permission.views import ProtectQuerysetMixin
 
-from .forms import ProfileForm, ClubForm, MembershipForm, CustomAuthenticationForm, UserForm
+from .forms import ProfileForm, ClubForm, MembershipForm, CustomAuthenticationForm, UserForm, MembershipRolesForm
 from .models import Club, Membership
 from .tables import ClubTable, UserTable, MembershipTable
 
@@ -435,9 +435,6 @@ class ClubAddMemberView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
             club = Club.objects.filter(PermissionBackend.filter_queryset(self.request.user, Club, "view"))\
                 .get(pk=self.kwargs["club_pk"], weiclub=None)
             form.fields['credit_amount'].initial = club.membership_fee_paid
-            form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=not hasattr(club, 'weiclub'))
-                                                                & (Q(for_club__isnull=True) | Q(for_club=club))).all()
-            form.fields['roles'].initial = Role.objects.filter(name="Membre de club").all()
 
             # If the concerned club is the BDE, then we add the option that Société générale pays the membership.
             if club.name != "BDE":
@@ -456,9 +453,6 @@ class ClubAddMemberView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
             user = old_membership.user
             form.fields['user'].initial = user
             form.fields['user'].disabled = True
-            form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=not hasattr(club, 'weiclub'))
-                                                                & (Q(for_club__isnull=True) | Q(for_club=club))).all()
-            form.fields['roles'].initial = old_membership.roles.all()
             form.fields['date_start'].initial = old_membership.date_end + timedelta(days=1)
             form.fields['credit_amount'].initial = club.membership_fee_paid if user.profile.paid \
                 else club.membership_fee_unpaid
@@ -574,7 +568,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
                     form.add_error('bank', _("This field is required."))
                 return self.form_invalid(form)
 
-            SpecialTransaction.objects.create(
+            transaction = SpecialTransaction(
                 source=credit_type,
                 destination=user.note,
                 quantity=1,
@@ -585,9 +579,16 @@ class ClubAddMemberView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
                 bank=bank,
                 valid=True,
             )
+            transaction._force_save = True
+            transaction.save()
 
         ret = super().form_valid(form)
 
+        member_role = Role.objects.filter(name="Membre de club").all()
+        form.instance.roles.set(member_role)
+        form.instance._force_save = True
+        form.instance.save()
+
         # If Société générale pays, then we assume that this is the BDE membership, and we auto-renew the
         # Kfet membership.
         if soge:
@@ -609,6 +610,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, LoginRequiredMixin, CreateView):
                 date_start=old_membership.get().date_end + timedelta(days=1)
                 if old_membership.exists() else form.instance.date_start,
             )
+            membership._force_save = True
             membership._soge = True
             membership.save()
             membership.refresh_from_db()
@@ -629,7 +631,7 @@ class ClubManageRolesView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
     Manage the roles of a user in a club
     """
     model = Membership
-    form_class = MembershipForm
+    form_class = MembershipRolesForm
     template_name = 'member/add_members.html'
     extra_context = {"title": _("Manage roles of an user in the club")}
 
@@ -641,14 +643,6 @@ class ClubManageRolesView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
 
     def get_form(self, form_class=None):
         form = super().get_form(form_class)
-        # We don't create a full membership, we only update one field
-        form.fields['user'].disabled = True
-        del form.fields['date_start']
-        del form.fields['credit_type']
-        del form.fields['credit_amount']
-        del form.fields['last_name']
-        del form.fields['first_name']
-        del form.fields['bank']
 
         club = self.object.club
         form.fields['roles'].queryset = Role.objects.filter(Q(weirole__isnull=not hasattr(club, 'weiclub'))

apps/permission/fixtures/initial.json

@@ -2372,6 +2372,7 @@
 				22,
 				47,
 				49,
+				50,
 				140
 			]
 		}