ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-11-08 15:59:50 +01:00
Code Issues Releases Wiki Activity

Compare commits

base: ynerant:oauth2
Branches Tags
ynerant:main ynerant:oauth2 ynerant:note_sheet ynerant:small_features ynerant:translations ynerant:update_invoice_template ynerant:round_transaction ynerant:wei ynerant:family ynerant:phone_input ynerant:food_traceability ynerant:beta ynerant:django-5.2 ynerant:oidc ynerant:darbonne ynerant:potvieux ynerant:food_bugs ynerant:delete_activity ynerant:time-display ynerant:guests_schools ynerant:export_members_ml ynerant:notekfet_wrapped ynerant:Add_some_permissions ynerant:permissions_fo_parent_clubs ynerant:respo_comm_permissionsV2 ynerant:fix_activity_view ynerant:Automation_mailing_lists ynerant:New_permission ynerant:finito_sda ynerant:non-BDE-members-permission-fix ynerant:survey_wei_2024 ynerant:migration-django-4-2 ynerant:summary_notes ynerant:traduction_inclusive_fr ynerant:migration-django-5-0 ynerant:qrcode ynerant:VSS ynerant:update_permission ynerant:fix_pipeline ynerant:permission_var ynerant:inclusive ynerant:nix-shell ynerant:sheets ynerant:svg_icons ynerant:faster_ci
ynerant:v1.0.3 ynerant:v1.0.2 ynerant:v1.0.1 ynerant:v1.0.0
..
compare: ynerant:small_features
Branches Tags
ynerant:oauth2 ynerant:note_sheet ynerant:main ynerant:small_features ynerant:translations ynerant:update_invoice_template ynerant:round_transaction ynerant:wei ynerant:family ynerant:phone_input ynerant:food_traceability ynerant:beta ynerant:django-5.2 ynerant:oidc ynerant:darbonne ynerant:potvieux ynerant:food_bugs ynerant:delete_activity ynerant:time-display ynerant:guests_schools ynerant:export_members_ml ynerant:notekfet_wrapped ynerant:Add_some_permissions ynerant:permissions_fo_parent_clubs ynerant:respo_comm_permissionsV2 ynerant:fix_activity_view ynerant:Automation_mailing_lists ynerant:New_permission ynerant:finito_sda ynerant:non-BDE-members-permission-fix ynerant:survey_wei_2024 ynerant:migration-django-4-2 ynerant:summary_notes ynerant:traduction_inclusive_fr ynerant:migration-django-5-0 ynerant:qrcode ynerant:VSS ynerant:update_permission ynerant:fix_pipeline ynerant:permission_var ynerant:inclusive ynerant:nix-shell ynerant:sheets ynerant:svg_icons ynerant:faster_ci
ynerant:v1.0.3 ynerant:v1.0.2 ynerant:v1.0.1 ynerant:v1.0.0

5 Commits
oauth2 ... small_feat

Author SHA1 Message Date
Ehouarn
516986f200 Correct phone number on invoices 2025-11-01 00:17:55 +01:00
Ehouarn
206a967827 Permissions fixed 2025-10-31 21:53:35 +01:00
Ehouarn
69aedccbae Get rid of activity and guests duplicates 2025-10-19 23:58:41 +02:00
Ehouarn
75a59e0a7a Incorrect wei test due to new SogeCredit logic 2025-10-17 19:14:17 +02:00
Ehouarn
af39bf7068 Second step for SogeCredit validity 2025-10-17 17:55:43 +02:00
13 changed files with 56 additions and 311 deletions
Expand all files Collapse all files

