Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
mediatek
Base de données Mediatek
Commits
7fc044b6
Commit
7fc044b6
authored
Jul 16, 2017
by
Med
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Permet l'édition des clefs depuis le campus sans auth
parent
6b7b20d2
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
156 additions
and
21 deletions
+156
-21
users/decorators.py
users/decorators.py
+53
-0
users/forms.py
users/forms.py
+10
-1
users/models.py
users/models.py
+1
-1
users/templates/users/aff_clef.html
users/templates/users/aff_clef.html
+1
-1
users/templates/users/del_right.html
users/templates/users/del_right.html
+58
-0
users/views.py
users/views.py
+33
-18
No files found.
users/decorators.py
0 → 100644
View file @
7fc044b6
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017 Gabriel Détraz
# Copyright © 2017 Goulven Kermarec
# Copyright © 2017 Augustin Lemesle
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# App de gestion des users pour med
# Goulven Kermarec, Gabriel Détraz, Lemesle Augustin
# Gplv2
from
django.core.exceptions
import
PermissionDenied
from
med.settings
import
AUTHORIZED_IP_RANGE
,
AUTHORIZED_IP6_RANGE
import
ipaddress
def
user_is_in_campus
(
function
):
def
wrap
(
request
,
*
args
,
**
kwargs
):
if
not
request
.
user
.
is_authenticated
:
remote_ip
=
get_ip
(
request
)
if
not
ipaddress
.
ip_address
(
remote_ip
)
in
ipaddress
.
ip_network
(
AUTHORIZED_IP_RANGE
)
and
not
ipaddress
.
ip_address
(
remote_ip
)
in
ipaddress
.
ip_network
(
AUTHORIZED_IP6_RANGE
):
raise
PermissionDenied
return
function
(
request
,
*
args
,
**
kwargs
)
wrap
.
__doc__
=
function
.
__doc__
wrap
.
__name__
=
function
.
__name__
return
wrap
def
get_ip
(
request
):
"""Returns the IP of the request, accounting for the possibility of being
behind a proxy.
"""
ip
=
request
.
META
.
get
(
"HTTP_X_FORWARDED_FOR"
,
None
)
if
ip
:
# X_FORWARDED_FOR returns client1, proxy1, proxy2,...
ip
=
ip
.
split
(
", "
)[
0
]
else
:
ip
=
request
.
META
.
get
(
"REMOTE_ADDR"
,
""
)
return
ip
users/forms.py
View file @
7fc044b6
...
...
@@ -145,6 +145,12 @@ class ClefForm(ModelForm):
model
=
Clef
fields
=
'__all__'
class
BaseClefForm
(
ClefForm
):
class
Meta
(
ClefForm
.
Meta
):
fields
=
[
'commentaire'
,
]
class
AdhesionForm
(
ModelForm
):
adherent
=
forms
.
ModelMultipleChoiceField
(
User
.
objects
.
all
(),
widget
=
forms
.
CheckboxSelectMultiple
,
required
=
False
)
...
...
@@ -164,8 +170,11 @@ class RightForm(ModelForm):
class
DelRightForm
(
Form
):
rights
=
forms
.
ModelMultipleChoiceField
(
queryset
=
Right
.
objects
.
all
(),
label
=
"Droits actuels"
,
widget
=
forms
.
CheckboxSelectMultiple
)
rights
=
forms
.
ModelMultipleChoiceField
(
queryset
=
Right
.
objects
.
all
(),
widget
=
forms
.
CheckboxSelectMultiple
)
def
__init__
(
self
,
right
,
*
args
,
**
kwargs
):
super
(
DelRightForm
,
self
).
__init__
(
*
args
,
**
kwargs
)
self
.
fields
[
'rights'
].
queryset
=
Right
.
objects
.
filter
(
right
=
right
)
class
ListRightForm
(
ModelForm
):
class
Meta
:
...
...
users/models.py
View file @
7fc044b6
...
...
