From d083894e9bf75d47a11fdb0139a27b9172c8bf6a Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Thu, 19 Mar 2020 14:25:43 +0100
Subject: [PATCH] Fix note display for users that don't have enough rights
---
apps/note/api/serializers.py | 6 ++++-
apps/note/api/views.py | 34 +--------------------------
apps/permission/templatetags/perms.py | 8 +++++--
static/js/base.js | 9 ++++++-
static/js/consos.js | 3 ++-
static/js/transfer.js | 20 +++++++++-------
6 files changed, 34 insertions(+), 46 deletions(-)
diff --git a/apps/note/api/serializers.py b/apps/note/api/serializers.py
index 02311de1..4d8be07f 100644
--- a/apps/note/api/serializers.py
+++ b/apps/note/api/serializers.py
@@ -4,6 +4,7 @@
from rest_framework import serializers
from rest_polymorphic.serializers import PolymorphicSerializer
+from logs.middlewares import get_current_authenticated_user
from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias
from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \
TemplateTransaction, SpecialTransaction
@@ -77,7 +78,10 @@ class AliasSerializer(serializers.ModelSerializer):
fields = '__all__'
def get_note(self, alias):
- return NotePolymorphicSerializer().to_representation(alias.note)
+ if get_current_authenticated_user().has_perm("note.view_note", alias.note):
+ return NotePolymorphicSerializer().to_representation(alias.note)
+ else:
+ return alias.note.id
class NotePolymorphicSerializer(PolymorphicSerializer):
diff --git a/apps/note/api/views.py b/apps/note/api/views.py
index a4fe6fc1..caa77132 100644
--- a/apps/note/api/views.py
+++ b/apps/note/api/views.py
@@ -75,20 +75,7 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
alias = self.request.query_params.get("alias", ".*")
queryset = queryset.filter(
- Q(alias__name__regex="^" + alias)
- | Q(alias__normalized_name__regex="^" + alias.lower()))
-
- note_type = self.request.query_params.get("type", None)
- if note_type:
- types = str(note_type).lower()
- if "user" in types:
- queryset = queryset.filter(polymorphic_ctype__model="noteuser")
- elif "club" in types:
- queryset = queryset.filter(polymorphic_ctype__model="noteclub")
- elif "special" in types:
- queryset = queryset.filter(polymorphic_ctype__model="notespecial")
- else:
- queryset = queryset.none()
+ Q(alias__name__regex="^" + alias) | Q(alias__normalized_name__regex="^" + alias.lower()))
return queryset.distinct()
@@ -117,25 +104,6 @@ class AliasViewSet(ReadProtectedModelViewSet):
queryset = queryset.filter(
Q(name__regex="^" + alias) | Q(normalized_name__regex="^" + alias.lower()))
- note_id = self.request.query_params.get("note", None)
- if note_id:
- queryset = queryset.filter(id=note_id)
-
- note_type = self.request.query_params.get("type", None)
- if note_type:
- types = str(note_type).lower()
- if "user" in types:
- queryset = queryset.filter(
- note__polymorphic_ctype__model="noteuser")
- elif "club" in types:
- queryset = queryset.filter(
- note__polymorphic_ctype__model="noteclub")
- elif "special" in types:
- queryset = queryset.filter(
- note__polymorphic_ctype__model="notespecial")
- else:
- queryset = queryset.none()
-
return queryset
diff --git a/apps/permission/templatetags/perms.py b/apps/permission/templatetags/perms.py
index 9b5ff93a..460bf9a6 100644
--- a/apps/permission/templatetags/perms.py
+++ b/apps/permission/templatetags/perms.py
@@ -17,7 +17,9 @@ def has_perm(value):
@stringfilter
def not_empty_model_list(model_name):
user = get_current_authenticated_user()
- if user.is_superuser:
+ if user is None:
+ return False
+ elif user.is_superuser:
return True
spl = model_name.split(".")
ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
@@ -28,7 +30,9 @@ def not_empty_model_list(model_name):
@stringfilter
def not_empty_model_change_list(model_name):
user = get_current_authenticated_user()
- if user.is_superuser:
+ if user is None:
+ return False
+ elif user.is_superuser:
return True
spl = model_name.split(".")
ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
diff --git a/static/js/base.js b/static/js/base.js
index 2362375b..7a733df3 100644
--- a/static/js/base.js
+++ b/static/js/base.js
@@ -67,7 +67,7 @@ function displayNote(note, alias, user_note_field=null, profile_pic_field=null)
if (note !== null && alias !== note.name)
alias += " (aka. " + note.name + ")";
if (note !== null && user_note_field !== null)
- $("#" + user_note_field).text(alias + " : " + pretty_money(note.balance));
+ $("#" + user_note_field).text(alias + (note.balance == null ? "" : (" : " + pretty_money(note.balance))));
if (profile_pic_field != null)
$("#" + profile_pic_field).attr('src', img);
}
@@ -173,6 +173,13 @@ function autoCompleteNote(field_id, alias_matched_id, note_list_id, notes, notes
aliases.results.forEach(function (alias) {
let note = alias.note;
+ if (typeof note === "number") {
+ note = {
+ id: note,
+ name: alias.name,
+ balance: null
+ };
+ }
aliases_matched_html += li(alias_prefix + "_" + alias.id, alias.name);
note.alias = alias;
notes.push(note);
diff --git a/static/js/consos.js b/static/js/consos.js
index 5f7a314a..1cf24e07 100644
--- a/static/js/consos.js
+++ b/static/js/consos.js
@@ -154,7 +154,8 @@ function reset() {
$("#note_list").html("");
$("#alias_matched").html("");
$("#consos_list").html("");
- displayNote(null, "");
+ $("#user_note").text("");
+ $("#profile_pic").attr("src", "/media/pic/default.png");
refreshHistory();
refreshBalance();
}
diff --git a/static/js/transfer.js b/static/js/transfer.js
index a0c2d88a..c615f932 100644
--- a/static/js/transfer.js
+++ b/static/js/transfer.js
@@ -21,6 +21,8 @@ function reset() {
$("#last_name").val("");
$("#first_name").val("");
$("#bank").val("");
+ $("#user_note").val("");
+ $("#profile_pic").attr("src", "/media/pic/default.png");
refreshBalance();
refreshHistory();
}
@@ -30,16 +32,18 @@ $(document).ready(function() {
"source_alias", "source_note", "user_note", "profile_pic");
autoCompleteNote("dest_note", "dest_alias_matched", "dest_note_list", dests, dests_notes_display,
"dest_alias", "dest_note", "user_note", "profile_pic", function() {
- let last = dests_notes_display[dests_notes_display.length - 1];
- dests_notes_display.length = 0;
- dests_notes_display.push(last);
+ if ($("#type_credit").is(":checked") || $("#type_debit").is(":checked")) {
+ let last = dests_notes_display[dests_notes_display.length - 1];
+ dests_notes_display.length = 0;
+ dests_notes_display.push(last);
- last.quantity = 1;
+ last.quantity = 1;
- $.getJSON("/api/user/" + last.note.user + "/", function(user) {
- $("#last_name").val(user.last_name);
- $("#first_name").val(user.first_name);
- });
+ $.getJSON("/api/user/" + last.note.user + "/", function(user) {
+ $("#last_name").val(user.last_name);
+ $("#first_name").val(user.first_name);
+ });
+ }
return true;
});
--
GitLab