8
apps/activity/views.py
View File

@@ -152,9 +152,11 @@ class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, MultiTableMix
def get_tables_data(self): def get_tables_data(self):
return [ return [
Guest.objects.filter(activity=self.object) Guest.objects.filter(activity=self.object)
.filter(PermissionBackend.filter_queryset(self.request, Guest, "view")), .filter(PermissionBackend.filter_queryset(self.request, Guest, "view"))
.distinct(),
self.object.opener.filter(activity=self.object) self.object.opener.filter(activity=self.object)
.filter(PermissionBackend.filter_queryset(self.request, Opener, "view")), .filter(PermissionBackend.filter_queryset(self.request, Opener, "view"))
.distinct(),
] ]
def render_to_response(self, context, **response_kwargs): def render_to_response(self, context, **response_kwargs):
@@ -309,7 +311,7 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
@transaction.atomic @transaction.atomic
def form_valid(self, form): def form_valid(self, form):
form.instance.activity = Activity.objects\ form.instance.activity = Activity.objects\
.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")).get(pk=self.kwargs["pk"]) .filter(PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().get(pk=self.kwargs["pk"])
return super().form_valid(form) return super().form_valid(form)
def get_success_url(self, **kwargs): def get_success_url(self, **kwargs):

14
apps/permission/backends.py
View File

@@ -21,30 +21,28 @@ class PermissionBackend(ModelBackend):
Manage permissions of users Manage permissions of users
""" """
supports_object_permissions = True supports_object_permissions = True
supports_anonymous_user = True supports_anonymous_user = False
supports_inactive_user = False supports_inactive_user = False
@staticmethod @staticmethod
@memoize @memoize
def get_raw_permissions(request, t): # noqa: C901 def get_raw_permissions(request, t):
""" """
Query permissions of a certain type for a user, then memoize it. Query permissions of a certain type for a user, then memoize it.
:param request: The current request :param request: The current request
:param t: The type of the permissions: view, change, add or delete :param t: The type of the permissions: view, change, add or delete
:return: The queryset of the permissions of the user (memoized) grouped by clubs :return: The queryset of the permissions of the user (memoized) grouped by clubs
""" """
if hasattr(request, 'oauth2') and request.oauth2 is not None and 'scope' in request.oauth2: if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
# OAuth2 Authentication # OAuth2 Authentication
user = request.oauth2['user'] user = request.auth.user
def permission_filter(membership_obj): def permission_filter(membership_obj):
query = Q(pk=-1) query = Q(pk=-1)
for scope in request.oauth2['scope']: for scope in request.auth.scope.split(' '):
if scope == "openid":
continue
permission_id, club_id = scope.split('_') permission_id, club_id = scope.split('_')
if int(club_id) == membership_obj.club_id: if int(club_id) == membership_obj.club_id:
query |= Q(pk=permission_id, mask__rank__lte=request.oauth2['mask']) query |= Q(pk=permission_id)
return query return query
else: else:
user = request.user user = request.user

30
apps/permission/fixtures/initial.json
View File

@@ -927,7 +927,7 @@
"note", "note",
"transactiontemplate" "transactiontemplate"
], ],
"query": "{\"destination\": [\"club\", \"note\"]}", "query": "[\"AND\", {\"destination\": [\"club\", \"note\"]}, {\"category__name\": \"Clubs\"}]",
"type": "view", "type": "view",
"mask": 2, "mask": 2,
"field": "", "field": "",
@@ -943,7 +943,7 @@
"note", "note",
"transactiontemplate" "transactiontemplate"
], ],
"query": "{\"destination\": [\"club\", \"note\"]}", "query": "[\"AND\", {\"destination\": [\"club\", \"note\"]}, {\"category__name\": \"Clubs\"}]",
"type": "add", "type": "add",
"mask": 3, "mask": 3,
"field": "", "field": "",
@@ -959,7 +959,7 @@
"note", "note",
"transactiontemplate" "transactiontemplate"
], ],
"query": "{\"destination\": [\"club\", \"note\"]}", "query": "[\"AND\", {\"destination\": [\"club\", \"note\"]}, {\"category__name\": \"Clubs\"}]",
"type": "change", "type": "change",
"mask": 3, "mask": 3,
"field": "", "field": "",
@@ -3486,6 +3486,22 @@
"description": "Voir la bouffe servie" "description": "Voir la bouffe servie"
} }
}, },
{
"model": "permission.permission",
"pk": 223,
"fields": {
"model": [
"note",
"templatecategory"
],
"query": "{\"name\": \"Clubs\"}",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir la catégorie de bouton Clubs"
}
},
{ {
"model": "permission.permission", "model": "permission.permission",
"pk": 239, "pk": 239,
@@ -4896,7 +4912,6 @@
19, 19,
20, 20,
21, 21,
27,
59, 59,
60, 60,
61, 61,
@@ -4907,6 +4922,7 @@
182, 182,
184, 184,
185, 185,
223,
239, 239,
240, 240,
241 241
@@ -5271,6 +5287,12 @@
176, 176,
177, 177,
197, 197,
211,
212,
213,
214,
215,
216,
311, 311,
319 319
] ]

86
apps/permission/scopes.py
View File

@@ -10,8 +10,6 @@ from note_kfet.middlewares import get_current_request
from .backends import PermissionBackend from .backends import PermissionBackend
from .models import Permission from .models import Permission
from django.utils.translation import gettext_lazy as _
class PermissionScopes(BaseScopes): class PermissionScopes(BaseScopes):
""" """
@@ -25,9 +23,7 @@ class PermissionScopes(BaseScopes):
if 'scopes' in kwargs: if 'scopes' in kwargs:
for scope in kwargs['scopes']: for scope in kwargs['scopes']:
if scope == 'openid': if scope == 'openid':
scopes['openid'] = _("OpenID Connect (username and email)") scopes['openid'] = "OpenID Connect"
elif scope == '0_0':
scopes['0_0'] = _("Useless scope which do nothing")
else: else:
p = Permission.objects.get(id=scope.split('_')[0]) p = Permission.objects.get(id=scope.split('_')[0])
club = Club.objects.get(id=scope.split('_')[1]) club = Club.objects.get(id=scope.split('_')[1])
@@ -36,8 +32,7 @@ class PermissionScopes(BaseScopes):
scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})" scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
for p in Permission.objects.all() for club in Club.objects.all()} for p in Permission.objects.all() for club in Club.objects.all()}
scopes['openid'] = _("OpenID Connect (username and email)") scopes['openid'] = "OpenID Connect"
scopes['0_0'] = _("Useless scope which do nothing")
return scopes return scopes
def get_available_scopes(self, application=None, request=None, *args, **kwargs): def get_available_scopes(self, application=None, request=None, *args, **kwargs):
@@ -46,7 +41,7 @@ class PermissionScopes(BaseScopes):
scopes = [f"{p.id}_{p.membership.club.id}" scopes = [f"{p.id}_{p.membership.club.id}"
for t in Permission.PERMISSION_TYPES for t in Permission.PERMISSION_TYPES
for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])] for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
scopes.append('0_0') # always available scopes.append('openid')
return scopes return scopes
def get_default_scopes(self, application=None, request=None, *args, **kwargs): def get_default_scopes(self, application=None, request=None, *args, **kwargs):
@@ -54,7 +49,7 @@ class PermissionScopes(BaseScopes):
return [] return []
scopes = [f"{p.id}_{p.membership.club.id}" scopes = [f"{p.id}_{p.membership.club.id}"
for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')] for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
scopes.append('0_0') scopes.append('openid')
return scopes return scopes
@@ -76,70 +71,6 @@ class PermissionOAuth2Validator(OAuth2Validator):
claims = super().get_discovery_claims(self) claims = super().get_discovery_claims(self)
return claims + ["name", "normalized_name", "email"] return claims + ["name", "normalized_name", "email"]
def validate_client_credentials_scopes(self, client_id, scopes, client, request, *args, **kwargs):
"""
For client credentials valid scopes are scope of the app owner
"""
valid_scopes = set()
request.oauth2 = {}
request.oauth2['user'] = client.user
request.oauth2['user'].is_anomymous = False
request.oauth2['scope'] = scopes
# mask implementation
if hasattr(request.decoded_body, 'mask'):
try:
request.oauth2['mask'] = int(request.decoded_body['mask'])
except ValueError:
request.oauth2['mask'] = 42
else:
request.oauth2['mask'] = 42
for t in Permission.PERMISSION_TYPES:
for p in PermissionBackend.get_raw_permissions(request, t[0]):
scope = f"{p.id}_{p.membership.club.id}"
if scope in scopes:
valid_scopes.add(scope)
# Always give one scope to generate token
if not valid_scopes:
valid_scopes.add('0_0')
request.scopes = valid_scopes
return valid_scopes
def validate_ropb_scopes(self, client_id, scopes, client, request, *args, **kwargs):
"""
For ROPB valid scopes are scope of the user
"""
valid_scopes = set()
request.oauth2 = {}
request.oauth2['user'] = request.user
request.oauth2['user'].is_anomymous = False
request.oauth2['scope'] = scopes
# mask implementation
if hasattr(request.decoded_body, 'mask'):
try:
request.oauth2['mask'] = int(request.decoded_body['mask'])
except ValueError:
request.oauth2['mask'] = 42
else:
request.oauth2['mask'] = 42
for t in Permission.PERMISSION_TYPES:
for p in PermissionBackend.get_raw_permissions(request, t[0]):
scope = f"{p.id}_{p.membership.club.id}"
if scope in scopes:
valid_scopes.add(scope)
# Always give one scope to generate token
if not valid_scopes:
valid_scopes.add('0_0')
request.scopes = valid_scopes
return valid_scopes
def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs): def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
""" """
User can request as many scope as he wants, including invalid scopes, User can request as many scope as he wants, including invalid scopes,
@@ -150,11 +81,6 @@ class PermissionOAuth2Validator(OAuth2Validator):
""" """
valid_scopes = set() valid_scopes = set()
if hasattr(request, 'grant_type') and request.grant_type == 'client_credentials':
return self.validate_client_credentials_scopes(client_id, scopes, client, request, args, kwargs)
if hasattr(request, 'grant_type') and request.grant_type == 'password':
return self.validate_ropb_scopes(client_id, scopes, client, request, args, kwargs)
for t in Permission.PERMISSION_TYPES: for t in Permission.PERMISSION_TYPES:
for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0]): for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0]):
@@ -162,8 +88,8 @@ class PermissionOAuth2Validator(OAuth2Validator):
if scope in scopes: if scope in scopes:
valid_scopes.add(scope) valid_scopes.add(scope)
if '0_0' in scopes: if 'openid' in scopes:
valid_scopes.add('0_0') valid_scopes.add('openid')
request.scopes = valid_scopes request.scopes = valid_scopes
return valid_scopes return valid_scopes

38
apps/permission/tests/test_oauth2_access.py → apps/permission/tests/test_oauth2.py
View File

@@ -21,7 +21,6 @@ class OAuth2TestCase(TestCase):
def setUp(self): def setUp(self):
self.user = User.objects.create( self.user = User.objects.create(
username="toto", username="toto",
password="toto1234",
) )
self.application = Application.objects.create( self.application = Application.objects.create(
name="Test", name="Test",
@@ -93,40 +92,3 @@ class OAuth2TestCase(TestCase):
self.assertEqual(resp.status_code, 200) self.assertEqual(resp.status_code, 200)
self.assertIn(self.application, resp.context['scopes']) self.assertIn(self.application, resp.context['scopes'])
self.assertIn('1_1', resp.context['scopes'][self.application]) # Now the user has this permission self.assertIn('1_1', resp.context['scopes'][self.application]) # Now the user has this permission
def test_oidc(self):
"""
Ensure OIDC work
"""
# Create access token that has access to our own user detail
token = AccessToken.objects.create(
user=self.user,
application=self.application,
scope="openid",
token=get_random_string(64),
expires=timezone.now() + timedelta(days=365),
)
# No access without token
resp = self.client.get('/o/userinfo/') # userinfo endpoint
self.assertEqual(resp.status_code, 401)
# Valid token
resp = self.client.get('/o/userinfo/', **{'Authorization': f'Bearer {token.token}'})
self.assertEqual(resp.status_code, 200)
# Create membership to test api
NoteUser.objects.create(user=self.user)
membership = Membership.objects.create(user=self.user, club_id=1)
membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
membership.save()
# Token can always be use to see yourself
resp = self.client.get('/api/me/',
**{'Authorization': f'Bearer {token.token}'})
# Token is not granted to see other api
resp = self.client.get(f'/api/members/profile/{self.user.profile.pk}/',
**{'Authorization': f'Bearer {token.token}'})
self.assertEqual(resp.status_code, 404)

167
apps/permission/tests/test_oauth2_flow.py
View File

@@ -1,167 +0,0 @@
# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later
import base64
from django.contrib.auth.hashers import PBKDF2PasswordHasher
from django.contrib.auth.models import User
from django.test import TestCase
from member.models import Membership, Club
from note.models import NoteUser
from oauth2_provider.models import Application, AccessToken
from ..models import Role, Permission
class OAuth2FlowTestCase(TestCase):
fixtures = ('initial', )
def setUp(self):
self.user_password = "toto1234"
hasher = PBKDF2PasswordHasher()
self.user = User.objects.create(
username="toto",
password=hasher.encode(self.user_password, hasher.salt()),
)
NoteUser.objects.create(user=self.user)
membership = Membership.objects.create(user=self.user, club_id=1)
membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
membership.save()
bde = Club.objects.get(name="BDE")
view_user_perm = Permission.objects.get(pk=1) # View own user detail
self.base_scope = f'{view_user_perm.pk}_{bde.pk}'
def test_oauth2_authorization_code_flow(self):
"""
Ensure OAuth2 Authorization Code Flow work
"""
pass
def test_oauth2_implicit_flow(self):
"""
Ensure OAuth2 Implicit Flow work
"""
pass
def test_oauth2_resource_owner_password_credentials_flow(self):
"""
Ensure OAuth2 Resource Owner Password Credentials Flow work
"""
app = Application.objects.create(
name="Test ROPB",
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_PASSWORD,
user=self.user,
hash_client_secret=False,
algorithm=Application.NO_ALGORITHM,
)
credential = base64.b64encode(f'{app.client_id}:{app.client_secret}'.encode('utf-8')).decode()
# No token without real password
resp = self.client.post('/o/token/',
data={"grant_type": "password",
"username": self.user,
"password": "password"},
**{"Content-Type": 'application/x-www-form-urlencoded',
"Http_Authorization": f'Basic {credential}'}
)
self.assertEqual(resp.status_code, 400)
resp = self.client.post('/o/token/',
data={"grant_type": "password",
"username": self.user,
"password": self.user_password},
**{"Content-Type": 'application/x-www-form-urlencoded',
"HTTP_Authorization": f'Basic {credential}'}
)
self.assertEqual(resp.status_code, 200)
access_token = AccessToken.objects.get(token=resp.json()['access_token'])
self.assertEqual('refresh_token' in resp.json(), True)
self.assertEqual(access_token.scope, '0_0') # token do nothing
# RFC6749 4.3.2 allows use of scope in ROPB token access request
resp = self.client.post('/o/token/',
data={"grant_type": "password",
#"client_id": app.client_id,
"username": self.user,
"password": self.user_password,
"scope": self.base_scope},
**{"Content-Type": 'application/x-www-form-urlencoded',
"HTTP_Authorization": f'Basic {credential}'}
)
token = AccessToken.objects.get(token=resp.json()['access_token'])
self.assertEqual(token.scope, self.base_scope) # token do nothing more than base_scope
def test_oauth2_client_credentials(self):
"""
Ensure OAuth2 Client Credentials work
"""
app = Application.objects.create(
name="Test client_credentials",
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_CLIENT_CREDENTIALS,
user=self.user,
hash_client_secret=False,
algorithm=Application.NO_ALGORITHM,
)
# No token without credential
resp = self.client.post('/o/token/',
data={"grant_type": "client_credentials"},
**{"Content-Type": 'application/x-www-form-urlencoded'}
)
self.assertEqual(resp.status_code, 401)
# Access with credential
credential = base64.b64encode(f'{app.client_id}:{app.client_secret}'.encode('utf-8')).decode()
resp = self.client.post('/o/token/',
data={"grant_type": "client_credentials"},
**{'HTTP_Authorization': f'Basic {credential}',
"Content-Type": 'application/x-www-form-urlencoded'}
)
self.assertEqual(resp.status_code, 200)
token = AccessToken.objects.get(token=resp.json()['access_token'])
# Token do nothing, it should be have the useless scope
self.assertEqual(token.scope, '0_0')
# RFC6749 4.4.2 allows use of scope in client credential flow
resp = self.client.post('/o/token/',
data={"grant_type": "client_credentials",
"scope": self.base_scope},
**{'http_Authorization': f'Basic {credential}',
"Content-Type": 'application/x-www-form-urlencoded'}
)
self.assertEqual(resp.status_code, 200)
token = AccessToken.objects.get(token=resp.json()['access_token'])
# Token can have access, it shouldn't have the useless scope
self.assertEqual(token.scope, self.base_scope)
def test_oidc_flow(self):
"""
Ensure OIDC Flow work
"""
pass

