Permet l'édition des clefs depuis le campus sans auth

7fc044b6 · Med · 6b7b20d2 · 7fc044b6 · 7fc044b6 · 7fc044b6
Commit 7fc044b6 authored Jul 16, 2017 by Med
6 changed files
--- a/users/decorators.py
+++ b/users/decorators.py
+# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
+# se veut agnostique au réseau considéré, de manière à être installable en
+# quelques clics.
+#
+# Copyright © 2017  Gabriel Détraz
+# Copyright © 2017  Goulven Kermarec
+# Copyright © 2017  Augustin Lemesle
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# App de gestion des users pour med
+# Goulven Kermarec, Gabriel Détraz, Lemesle Augustin
+# Gplv2
+
+
+from django.core.exceptions import PermissionDenied
+from med.settings import AUTHORIZED_IP_RANGE, AUTHORIZED_IP6_RANGE
+import ipaddress
+
+def user_is_in_campus(function):
+    def wrap(request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            remote_ip = get_ip(request)
+            if not ipaddress.ip_address(remote_ip) in ipaddress.ip_network(AUTHORIZED_IP_RANGE) and not ipaddress.ip_address(remote_ip) in ipaddress.ip_network(AUTHORIZED_IP6_RANGE):
+                raise PermissionDenied
+        return function(request, *args, **kwargs)
+    wrap.__doc__ = function.__doc__
+    wrap.__name__ = function.__name__
+    return wrap
+
+def get_ip(request):
+    """Returns the IP of the request, accounting for the possibility of being
+    behind a proxy.
+    """
+    ip = request.META.get("HTTP_X_FORWARDED_FOR", None)
+    if ip:
+        # X_FORWARDED_FOR returns client1, proxy1, proxy2,...
+        ip = ip.split(", ")[0]
+    else:
+        ip = request.META.get("REMOTE_ADDR", "")
+    return ip
--- a/users/forms.py
+++ b/users/forms.py
@@ -145,6 +145,12 @@ class ClefForm(ModelForm):
        model = Clef
        fields = '__all__'

+class BaseClefForm(ClefForm):
+    class Meta(ClefForm.Meta):
+         fields = [
+            'commentaire',
+        ]
+
 class AdhesionForm(ModelForm):
    adherent = forms.ModelMultipleChoiceField(User.objects.all(), widget=forms.CheckboxSelectMultiple, required=False)

@@ -164,8 +170,11 @@ class RightForm(ModelForm):


 class DelRightForm(Form):
-    rights = forms.ModelMultipleChoiceField(queryset=Right.objects.all(), label="Droits actuels",  widget=forms.CheckboxSelectMultiple)
+    rights = forms.ModelMultipleChoiceField(queryset=Right.objects.all(),  widget=forms.CheckboxSelectMultiple)

+    def __init__(self, right, *args, **kwargs):
+        super(DelRightForm, self).__init__(*args, **kwargs)
+        self.fields['rights'].queryset = Right.objects.filter(right=right)

 class ListRightForm(ModelForm):
    class Meta:

--- a/users/models.py
+++ b/users/models.py
@@ -199,7 +199,7 @@ class Right(models.Model):
        unique_together = ("user", "right")
 
    def __str__(self):
-        return str(self.user) + " - " + str(self.right)
+        return str(self.user)

 class ListRight(models.Model):
    PRETTY_NAME = "Liste des droits existants"

--- a/users/templates/users/aff_clef.html
+++ b/users/templates/users/aff_clef.html
@@ -37,8 +37,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 	    <td>{{ clef.proprio }}</td>
 	    <td>{{ clef.commentaire }}</td>
            <td class="text-right">
-                {% if is_bureau %}
                {% include 'buttons/edit.html' with href='users:edit-clef' id=clef.id %}
+                {% if is_bureau %}
                {% include 'buttons/suppr.html' with href='users:del-clef' id=clef.id %}
                {% endif %}
                {% include 'buttons/history.html' with href='users:history' name='clef' id=clef.id %}

