mirror of
https://gitlab.com/animath/si/plateforme.git
synced 2024-12-25 07:02:22 +00:00
Fix the permission to see a user page
This commit is contained in:
parent
0cd7ff512f
commit
ea38c06631
@ -25,7 +25,7 @@ from django_tables2 import SingleTableView
|
|||||||
from magic import Magic
|
from magic import Magic
|
||||||
from participation.models import Passage, Solution, Synthesis, Tournament
|
from participation.models import Passage, Solution, Synthesis, Tournament
|
||||||
from tfjm.tokens import email_validation_token
|
from tfjm.tokens import email_validation_token
|
||||||
from tfjm.views import AdminMixin, UserMixin, VolunteerMixin
|
from tfjm.views import AdminMixin, UserMixin, UserRegistrationMixin, VolunteerMixin
|
||||||
|
|
||||||
from .forms import AddOrganizerForm, AdminRegistrationForm, CoachRegistrationForm, HealthSheetForm, \
|
from .forms import AddOrganizerForm, AdminRegistrationForm, CoachRegistrationForm, HealthSheetForm, \
|
||||||
ParentalAuthorizationForm, PaymentForm, PhotoAuthorizationForm, SignupForm, StudentRegistrationForm, UserForm, \
|
ParentalAuthorizationForm, PaymentForm, PhotoAuthorizationForm, SignupForm, StudentRegistrationForm, UserForm, \
|
||||||
@ -226,7 +226,7 @@ class MyAccountDetailView(LoginRequiredMixin, RedirectView):
|
|||||||
return reverse_lazy("registration:user_detail", args=(self.request.user.pk,))
|
return reverse_lazy("registration:user_detail", args=(self.request.user.pk,))
|
||||||
|
|
||||||
|
|
||||||
class UserDetailView(UserMixin, DetailView):
|
class UserDetailView(LoginRequiredMixin, DetailView):
|
||||||
"""
|
"""
|
||||||
Display the detail about a user.
|
Display the detail about a user.
|
||||||
"""
|
"""
|
||||||
@ -271,12 +271,6 @@ class UserUpdateView(UserMixin, UpdateView):
|
|||||||
form_class = UserForm
|
form_class = UserForm
|
||||||
template_name = "registration/update_user.html"
|
template_name = "registration/update_user.html"
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
|
||||||
if not self.request.user.is_authenticated or \
|
|
||||||
not self.request.user.registration.is_admin and self.request.user != self.get_object():
|
|
||||||
return self.handle_no_permission()
|
|
||||||
return super().dispatch(request, *args, **kwargs)
|
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
context = super().get_context_data(**kwargs)
|
context = super().get_context_data(**kwargs)
|
||||||
user = self.get_object()
|
user = self.get_object()
|
||||||
@ -309,7 +303,7 @@ class UserUpdateView(UserMixin, UpdateView):
|
|||||||
return reverse_lazy("registration:user_detail", args=(self.object.pk,))
|
return reverse_lazy("registration:user_detail", args=(self.object.pk,))
|
||||||
|
|
||||||
|
|
||||||
class UserUploadPhotoAuthorizationView(UserMixin, UpdateView):
|
class UserUploadPhotoAuthorizationView(UserRegistrationMixin, UpdateView):
|
||||||
"""
|
"""
|
||||||
A participant can send its photo authorization.
|
A participant can send its photo authorization.
|
||||||
"""
|
"""
|
||||||
@ -318,12 +312,6 @@ class UserUploadPhotoAuthorizationView(UserMixin, UpdateView):
|
|||||||
template_name = "registration/upload_photo_authorization.html"
|
template_name = "registration/upload_photo_authorization.html"
|
||||||
extra_context = dict(title=_("Upload photo authorization"))
|
extra_context = dict(title=_("Upload photo authorization"))
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
|
||||||
if not self.request.user.is_authenticated or \
|
|
||||||
not self.request.user.registration.is_admin and self.request.user != self.get_object().user:
|
|
||||||
return self.handle_no_permission()
|
|
||||||
return super().dispatch(request, *args, **kwargs)
|
|
||||||
|
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
||||||
@ -336,7 +324,7 @@ class UserUploadPhotoAuthorizationView(UserMixin, UpdateView):
|
|||||||
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
||||||
|
|
||||||
|
|
||||||
class UserUploadHealthSheetView(UserMixin, UpdateView):
|
class UserUploadHealthSheetView(UserRegistrationMixin, UpdateView):
|
||||||
"""
|
"""
|
||||||
A participant can send its health sheet.
