Merge branch 'dev' into 'master'

Permissions on user detail

See merge request animath/si/plateforme-tfjm!15
This commit is contained in:
Yohann D'ANELLO 2021-01-29 09:36:53 +00:00
commit 9c4e68d0ea
1 changed files with 5 additions and 3 deletions

View File

@ -242,7 +242,7 @@ class UserDetailView(LoginRequiredMixin, DetailView):
user = self.get_object() user = self.get_object()
if user == me or me.registration.is_admin or me.registration.is_volunteer \ if user == me or me.registration.is_admin or me.registration.is_volunteer \
and user.registration.participates and user.registration.team \ and user.registration.participates and user.registration.team \
and user.registration.team.participation.tournament in user.registration.organized_tournaments.all() \ and user.registration.team.participation.tournament in me.registration.organized_tournaments.all() \
or user.registration.is_volunteer and me.registration.is_volunteer \ or user.registration.is_volunteer and me.registration.is_volunteer \
and me.registration.interesting_tournaments.intersection(user.registration.intersting_tournaments): and me.registration.interesting_tournaments.intersection(user.registration.intersting_tournaments):
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
@ -376,10 +376,12 @@ class AuthorizationTemplateView(TemplateView):
if registration.user == self.request.user \ if registration.user == self.request.user \
or self.request.user.is_authenticated and self.request.user.registration.is_admin: or self.request.user.is_authenticated and self.request.user.registration.is_admin:
context["registration"] = registration context["registration"] = registration
if "tournament_id" in self.request.GET: if "tournament_id" in self.request.GET and self.request.GET.get("tournament_id").isnumeric():
if not Tournament.objects.filter(pk=self.request.get("tournament_id")).exists():
raise PermissionDenied("Ce tournoi n'existe pas.")
context["tournament"] = Tournament.objects.get(pk=self.request.GET.get("tournament_id")) context["tournament"] = Tournament.objects.get(pk=self.request.GET.get("tournament_id"))
else: else:
raise ValueError("Merci d'indiquer un tournoi.") raise PermissionDenied("Merci d'indiquer un tournoi.")
return context return context