13
apps/treasury/models.py
View File

@@ -338,13 +338,13 @@ class SogeCredit(models.Model):
last_name=self.user.last_name, last_name=self.user.last_name,
first_name=self.user.first_name, first_name=self.user.first_name,
bank="Société générale", bank="Société générale",
valid=False, valid=True,
) )
credit_transaction._force_save = True credit_transaction._force_save = True
credit_transaction.save() credit_transaction.save()
credit_transaction.refresh_from_db() credit_transaction.refresh_from_db()
self.credit_transaction = credit_transaction self.credit_transaction = credit_transaction
elif not self.valid_legacy: elif not self.valid:
self.credit_transaction.amount = self.amount self.credit_transaction.amount = self.amount
self.credit_transaction._force_save = True self.credit_transaction._force_save = True
self.credit_transaction.save() self.credit_transaction.save()
@@ -371,7 +371,7 @@ class SogeCredit(models.Model):
The Sogé credit may be created after the user already paid its memberships. The Sogé credit may be created after the user already paid its memberships.
We query transactions and update the credit, if it is unvalid. We query transactions and update the credit, if it is unvalid.
""" """
if self.valid_legacy or not self.pk: if self.valid or not self.pk:
return return
# Soge do not pay BDE and kfet memberships since 2022 # Soge do not pay BDE and kfet memberships since 2022
@@ -403,7 +403,7 @@ class SogeCredit(models.Model):
self.transactions.add(m.transaction) self.transactions.add(m.transaction)
for tr in self.transactions.all(): for tr in self.transactions.all():
tr.valid = False tr.valid = True
tr.save() tr.save()
def invalidate(self): def invalidate(self):
@@ -411,7 +411,7 @@ class SogeCredit(models.Model):
Invalidating a Société générale delete the transaction of the bank if it was already created. Invalidating a Société générale delete the transaction of the bank if it was already created.
Treasurers must know what they do, With Great Power Comes Great Responsibility... Treasurers must know what they do, With Great Power Comes Great Responsibility...
""" """
if self.valid_legacy: if self.valid:
self.credit_transaction.valid = False self.credit_transaction.valid = False
self.credit_transaction.save() self.credit_transaction.save()
for tr in self.transactions.all(): for tr in self.transactions.all():
@@ -420,7 +420,7 @@ class SogeCredit(models.Model):
tr.save() tr.save()
def validate(self, force=False): def validate(self, force=False):
if self.valid_legacy and not force: if self.valid and not force:
# The credit is already done # The credit is already done
return return
@@ -428,6 +428,7 @@ class SogeCredit(models.Model):
self.invalidate() self.invalidate()
# Refresh credit amount # Refresh credit amount
self.save() self.save()
self.valid = True
self.credit_transaction.valid = True self.credit_transaction.valid = True
self.credit_transaction._force_save = True self.credit_transaction._force_save = True
self.credit_transaction.save() self.credit_transaction.save()

