mirror of
				https://gitlab.crans.org/bde/nk20
				synced 2025-10-23 05:18:25 +02:00 
			
		
		
		
	Compare commits
	
		
			28 Commits
		
	
	
		
			oidc
			...
			763535bea4
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 763535bea4 | ||
|  | 16b55e23af | ||
|  | 97621e8704 | ||
|  | cf4c23d1ac | ||
|  | ff812a028c | ||
|  | 5a8acbde00 | ||
|  | f60dc8cfa0 | ||
|  | 067dd6f9d1 | ||
|  | 7b1e32e514 | ||
|  | e88dbfd597 | ||
|  | 3d34270959 | ||
|  | 3bb99671ec | ||
|  | 0d69383dfd | ||
|  | 7b9ff119e8 | ||
|  | 108a56745c | ||
|  | 9643d7652b | ||
|  | fadb289ed7 | ||
|  | 905fc6e7cc | ||
|  | cdd81c1444 | ||
|  | 4afafceba1 | ||
|  | 3065eacc96 | ||
|  | 71ef3aedd8 | ||
|  | 0cf11c6348 | ||
|  | 70abd0f490 | ||
|  | 03932672f3 | ||
|  | d58a299a8b | ||
|  | c4404ef995 | ||
|  | f0e9a7d3dc | 
| @@ -21,6 +21,3 @@ EMAIL_PASSWORD=CHANGE_ME | ||||
| # Wiki configuration | ||||
| WIKI_USER=NoteKfet2020 | ||||
| WIKI_PASSWORD= | ||||
|  | ||||
| # OIDC | ||||
| OIDC_RSA_PRIVATE_KEY=CHANGE_ME | ||||
|   | ||||
| @@ -61,8 +61,8 @@ Bien que cela permette de créer une instance sur toutes les distributions, | ||||
| 6. (Optionnel) **Création d'une clé privée OpenID Connect** | ||||
|  | ||||
| Pour activer le support d'OpenID Connect, il faut générer une clé privée, par | ||||
| exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et copier la clé dans .env dans le champ | ||||
| `OIDC_RSA_PRIVATE_KEY`. | ||||
| exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son | ||||
| emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`). | ||||
|  | ||||
| 7.  Enjoy : | ||||
|  | ||||
| @@ -237,8 +237,8 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous. | ||||
| 7. **Création d'une clé privée OpenID Connect** | ||||
|  | ||||
| Pour activer le support d'OpenID Connect, il faut générer une clé privée, par | ||||
| exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner le champ | ||||
| `OIDC_RSA_PRIVATE_KEY` dans le .env (par défaut `/var/secrets/oidc.key`). | ||||
| exemple avec openssl (`openssl genrsa -out oidc.key 4096`), et renseigner son | ||||
| emplacement dans `OIDC_RSA_PRIVATE_KEY` (par défaut `/var/secrets/oidc.key`). | ||||
|  | ||||
| 8.  *Enjoy \o/* | ||||
|  | ||||
|   | ||||
							
								
								
