diff --git a/apps/activity/views.py b/apps/activity/views.py
index 923f32ecc39e8d5005052cb2ab4108b72cb6ed8a..370e6040fa7987fbb572f4cb176ef7cbb55c0574 100644
--- a/apps/activity/views.py
+++ b/apps/activity/views.py
@@ -182,8 +182,11 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
context["noteuser_ctype"] = ContentType.objects.get_for_model(NoteUser).pk
context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk
- context["activities_open"] = Activity.objects.filter(open=True).filter(
- PermissionBackend.filter_queryset(self.request.user, Activity, "view")).filter(
- PermissionBackend.filter_queryset(self.request.user, Activity, "change")).all()
+ activities_open = Activity.objects.filter(open=True).filter(
+ PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all()
+ context["activities_open"] = [a for a in activities_open
+ if PermissionBackend.check_perm(self.request.user,
+ "activity.add_entry",
+ Entry(activity=a, note=self.request.user.note,))]
return context
diff --git a/apps/api/viewsets.py b/apps/api/viewsets.py
index 6e0cb6b876ba7d49b28d8f6e221e0e420e722703..f4dd56f6b856fcdc92bf38ced262aebd5187f6b3 100644
--- a/apps/api/viewsets.py
+++ b/apps/api/viewsets.py
@@ -18,7 +18,7 @@ class ReadProtectedModelViewSet(viewsets.ModelViewSet):
def get_queryset(self):
user = get_current_authenticated_user()
- return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view"))
+ return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()
class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):
@@ -32,4 +32,4 @@ class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):
def get_queryset(self):
user = get_current_authenticated_user()
- return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view"))
+ return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()
diff --git a/apps/note/api/views.py b/apps/note/api/views.py
index a365c343f8ab8a1ff6e8aa09531d9601ac6325d0..f806bbf25f4642fc7a7952e9acd4f4b8261c50d4 100644
--- a/apps/note/api/views.py
+++ b/apps/note/api/views.py
@@ -9,6 +9,8 @@ from rest_framework import viewsets
from rest_framework.response import Response
from rest_framework import status
from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
+from note_kfet.middlewares import get_current_authenticated_user
+from permission.backends import PermissionBackend
from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer
@@ -150,3 +152,7 @@ class TransactionViewSet(ReadProtectedModelViewSet):
serializer_class = TransactionPolymorphicSerializer
filter_backends = [SearchFilter]
search_fields = ['$reason', ]
+
+ def get_queryset(self):
+ user = get_current_authenticated_user()
+ return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view"))
diff --git a/apps/note/views.py b/apps/note/views.py
index ef9da6688734ab039c56eae14969dac8990fab14..ad2b2a99e61aa4a104daa51e0d9c54b38fcafc47 100644
--- a/apps/note/views.py
+++ b/apps/note/views.py
@@ -10,6 +10,8 @@ from django.utils.translation import gettext_lazy as _
from django.views.generic import CreateView, UpdateView
from django_tables2 import SingleTableView
from django.urls import reverse_lazy
+
+from activity.models import Entry
from note_kfet.inputs import AmountInput
from permission.backends import PermissionBackend
from permission.views import ProtectQuerysetMixin
@@ -52,9 +54,13 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl
# Add a shortcut for entry page for open activities
if "activity" in settings.INSTALLED_APPS:
from activity.models import Activity
- context["activities_open"] = Activity.objects.filter(open=True).filter(
- PermissionBackend.filter_queryset(self.request.user, Activity, "view")).filter(
- PermissionBackend.filter_queryset(self.request.user, Activity, "change")).all()
+ activities_open = Activity.objects.filter(open=True).filter(
+ PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all()
+ context["activities_open"] = [a for a in activities_open
+ if PermissionBackend.check_perm(self.request.user,
+ "activity.add_entry",
+ Entry(activity=a,
+ note=self.request.user.note, ))]
return context
diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json
index bbe2e7e912c76f43b0829a341bab9ec29521bac4..1ce50d8061734f29fd5dea0c3d72921fdca6945e 100644
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@@ -2311,6 +2311,38 @@
"description": "Ajouter un membre à n'importe quel club"
}
},
+ {
+ "model": "permission.permission",
+ "pk": 148,
+ "fields": {
+ "model": [
+ "activity",
+ "activity"
+ ],
+ "query": "{\"valid\": false}",
+ "type": "change",
+ "mask": 2,
+ "field": "",
+ "permanent": false,
+ "description": "Modifier une activité non validée"
+ }
+ },
+ {
+ "model": "permission.permission",
+ "pk": 149,
+ "fields": {
+ "model": [
+ "activity",
+ "activity"
+ ],
+ "query": "{\"valid\": false}",
+ "type": "delete",
+ "mask": 2,
+ "field": "",
+ "permanent": false,
+ "description": "Supprimer une activité non validée"
+ }
+ },
{
"model": "permission.role",
"pk": 1,
@@ -2643,7 +2675,9 @@
144,
145,
146,
- 147
+ 147,
+ 148,
+ 149
]
}
},
@@ -2690,7 +2724,9 @@
43,
44,
45,
- 46
+ 46,
+ 148,
+ 149
]
}
},