--- a/users/templates/users/del_right.html
+++ b/users/templates/users/del_right.html
+{% extends "users/sidebar.html" %}
+{% comment %}
+Re2o est un logiciel d'administration développé initiallement au rezometz. Il
+se veut agnostique au réseau considéré, de manière à être installable en
+quelques clics.
+
+Copyright © 2017  Gabriel Détraz
+Copyright © 2017  Goulven Kermarec
+Copyright © 2017  Augustin Lemesle
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+{% endcomment %}
+
+{% load bootstrap3 %}
+
+{% block title %}Création et modification d'utilisateur{% endblock %}
+
+
+{% block content %}
+
+<h1>Gestion des droits</h1>
+
+<form class="form" method="post">
+    {% csrf_token %}
+    <table class="table table-striped">
+        <thead>
+            <tr>
+                {% for key, values in userform.items %}
+                <th>{{ key }}</th>
+                {% endfor %}
+            </tr>
+        </thead>
+            <tr>
+            {% for key, values in userform.items %}
+            {% bootstrap_form_errors values %}
+            <th>{{ values.rights }}</th>
+            {% endfor %}
+            </tr>
+    </table>
+    {% bootstrap_button "Modifier" button_type="submit" icon="star" %}
+</form>
+
+  <br />
+  <br />
+  <br />
+{% endblock %}
--- a/users/views.py
+++ b/users/views.py
@@ -40,9 +40,10 @@ from django.db import transaction
 from reversion.models import Version
 from reversion import revisions as reversion
 from users.forms import DelListRightForm, NewListRightForm, ListRightForm, RightForm, DelRightForm
-from users.forms import InfoForm, BaseInfoForm, StateForm, ClefForm, AdhesionForm 
+from users.forms import InfoForm, BaseInfoForm, StateForm, ClefForm, BaseClefForm, AdhesionForm 
 from users.models import User, Request, ListRight, Right, Clef, Adhesion
 from users.forms import PassForm, ResetPasswordForm
+from users.decorators import user_is_in_campus
 from media.models import Emprunt

 from med.settings import REQ_EXPIRE_STR, EMAIL_FROM, ASSO_NAME, ASSO_EMAIL, SITE_NAME, PAGINATION_NUMBER
@@ -248,16 +249,19 @@ def add_right(request, userid):
 @permission_required('bureau')
 def del_right(request):
    """ Supprimer un droit à un user, need droit bureau """
-    user_right_list = DelRightForm(request.POST or None)
-    if user_right_list.is_valid():
-        right_del = user_right_list.cleaned_data['rights']
-        with transaction.atomic(), reversion.create_revision():
-            reversion.set_user(request.user)
-            reversion.set_comment("Retrait des droit %s" % ','.join(str(deleted_right) for deleted_right in right_del))
-            right_del.delete()
-        messages.success(request, "Droit retiré avec succès")
-        return redirect("/users/")
-    return form({'userform': user_right_list}, 'users/user.html', request)
+    user_right_list = dict()
+    for right in ListRight.objects.all():
+        user_right_list[right]= DelRightForm(right, request.POST or None)
+    for keys, right_item in user_right_list.items():
+        if right_item.is_valid():
+            right_del = right_item.cleaned_data['rights']
+            with transaction.atomic(), reversion.create_revision():
+                reversion.set_user(request.user)
+                reversion.set_comment("Retrait des droit %s" % ','.join(str(deleted_right) for deleted_right in right_del))
+                right_del.delete()
+            messages.success(request, "Droit retiré avec succès")
+            return redirect("/users/")
+    return form({'userform': user_right_list}, 'users/del_right.html', request)

 @login_required
 @permission_required('perm')
@@ -279,19 +283,22 @@ def add_clef(request):
        return redirect("/users/index_clef/")
    return form({'userform': clef}, 'users/user.html', request)

-@login_required
-@permission_required('bureau')
+@user_is_in_campus
 def edit_clef(request, clefid):
    try:
        clef_instance = Clef.objects.get(pk=clefid)
    except Clef.DoesNotExist:
        messages.error(request, u"Entrée inexistante" )
        return redirect("/users/index_clef/")
-    clef = ClefForm(request.POST or None, instance=clef_instance)
+    if request.user.has_perms(('bureau',)):   
+        clef = ClefForm(request.POST or None, instance=clef_instance)
+    else:
+        clef = BaseClefForm(request.POST or None, instance=clef_instance)
    if clef.is_valid():
        with transaction.atomic(), reversion.create_revision():
            clef.save()
-            reversion.set_user(request.user)
+            if request.user.is_authenticated:
+                reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in clef.changed_data))
        messages.success(request, "Clef modifié")
        return redirect("/users/index_clef/")
@@ -313,12 +320,11 @@ def del_clef(request, clefid):
        return redirect("/users/index_clef")
    return form({'objet': clef_instance, 'objet_name': 'clef'}, 'users/delete.html', request)

-@login_required
+@user_is_in_campus
 def index_clef(request):
    clef_list = Clef.objects.all().order_by('nom')
    return render(request, 'users/index_clef.html', {'clef_list':clef_list})

-
 @login_required
 @permission_required('bureau')
 def add_adhesion(request):
@@ -405,10 +411,19 @@ def index_ajour(request):
        users_list = paginator.page(paginator.num_pages)
    return render(request, 'users/index.html', {'users_list': users_list})

-@login_required
+@user_is_in_campus
 def history(request, object, id):
    """ Affichage de l'historique : (acl, argument)
    user : self, userid"""
+    if object == 'clef':
+        try:
+             object_instance = Clef.objects.get(pk=id)
+        except Clef.DoesNotExist:
+             messages.error(request, "Utilisateur inexistant")
+             return redirect("/users/")
+    elif not request.user.is_authenticated:
+        messages.error(request, "Permission denied")
+        return redirect("/users/")
    if object == 'user':
        try:
             object_instance = User.objects.get(pk=id)