									
										19
									
								
								apps/activity/migrations/0007_alter_guest_activity.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								apps/activity/migrations/0007_alter_guest_activity.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| # Generated by Django 4.2.20 on 2025-05-08 19:07 | ||||
|  | ||||
| from django.db import migrations, models | ||||
| import django.db.models.deletion | ||||
|  | ||||
|  | ||||
| class Migration(migrations.Migration): | ||||
|  | ||||
|     dependencies = [ | ||||
|         ('activity', '0006_guest_school'), | ||||
|     ] | ||||
|  | ||||
|     operations = [ | ||||
|         migrations.AlterField( | ||||
|             model_name='guest', | ||||
|             name='activity', | ||||
|             field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='+', to='activity.activity'), | ||||
|         ), | ||||
|     ] | ||||
| @@ -234,7 +234,7 @@ class Guest(models.Model): | ||||
|     """ | ||||
|     activity = models.ForeignKey( | ||||
|         Activity, | ||||
|         on_delete=models.PROTECT, | ||||
|         on_delete=models.CASCADE, | ||||
|         related_name='+', | ||||
|     ) | ||||
|  | ||||
|   | ||||
| @@ -95,5 +95,23 @@ SPDX-License-Identifier: GPL-3.0-or-later | ||||
|             errMsg(xhr.responseJSON); | ||||
|         }); | ||||
|     }); | ||||
|     $("#delete_activity").click(function () { | ||||
|         if (!confirm("{% trans 'Are you sure you want to delete this activity?' %}")) { | ||||
|             return; | ||||
|         } | ||||
|  | ||||
|         $.ajax({ | ||||
|             url: "/api/activity/activity/{{ activity.pk }}/", | ||||
|             type: "DELETE", | ||||
|             headers: { | ||||
|                 "X-CSRFTOKEN": CSRF_TOKEN | ||||
|             } | ||||
|         }).done(function () { | ||||
|             addMsg("{% trans 'Activity deleted' %}", "success"); | ||||
|             window.location.href = "/activity/";  // Redirige vers la liste des activités | ||||
|         }).fail(function (xhr) { | ||||
|             errMsg(xhr.responseJSON); | ||||
|         }); | ||||
|     }); | ||||
| </script> | ||||
| {% endblock %} | ||||
|   | ||||
| @@ -70,7 +70,10 @@ SPDX-License-Identifier: GPL-3.0-or-later | ||||
|             {% if ".change_"|has_perm:activity %} | ||||
|                 <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_update' pk=activity.pk %}" data-turbolinks="false"> {% trans "edit"|capfirst %}</a> | ||||
|             {% endif %} | ||||
|             {% if activity.activity_type.can_invite and not activity_started %} | ||||
|             {% if not activity.valid and ".delete_"|has_perm:activity %} | ||||
|                 <a class="btn btn-danger btn-sm my-1" id="delete_activity"> {% trans "delete"|capfirst %} </a> | ||||
|             {% endif %} | ||||
|             {% if activity.activity_type.can_invite and not activity_started and activity.valid %} | ||||
|                 <a class="btn btn-primary btn-sm my-1" href="{% url 'activity:activity_invite' pk=activity.pk %}" data-turbolinks="false"> {% trans "Invite" %}</a> | ||||
|             {% endif %} | ||||
|         {% endif %} | ||||
|   | ||||
| @@ -15,4 +15,5 @@ urlpatterns = [ | ||||
|     path('<int:pk>/update/', views.ActivityUpdateView.as_view(), name='activity_update'), | ||||
|     path('new/', views.ActivityCreateView.as_view(), name='activity_create'), | ||||
|     path('calendar.ics', views.CalendarView.as_view(), name='calendar_ics'), | ||||
|     path('<int:pk>/delete', views.ActivityDeleteView.as_view(), name='delete_activity'), | ||||
| ] | ||||
|   | ||||
| @@ -9,7 +9,7 @@ from django.contrib.contenttypes.models import ContentType | ||||
| from django.core.exceptions import PermissionDenied | ||||
| from django.db import transaction | ||||
| from django.db.models import F, Q | ||||
| from django.http import HttpResponse | ||||
| from django.http import HttpResponse, JsonResponse | ||||
| from django.urls import reverse_lazy | ||||
| from django.utils import timezone | ||||
| from django.utils.decorators import method_decorator | ||||
| @@ -153,6 +153,34 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): | ||||
|         return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]}) | ||||
|  | ||||
|  | ||||
| class ActivityDeleteView(View): | ||||
|     """ | ||||
|     Deletes an Activity | ||||
|     """ | ||||
|     def delete(self, request, pk): | ||||
|         try: | ||||
|             activity = Activity.objects.get(pk=pk) | ||||
|             activity.delete() | ||||
|             return JsonResponse({"message": "Activity deleted"}) | ||||
|         except Activity.DoesNotExist: | ||||
|             return JsonResponse({"error": "Activity not found"}, status=404) | ||||
|  | ||||