BIN
apps/treasury/static/img/Diolistos_bg.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 104 KiB

After

Width:  |  Height:  |  Size: 284 KiB

1
apps/treasury/tables.py
View File

@@ -56,6 +56,7 @@ class InvoiceTable(tables.Table):
model = Invoice model = Invoice
template_name = 'django_tables2/bootstrap4.html' template_name = 'django_tables2/bootstrap4.html'
fields = ('id', 'name', 'object', 'acquitted', 'invoice',) fields = ('id', 'name', 'object', 'acquitted', 'invoice',)
order_by = ('-id',)
class RemittanceTable(tables.Table): class RemittanceTable(tables.Table):

2
apps/treasury/templates/treasury/invoice_sample.tex
View File

@@ -108,7 +108,7 @@
\renewcommand{\headrulewidth}{0pt} \renewcommand{\headrulewidth}{0pt}
\cfoot{ \cfoot{
\small{\MonNom ~--~ \MonAdresseRue ~ \MonAdresseVille ~--~ Téléphone : +33(0)7 78 17 22 34\newline \small{\MonNom ~--~ \MonAdresseRue ~ \MonAdresseVille ~--~ Téléphone : +33(0)6 83 55 03 18 \newline
E-mail : tresorerie.bde@lists.crans.org ~--~ Numéro SIRET : 399 485 838 00029 E-mail : tresorerie.bde@lists.crans.org ~--~ Numéro SIRET : 399 485 838 00029
} }
} }

2
apps/treasury/tests/test_treasury.py
View File

@@ -359,7 +359,7 @@ class TestSogeCredits(TestCase):
)) ))
self.assertRedirects(response, reverse("treasury:manage_soge_credit", args=(soge_credit.pk,)), 302, 200) self.assertRedirects(response, reverse("treasury:manage_soge_credit", args=(soge_credit.pk,)), 302, 200)
soge_credit.refresh_from_db() soge_credit.refresh_from_db()
self.assertTrue(soge_credit.valid_legacy) self.assertTrue(soge_credit.valid)
self.user.note.refresh_from_db() self.user.note.refresh_from_db()
self.assertEqual( self.assertEqual(
Transaction.objects.filter(Q(source=self.user.note) | Q(destination=self.user.note)).count(), 3) Transaction.objects.filter(Q(source=self.user.note) | Q(destination=self.user.note)).count(), 3)

2
apps/treasury/views.py
View File

@@ -417,7 +417,7 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
) )
if "valid" not in self.request.GET or not self.request.GET["valid"]: if "valid" not in self.request.GET or not self.request.GET["valid"]:
qs = qs.filter(credit_transaction__valid=False) qs = qs.filter(valid=False)
return qs return qs

2
apps/wei/tests/test_wei_registration.py
View File

@@ -680,7 +680,7 @@ class TestWEIRegistration(TestCase):
self.assertTrue(soge_credit.exists()) self.assertTrue(soge_credit.exists())
soge_credit = soge_credit.get() soge_credit = soge_credit.get()
self.assertTrue(membership.transaction in soge_credit.transactions.all()) self.assertTrue(membership.transaction in soge_credit.transactions.all())
self.assertFalse(membership.transaction.valid) self.assertTrue(membership.transaction.valid)
# Check that if the WEI is started, we can't update a wei # Check that if the WEI is started, we can't update a wei
self.wei.date_start = date(2000, 1, 1) self.wei.date_start = date(2000, 1, 1)