|
A participant can send its health sheet.
|
||||||
"""
|
"""
|
||||||
@ -345,12 +333,6 @@ class UserUploadHealthSheetView(UserMixin, UpdateView):
|
|||||||
template_name = "registration/upload_health_sheet.html"
|
template_name = "registration/upload_health_sheet.html"
|
||||||
extra_context = dict(title=_("Upload health sheet"))
|
extra_context = dict(title=_("Upload health sheet"))
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
|
||||||
if not self.request.user.is_authenticated or \
|
|
||||||
not self.request.user.registration.is_admin and self.request.user != self.get_object().user:
|
|
||||||
return self.handle_no_permission()
|
|
||||||
return super().dispatch(request, *args, **kwargs)
|
|
||||||
|
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
||||||
@ -363,7 +345,7 @@ class UserUploadHealthSheetView(UserMixin, UpdateView):
|
|||||||
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
||||||
|
|
||||||
|
|
||||||
class UserUploadParentalAuthorizationView(UserMixin, UpdateView):
|
class UserUploadParentalAuthorizationView(UserRegistrationMixin, UpdateView):
|
||||||
"""
|
"""
|
||||||
A participant can send its parental authorization.
|
A participant can send its parental authorization.
|
||||||
"""
|
"""
|
||||||
@ -372,12 +354,6 @@ class UserUploadParentalAuthorizationView(UserMixin, UpdateView):
|
|||||||
template_name = "registration/upload_parental_authorization.html"
|
template_name = "registration/upload_parental_authorization.html"
|
||||||
extra_context = dict(title=_("Upload parental authorization"))
|
extra_context = dict(title=_("Upload parental authorization"))
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
|
||||||
if not self.request.user.is_authenticated or \
|
|
||||||
not self.request.user.registration.is_admin and self.request.user != self.get_object().user:
|
|
||||||
return self.handle_no_permission()
|
|
||||||
return super().dispatch(request, *args, **kwargs)
|
|
||||||
|
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
||||||
|
@ -790,7 +790,7 @@ msgstr "Remplacer"
|
|||||||
|
|
||||||
#: apps/participation/templates/participation/team_detail.html:104
|
#: apps/participation/templates/participation/team_detail.html:104
|
||||||
msgid "Download all authorizations"
|
msgid "Download all authorizations"
|
||||||
msgstr "Télécharger toutes les authorisations"
|
msgstr "Télécharger toutes les autorisations"
|
||||||
|
|
||||||
#: apps/participation/templates/participation/team_detail.html:111
|
#: apps/participation/templates/participation/team_detail.html:111
|
||||||
#: apps/participation/templates/participation/team_detail.html:178
|
#: apps/participation/templates/participation/team_detail.html:178
|
||||||
|
@ -20,6 +20,14 @@ class VolunteerMixin(LoginRequiredMixin):
|
|||||||
|
|
||||||
|
|
||||||
class UserMixin(LoginRequiredMixin):
|
class UserMixin(LoginRequiredMixin):
|
||||||
|
def dispatch(self, request, *args, **kwargs):
|
||||||
|
user = request.user
|
||||||
|
if user.is_authenticated and not user.registration.is_admin and user.pk != kwargs["pk"]:
|
||||||
|
self.handle_no_permission()
|
||||||
|
return super().dispatch(request, *args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
class UserRegistrationMixin(LoginRequiredMixin):
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
user = request.user
|
user = request.user
|
||||||
if user.is_authenticated and not user.registration.is_admin and user.registration.pk != kwargs["pk"]:
|
if user.is_authenticated and not user.registration.is_admin and user.registration.pk != kwargs["pk"]:
|
||||||
|
Loading…
Reference in New Issue
Block a user