|     def dispatch(self, *args, **kwargs): | ||||
|         """ | ||||
|         Don't display the delete button if the user has no right to delete. | ||||
|         """ | ||||
|         if not self.request.user.is_authenticated: | ||||
|             return self.handle_no_permission() | ||||
|  | ||||
|         activity = Activity.objects.get(pk=self.kwargs["pk"]) | ||||
|         if not PermissionBackend.check_perm(self.request, "activity.delete_activity", activity): | ||||
|             raise PermissionDenied(_("You are not allowed to delete this activity.")) | ||||
|  | ||||
|         if activity.valid: | ||||
|             raise PermissionDenied(_("This activity is valid.")) | ||||
|         return super().dispatch(*args, **kwargs) | ||||
|  | ||||
|  | ||||
| class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView): | ||||
|     """ | ||||
|     Invite a Guest, The rules to invites someone are defined in `forms:activity.GuestForm` | ||||
|   | ||||
| @@ -169,7 +169,8 @@ class BasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView): | ||||
|     template_name = "food/food_update.html" | ||||
|  | ||||
|     def get_sample_object(self): | ||||
|         return BasicFood( | ||||
|         # We choose a club which may work or BDE else | ||||
|         food = BasicFood( | ||||
|             name="", | ||||
|             owner_id=1, | ||||
|             expiry_date=timezone.now(), | ||||
| @@ -178,6 +179,14 @@ class BasicFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView): | ||||
|             date_type='DLC', | ||||
|         ) | ||||
|  | ||||
|         for membership in self.request.user.memberships.all(): | ||||
|             club_id = membership.club.id | ||||
|             food.owner_id = club_id | ||||
|             if PermissionBackend.check_perm(self.request, "food.add_basicfood", food): | ||||
|                 return food | ||||
|  | ||||
|         return food | ||||
|  | ||||
|     @transaction.atomic | ||||
|     def form_valid(self, form): | ||||
|         if QRCode.objects.filter(qr_code_number=self.kwargs['slug']).count() > 0: | ||||
| @@ -228,13 +237,22 @@ class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView): | ||||
|     template_name = "food/food_update.html" | ||||
|  | ||||
|     def get_sample_object(self): | ||||
|         return TransformedFood( | ||||
|         # We choose a club which may work or BDE else | ||||
|         food = TransformedFood( | ||||
|             name="", | ||||
|             owner_id=1, | ||||
|             expiry_date=timezone.now(), | ||||
|             is_ready=True, | ||||
|         ) | ||||
|  | ||||
|         for membership in self.request.user.memberships.all(): | ||||
|             club_id = membership.club.id | ||||
|             food.owner_id = club_id | ||||
|             if PermissionBackend.check_perm(self.request, "food.add_transformedfood", food): | ||||
|                 return food | ||||
|  | ||||
|         return food | ||||
|  | ||||
|     @transaction.atomic | ||||
|     def form_valid(self, form): | ||||
|         form.instance.expiry_date = timezone.now() + timedelta(days=3) | ||||
| @@ -246,10 +264,10 @@ class TransformedFoodCreateView(ProtectQuerysetMixin, ProtectedCreateView): | ||||
|         return reverse_lazy('food:transformedfood_view', kwargs={"pk": self.object.pk}) | ||||
|  | ||||
|  | ||||
| MAX_FORMS = 10 | ||||
| MAX_FORMS = 100 | ||||
|  | ||||
|  | ||||
| class ManageIngredientsView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): | ||||
| class ManageIngredientsView(LoginRequiredMixin, UpdateView): | ||||
|     """ | ||||
|     A view to manage ingredient for a transformed food | ||||
|     """ | ||||
| @@ -280,6 +298,14 @@ class ManageIngredientsView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView | ||||
|                     ingredient.end_of_life = _('Fully used in {meal}'.format( | ||||
|                         meal=self.object.name)) | ||||
|                     ingredient.save() | ||||
|         # We recalculate new expiry date and allergens | ||||
|         self.object.expiry_date = self.object.creation_date + self.object.shelf_life | ||||
|         self.object.allergens.clear() | ||||
|  | ||||
|         for ingredient in self.object.ingredients.iterator(): | ||||
|             if not (ingredient.polymorphic_ctype.model == 'basicfood' and ingredient.date_type == 'DDM'): | ||||
|                 self.object.expiry_date = min(self.object.expiry_date, ingredient.expiry_date) | ||||
|             self.object.allergens.set(self.object.allergens.union(ingredient.allergens.all())) | ||||
|  | ||||
|         self.object.save(old_ingredients=old_ingredients, old_allergens=old_allergens) | ||||
|         return HttpResponseRedirect(self.get_success_url()) | ||||
|   | ||||
							