@@ -199,7 +199,7 @@ class Right(models.Model):
unique_together
=
(
"user"
,
"right"
)
def
__str__
(
self
):
return
str
(
self
.
user
)
+
" - "
+
str
(
self
.
right
)
return
str
(
self
.
user
)
class
ListRight
(
models
.
Model
):
PRETTY_NAME
=
"Liste des droits existants"
...
...
users/templates/users/aff_clef.html
View file @
7fc044b6
...
...
@@ -37,8 +37,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<td>
{{ clef.proprio }}
</td>
<td>
{{ clef.commentaire }}
</td>
<td
class=
"text-right"
>
{% if is_bureau %}
{% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %}
{% if is_bureau %}
{% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %}
{% endif %}
{% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %}
...
...
users/templates/users/del_right.html
0 → 100644
View file @
7fc044b6
{% extends "users/sidebar.html" %}
{% comment %}
Re2o est un logiciel d'administration développé initiallement au rezometz. Il
se veut agnostique au réseau considéré, de manière à être installable en
quelques clics.
Copyright © 2017 Gabriel Détraz
Copyright © 2017 Goulven Kermarec
Copyright © 2017 Augustin Lemesle
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
{% endcomment %}
{% load bootstrap3 %}
{% block title %}Création et modification d'utilisateur{% endblock %}
{% block content %}
<h1>
Gestion des droits
</h1>
<form
class=
"form"
method=
"post"
>
{% csrf_token %}
<table
class=
"table table-striped"
>
<thead>
<tr>
{% for key, values in userform.items %}
<th>
{{ key }}
</th>
{% endfor %}
</tr>
</thead>
<tr>
{% for key, values in userform.items %}
{% bootstrap_form_errors values %}
<th>
{{ values.rights }}
</th>
{% endfor %}
</tr>
</table>
{% bootstrap_button "Modifier" button_type="submit" icon="star" %}
</form>
<br
/>
<br
/>
<br
/>
{% endblock %}
users/views.py
View file @
7fc044b6
...
...
@@ -40,9 +40,10 @@ from django.db import transaction
from
reversion.models
import
Version
from
reversion
import
revisions
as
reversion
from
users.forms
import
DelListRightForm
,
NewListRightForm
,
ListRightForm
,
RightForm
,
DelRightForm
from
users.forms
import
InfoForm
,
BaseInfoForm
,
StateForm
,
ClefForm
,
AdhesionForm
from
users.forms
import
InfoForm
,
BaseInfoForm
,
StateForm
,
ClefForm
,
BaseClefForm
,
AdhesionForm
from
users.models
import
User
,
Request
,
ListRight
,
Right
,
Clef
,
Adhesion
from
users.forms
import
PassForm
,
ResetPasswordForm
from
users.decorators
import
user_is_in_campus
from
media.models
import
Emprunt
from
med.settings
import
REQ_EXPIRE_STR
,
EMAIL_FROM
,
ASSO_NAME
,
ASSO_EMAIL
,
SITE_NAME
,
PAGINATION_NUMBER
...
...
@@ -248,16 +249,19 @@ def add_right(request, userid):
@
permission_required
(
'bureau'
)
def
del_right
(
request
):
""" Supprimer un droit à un user, need droit bureau """
user_right_list
=
DelRightForm
(
request
.
POST
or
None
)
if
user_right_list
.
is_valid
():
right_del
=
user_right_list
.
cleaned_data
[
'rights'
]
with
transaction
.
atomic
(),
reversion
.
create_revision
():
reversion
.
set_user
(
request
.
user
)
reversion
.
set_comment
(
"Retrait des droit %s"
%
','
.
join
(
str
(
deleted_right
)
for
deleted_right
in
right_del
))
right_del
.
delete
()
messages
.
success
(
request
,
"Droit retiré avec succès"
)
return
redirect
(
"/users/"
)
return
form
({
'userform'
:
user_right_list
},
'users/user.html'
,
request
)
user_right_list
=
dict
()
for
right
in
ListRight
.
objects
.
all
():
user_right_list
[
right
]
=
DelRightForm
(
right
,
request
.
