[intranet] New rights systems

Le droits crans_name appartient au groupe crans_name

[intranet] New rights systems
Le droits crans_name appartient au groupe crans_name
27b58257 · Charlie Jacomme · ba4cc4df · 27b58257
Commit 27b58257 authored Nov 12, 2015 by Charlie Jacomme
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 24 deletions

intranet/login.py intranet/login.py +28 -24

No files found.
--- a/intranet/login.py
+++ b/intranet/login.py
@@ -21,15 +21,38 @@


 import ldap
-from django.contrib.auth.models import Group, User
+from django.contrib.auth.models import Group, User, Permission
 from django.contrib.auth.backends import ModelBackend
 from django.views.decorators.debug import sensitive_variables
+from django.contrib.contenttypes.models import ContentType

 # Pour se connecter à la base ldap
 import lc_ldap.shortcuts

 from intranet import conn_pool, settings

+GROUPES_SPECIAUX = { # Dictionnaire de groupe spéciaux à attribuer selon le test correspondant
+"crans_paiement_ok": lambda u: u.paiement_ok(),
+"crans_imprimeur_club": lambda u: u.imprimeur_clubs(),
+"crans_respo_club": lambda u: u.clubs(),
+"crans_adherent": lambda u: 'aid' in u,
+"crans_club": lambda u: 'cid' in u,
+}
+
+
+def get_or_create_cransgroup(name):
+    """ Crée le groupe crans_name avec le droit crans_name.
+    """
+    group, created = Group.objects.get_or_create(name=name)
+    if created:
+        user_type = ContentType.objects.get(app_label="auth", model="user")
+        permission,created = Permission.objects.get_or_create(codename=name,
+                                       name=name,
+                                       content_type=user_type)
+        group.permissions.add(permission)
+        group.save()
+    return group
+
 def refresh_droits(user, cl_user):
    """Rafraîchit les droits de l'utilisateur django `user' depuis
    l'utilisateur LDAP `cl_user'"""
@@ -48,29 +71,10 @@ def refresh_droits(user, cl_user):

    groups = []
    for cl_droit in cl_droits:
-        group, created = Group.objects.get_or_create(name="crans_%s" % cl_droit.lower())
-        group.save()
-        groups.append(group)
-    if cl_user.paiement_ok():
-        group, created = Group.objects.get_or_create(name="crans_paiement_ok")
-        group.save()
-        groups.append(group)
-    if cl_user.imprimeur_clubs():
-        group, created = Group.objects.get_or_create(name="crans_imprimeur_club")
-        group.save()
-        groups.append(group)
-    if cl_user.clubs():
-        group, created = Group.objects.get_or_create(name="crans_respo_club")
-        group.save()
-        groups.append(group)
-    if 'aid' in cl_user:
-        group, created = Group.objects.get_or_create(name="crans_adherent")
-        group.save()
-        groups.append(group)
-    if 'aid' in cl_user:
-        group, created = Group.objects.get_or_create(name="crans_club")
-        group.save()
-        groups.append(group)
+        groups.append(get_or_create_cransgroup(name=u"crans_%s" % cl_droit.lower()))
+    for group in GROUPES_SPECIAUX:
+        if GROUPES_SPECIAUX[group](cl_user):
+            groups.append(get_or_create_cransgroup(name=group))

    user.groups = [ group for group in user.groups.all() if not group.name.startswith('crans_') ]
    user.groups.add(*groups)