								
								
									
										46
									
								
								apps/member/migrations/0014_create_bda.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										46
									
								
								apps/member/migrations/0014_create_bda.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,46 @@ | ||||
| from django.db import migrations | ||||
|  | ||||
| def create_bda(apps, schema_editor): | ||||
|     """ | ||||
|     The club BDA is now pre-injected. | ||||
|     """ | ||||
|     Club = apps.get_model("member", "club") | ||||
|     NoteClub = apps.get_model("note", "noteclub") | ||||
|     Alias = apps.get_model("note", "alias") | ||||
|     ContentType = apps.get_model('contenttypes', 'ContentType') | ||||
|     polymorphic_ctype_id = ContentType.objects.get_for_model(NoteClub).id | ||||
|      | ||||
|     Club.objects.get_or_create( | ||||
|         id=10, | ||||
|         name="BDA", | ||||
|         email="bda.ensparissaclay@gmail.com", | ||||
|         require_memberships=True, | ||||
|         membership_fee_paid=750, | ||||
|         membership_fee_unpaid=750, | ||||
|         membership_duration=396, | ||||
|         membership_start="2024-08-01", | ||||
|         membership_end="2025-09-30", | ||||
|     ) | ||||
|     NoteClub.objects.get_or_create( | ||||
|         id=1937, | ||||
|         club_id=10, | ||||
|         polymorphic_ctype_id=polymorphic_ctype_id, | ||||
|     ) | ||||
|     Alias.objects.get_or_create( | ||||
|         id=1937, | ||||
|         note_id=1937, | ||||
|         name="BDA", | ||||
|         normalized_name="bda", | ||||
|     ) | ||||
|  | ||||
|  | ||||
| class Migration(migrations.Migration): | ||||
|  | ||||
|     dependencies = [ | ||||
|         ('member', '0013_auto_20240801_1436'), | ||||
|     ] | ||||
|      | ||||
|     operations = [ | ||||
|         migrations.RunPython(create_bda), | ||||
|     ] | ||||
|  | ||||
| @@ -4152,8 +4152,8 @@ | ||||
|             "name": "Pr\u00e9sident\u22c5e de club", | ||||
|             "permissions": [ | ||||
|                 62, | ||||
|                 142, | ||||
|                 135 | ||||
|                 135, | ||||
|                 142 | ||||
|             ] | ||||
|         } | ||||
|     }, | ||||
| @@ -4562,6 +4562,133 @@ | ||||
|             ] | ||||
|         } | ||||
|     },   | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 23, | ||||
|             "fields": { | ||||
|             "for_club": 2, | ||||
|             "name": "Darbonne", | ||||
|             "permissions": [ | ||||
|                 30, | ||||
|                 31, | ||||
|                 32 | ||||
|             ] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 24, | ||||
|             "fields": { | ||||
|             "for_club": null, | ||||
|             "name": "Staffeur⋅euse (S&L,Respo Tech,...)", | ||||
|             "permissions": [] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 25, | ||||
|             "fields": { | ||||
|             "for_club": null, | ||||
|             "name": "Référent⋅e Bus", | ||||
|             "permissions": [ | ||||
|                 22, | ||||
|                 84, | ||||
|                 115, | ||||
|                 117, | ||||
|                 118, | ||||
|                 119, | ||||
|                 120, | ||||
|                 121, | ||||
|                 122 | ||||
|             ] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 28, | ||||
|             "fields": { | ||||
|             "for_club": 10, | ||||
|             "name": "Trésorièr⸱e BDA", | ||||
|             "permissions": [ | ||||
|                 55, | ||||
|                 56, | ||||
|                 57, | ||||
|                 58, | ||||
|                 135, | ||||
|                 143, | ||||
|                 176, | ||||
|                 177, | ||||
|                 178, | ||||
|                 243, | ||||
|                 260, | ||||
|                 261, | ||||
|                 262, | ||||
|                 263, | ||||
|                 264, | ||||
|                 265, | ||||
|                 266, | ||||
|                 267, | ||||
|                 268, | ||||
|                 269 | ||||
|             ] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 30, | ||||
|             "fields": { | ||||
|             "for_club": 10, | ||||
|             "name": "Respo sorties", | ||||
|             "permissions": [ | ||||
|                 49,  | ||||
|                 62,  | ||||
|                 141,  | ||||
|                 241,  | ||||
|                 242,  | ||||
|                 243 | ||||
|             ] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 31, | ||||
|             "fields": { | ||||
|             "for_club": 1, | ||||
|             "name": "Respo comm", | ||||
|             "permissions": [ | ||||
|                 135, | ||||
|                 244 | ||||
|             ] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 32, | ||||
|             "fields": { | ||||
|             "for_club": 10, | ||||
|             "name": "Respo comm Art", | ||||
|             "permissions": [ | ||||
|                 135, | ||||
|                 245 | ||||
|             ] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "permission.role", | ||||
|         "pk": 33, | ||||
|             "fields": { | ||||
|             "for_club": 10, | ||||
|             "name": "Respo Jam", | ||||
|             "permissions": [ | ||||
|                 247,  | ||||
|                 250,  | ||||
|                 251,  | ||||
|                 252,  | ||||
|                 253,  | ||||
|                 254 | ||||
|             ] | ||||
|         } | ||||
|     },  | ||||
|     { | ||||
|         "model": "wei.weirole", | ||||
|         "pk": 12, | ||||
| @@ -4596,5 +4723,15 @@ | ||||
|         "model": "wei.weirole", | ||||
|         "pk": 18, | ||||
|         "fields": {} | ||||
|     }, | ||||
|     { | ||||
|         "model": "wei.weirole", | ||||
|         "pk": 24, | ||||
|         "fields": {} | ||||
|     }, | ||||
|     { | ||||
|         "model": "wei.weirole", | ||||
|         "pk": 25, | ||||
|         "fields": {} | ||||
|     } | ||||
| ] | ||||
|   | ||||
| @@ -136,7 +136,7 @@ de diffusion utiles. | ||||
|    Faîtes attention, donc où la sortie est stockée. | ||||
|  | ||||
|  | ||||
| Il prend 2 options : | ||||
| Il prend 4 options : | ||||
|  | ||||
| * ``--type``, qui prend en argument ``members`` (défaut), ``clubs``, ``events``, ``art``, | ||||
|   ``sport``, qui permet respectivement de sortir la liste des adresses mails des adhérent⋅es | ||||
| @@ -149,7 +149,10 @@ Il prend 2 options : | ||||
|   pour la ML Adhérents, pour exporter les mails des adhérents au BDE pendant n'importe  | ||||
|   laquelle des ``n+1`` dernières années.  | ||||
|  | ||||
| Le script sort sur la sortie standard la liste des adresses mails à inscrire. | ||||
| * ``--email``, qui prend en argument une chaine de caractère contenant une adresse email. | ||||
|    | ||||
| Si aucun email n'est renseigné, le script sort sur la sortie standard la liste des adresses mails à inscrire. | ||||
| Dans le cas contraire, la liste est envoyée à l'adresse passée en argument. | ||||
|  | ||||
| Attention : il y a parfois certains cas particuliers à prendre en compte, il n'est | ||||
| malheureusement pas aussi simple que de simplement supposer que ces listes sont exhaustives. | ||||
|   | ||||
| @@ -270,7 +270,7 @@ OAUTH2_PROVIDER = { | ||||
|     'PKCE_REQUIRED': False, # PKCE (fix a breaking change of django-oauth-toolkit 2.0.0) | ||||
|     'OIDC_ENABLED': True, | ||||
|     'OIDC_RSA_PRIVATE_KEY': | ||||
|         os.getenv('OIDC_RSA_PRIVATE_KEY', 'CHANGE_ME_IN_ENV_SETTINGS').replace('\\n', '\n'), # for multilines | ||||
|         os.getenv('OIDC_RSA_PRIVATE_KEY', '/var/secrets/oidc.key'), | ||||
|     'SCOPES': { 'openid': "OpenID Connect scope" }, | ||||
| } | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user