POST
or
None
)
for
keys
,
right_item
in
user_right_list
.
items
():
if
right_item
.
is_valid
():
right_del
=
right_item
.
cleaned_data
[
'rights'
]
with
transaction
.
atomic
(),
reversion
.
create_revision
():
reversion
.
set_user
(
request
.
user
)
reversion
.
set_comment
(
"Retrait des droit %s"
%
','
.
join
(
str
(
deleted_right
)
for
deleted_right
in
right_del
))
right_del
.
delete
()
messages
.
success
(
request
,
"Droit retiré avec succès"
)
return
redirect
(
"/users/"
)
return
form
({
'userform'
:
user_right_list
},
'users/del_right.html'
,
request
)
@
login_required
@
permission_required
(
'perm'
)
...
...
@@ -279,19 +283,22 @@ def add_clef(request):
return
redirect
(
"/users/index_clef/"
)
return
form
({
'userform'
:
clef
},
'users/user.html'
,
request
)
@
login_required
@
permission_required
(
'bureau'
)
@
user_is_in_campus
def
edit_clef
(
request
,
clefid
):
try
:
clef_instance
=
Clef
.
objects
.
get
(
pk
=
clefid
)
except
Clef
.
DoesNotExist
:
messages
.
error
(
request
,
u
"Entrée inexistante"
)
return
redirect
(
"/users/index_clef/"
)
clef
=
ClefForm
(
request
.
POST
or
None
,
instance
=
clef_instance
)
if
request
.
user
.
has_perms
((
'bureau'
,)):
clef
=
ClefForm
(
request
.
POST
or
None
,
instance
=
clef_instance
)
else
:
clef
=
BaseClefForm
(
request
.
POST
or
None
,
instance
=
clef_instance
)
if
clef
.
is_valid
():
with
transaction
.
atomic
(),
reversion
.
create_revision
():
clef
.
save
()
reversion
.
set_user
(
request
.
user
)
if
request
.
user
.
is_authenticated
:
reversion
.
set_user
(
request
.
user
)
reversion
.
set_comment
(
"Champs modifié(s) : %s"
%
', '
.
join
(
field
for
field
in
clef
.
changed_data
))
messages
.
success
(
request
,
"Clef modifié"
)
return
redirect
(
"/users/index_clef/"
)
...
...
@@ -313,12 +320,11 @@ def del_clef(request, clefid):
return
redirect
(
"/users/index_clef"
)
return
form
({
'objet'
:
clef_instance
,
'objet_name'
:
'clef'
},
'users/delete.html'
,
request
)
@
login_required
@
user_is_in_campus
def
index_clef
(
request
):
clef_list
=
Clef
.
objects
.
all
().
order_by
(
'nom'
)
return
render
(
request
,
'users/index_clef.html'
,
{
'clef_list'
:
clef_list
})
@
login_required
@
permission_required
(
'bureau'
)
def
add_adhesion
(
request
):
...
...
@@ -405,10 +411,19 @@ def index_ajour(request):
users_list
=
paginator
.
page
(
paginator
.
num_pages
)
return
render
(
request
,
'users/index.html'
,
{
'users_list'
:
users_list
})
@
login_required
@
user_is_in_campus
def
history
(
request
,
object
,
id
):
""" Affichage de l'historique : (acl, argument)
user : self, userid"""
if
object
==
'clef'
:
try
:
object_instance
=
Clef
.
objects
.
get
(
pk
=
id
)
except
Clef
.
DoesNotExist
:
messages
.
error
(
request
,
"Utilisateur inexistant"
)
return
redirect
(
"/users/"
)
elif
not
request
.
user
.
is_authenticated
:
messages
.
error
(
request
,
"Permission denied"
)
return
redirect
(
"/users/"
)
if
object
==
'user'
:
try
:
object_instance
=
User
.
objects
.
get
(
pk
=
id
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment