Ce serveur Gitlab sera éteint le 30 juin 2020, pensez à migrer vos projets vers les serveurs gitlab-research.centralesupelec.fr et gitlab-student.centralesupelec.fr !

Commit 8b044951 authored by chirac's avatar chirac

Ajoute des acls sur les vues critiques

parent 37cdd1d5
...@@ -5,7 +5,7 @@ from django.shortcuts import render, redirect ...@@ -5,7 +5,7 @@ from django.shortcuts import render, redirect
from django.shortcuts import render_to_response, get_object_or_404 from django.shortcuts import render_to_response, get_object_or_404
from django.core.context_processors import csrf from django.core.context_processors import csrf
from django.template import Context, RequestContext, loader from django.template import Context, RequestContext, loader
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required, permission_required
from django.contrib import messages from django.contrib import messages
from django.db.models import Max, ProtectedError from django.db.models import Max, ProtectedError
...@@ -91,6 +91,7 @@ def edit_facture(request, factureid): ...@@ -91,6 +91,7 @@ def edit_facture(request, factureid):
return form({'factureform': facture_form}, 'cotisations/facture.html', request) return form({'factureform': facture_form}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def add_article(request): def add_article(request):
article = ArticleForm(request.POST or None) article = ArticleForm(request.POST or None)
if article.is_valid(): if article.is_valid():
...@@ -100,6 +101,7 @@ def add_article(request): ...@@ -100,6 +101,7 @@ def add_article(request):
return form({'factureform': article}, 'cotisations/facture.html', request) return form({'factureform': article}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def edit_article(request, articleid): def edit_article(request, articleid):
try: try:
article_instance = Article.objects.get(pk=articleid) article_instance = Article.objects.get(pk=articleid)
...@@ -114,6 +116,7 @@ def edit_article(request, articleid): ...@@ -114,6 +116,7 @@ def edit_article(request, articleid):
return form({'factureform': article}, 'cotisations/facture.html', request) return form({'factureform': article}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def del_article(request): def del_article(request):
article = DelArticleForm(request.POST or None) article = DelArticleForm(request.POST or None)
if article.is_valid(): if article.is_valid():
...@@ -124,6 +127,7 @@ def del_article(request): ...@@ -124,6 +127,7 @@ def del_article(request):
return form({'factureform': article}, 'cotisations/facture.html', request) return form({'factureform': article}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def add_paiement(request): def add_paiement(request):
paiement = PaiementForm(request.POST or None) paiement = PaiementForm(request.POST or None)
if paiement.is_valid(): if paiement.is_valid():
...@@ -133,6 +137,7 @@ def add_paiement(request): ...@@ -133,6 +137,7 @@ def add_paiement(request):
return form({'factureform': paiement}, 'cotisations/facture.html', request) return form({'factureform': paiement}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def edit_paiement(request, paiementid): def edit_paiement(request, paiementid):
try: try:
paiement_instance = Paiement.objects.get(pk=paiementid) paiement_instance = Paiement.objects.get(pk=paiementid)
...@@ -147,6 +152,7 @@ def edit_paiement(request, paiementid): ...@@ -147,6 +152,7 @@ def edit_paiement(request, paiementid):
return form({'factureform': paiement}, 'cotisations/facture.html', request) return form({'factureform': paiement}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def del_paiement(request): def del_paiement(request):
paiement = DelPaiementForm(request.POST or None) paiement = DelPaiementForm(request.POST or None)
if paiement.is_valid(): if paiement.is_valid():
...@@ -161,6 +167,7 @@ def del_paiement(request): ...@@ -161,6 +167,7 @@ def del_paiement(request):
return form({'factureform': paiement}, 'cotisations/facture.html', request) return form({'factureform': paiement}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def add_banque(request): def add_banque(request):
banque = BanqueForm(request.POST or None) banque = BanqueForm(request.POST or None)
if banque.is_valid(): if banque.is_valid():
...@@ -170,6 +177,7 @@ def add_banque(request): ...@@ -170,6 +177,7 @@ def add_banque(request):
return form({'factureform': banque}, 'cotisations/facture.html', request) return form({'factureform': banque}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def edit_banque(request, banqueid): def edit_banque(request, banqueid):
try: try:
banque_instance = Article.objects.get(pk=banqueid) banque_instance = Article.objects.get(pk=banqueid)
...@@ -184,6 +192,7 @@ def edit_banque(request, banqueid): ...@@ -184,6 +192,7 @@ def edit_banque(request, banqueid):
return form({'factureform': banque}, 'cotisations/facture.html', request) return form({'factureform': banque}, 'cotisations/facture.html', request)
@login_required @login_required
@permission_required('trésorier')
def del_banque(request): def del_banque(request):
banque = DelBanqueForm(request.POST or None) banque = DelBanqueForm(request.POST or None)
if banque.is_valid(): if banque.is_valid():
......
from django.shortcuts import render, redirect from django.shortcuts import render, redirect
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required, permission_required
from django.db import IntegrityError from django.db import IntegrityError
from topologie.models import Switch, Port from topologie.models import Switch, Port
...@@ -23,6 +23,7 @@ def index_port(request, switch_id): ...@@ -23,6 +23,7 @@ def index_port(request, switch_id):
return render(request, 'topologie/index_p.html', {'port_list':port_list, 'id_switch':switch_id, 'nom_switch':switch}) return render(request, 'topologie/index_p.html', {'port_list':port_list, 'id_switch':switch_id, 'nom_switch':switch})
@login_required @login_required
@permission_required('admin')
def new_port(request, switch_id): def new_port(request, switch_id):
try: try:
switch = Switch.objects.get(pk=switch_id) switch = Switch.objects.get(pk=switch_id)
...@@ -42,6 +43,7 @@ def new_port(request, switch_id): ...@@ -42,6 +43,7 @@ def new_port(request, switch_id):
return form({'topoform':port}, 'topologie/port.html', request) return form({'topoform':port}, 'topologie/port.html', request)
@login_required @login_required
@permission_required('admin')
def edit_port(request, port_id): def edit_port(request, port_id):
try: try:
port = Port.objects.get(pk=port_id) port = Port.objects.get(pk=port_id)
...@@ -56,6 +58,7 @@ def edit_port(request, port_id): ...@@ -56,6 +58,7 @@ def edit_port(request, port_id):
return form({'topoform':port}, 'topologie/port.html', request) return form({'topoform':port}, 'topologie/port.html', request)
@login_required @login_required
@permission_required('admin')
def new_switch(request): def new_switch(request):
switch = EditSwitchForm(request.POST or None) switch = EditSwitchForm(request.POST or None)
if switch.is_valid(): if switch.is_valid():
...@@ -65,6 +68,7 @@ def new_switch(request): ...@@ -65,6 +68,7 @@ def new_switch(request):
return form({'topoform':switch}, 'topologie/port.html', request) return form({'topoform':switch}, 'topologie/port.html', request)
@login_required @login_required
@permission_required('admin')
def edit_switch(request, switch_id): def edit_switch(request, switch_id):
try: try:
switch = Switch.objects.get(pk=switch_id) switch = Switch.objects.get(pk=switch_id)
......
...@@ -8,7 +8,6 @@ from django.contrib.auth.models import AbstractBaseUser, BaseUserManager ...@@ -8,7 +8,6 @@ from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
from topologie.models import Room from topologie.models import Room
def remove_user_room(room): def remove_user_room(room):
""" Déménage de force l'ancien locataire de la chambre """ """ Déménage de force l'ancien locataire de la chambre """
try: try:
...@@ -133,8 +132,12 @@ class User(AbstractBaseUser): ...@@ -133,8 +132,12 @@ class User(AbstractBaseUser):
def get_short_name(self): def get_short_name(self):
return self.name return self.name
def has_perm(self, perm, obj=None): def has_perms(self, perms, obj=None):
# Simplest version for perm in perms:
try:
Right.objects.get(user=self, right__listright=perm)
except Right.DoesNotExist:
return False
return True return True
def has_module_perms(self, app_label): def has_module_perms(self, app_label):
......
...@@ -5,12 +5,12 @@ from django.shortcuts import render_to_response, render, redirect ...@@ -5,12 +5,12 @@ from django.shortcuts import render_to_response, render, redirect
from django.core.context_processors import csrf from django.core.context_processors import csrf
from django.template import RequestContext from django.template import RequestContext
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required, permission_required
from django.db.models import Max, ProtectedError from django.db.models import Max, ProtectedError
from django.db import IntegrityError from django.db import IntegrityError
from django.utils import timezone from django.utils import timezone
from users.models import User, Right, Ban, Whitelist from users.models import User, Right, Ban, Whitelist, School
from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm
from users.models import InfoForm, StateForm, RightForm, SchoolForm from users.models import InfoForm, StateForm, RightForm, SchoolForm
from cotisations.models import Facture from cotisations.models import Facture
...@@ -154,6 +154,7 @@ def password(request, userid): ...@@ -154,6 +154,7 @@ def password(request, userid):
return form({'userform': u_form}, 'users/user.html', request) return form({'userform': u_form}, 'users/user.html', request)
@login_required @login_required
@permission_required('bureau')
def add_right(request, userid): def add_right(request, userid):
try: try:
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
...@@ -173,6 +174,7 @@ def add_right(request, userid): ...@@ -173,6 +174,7 @@ def add_right(request, userid):
return form({'userform': right}, 'users/user.html', request) return form({'userform': right}, 'users/user.html', request)
@login_required @login_required
@permission_required('bureau')
def del_right(request): def del_right(request):
right = DelRightForm(request.POST or None) right = DelRightForm(request.POST or None)
if right.is_valid(): if right.is_valid():
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment