views.py 31.3 KB
Newer Older
lhark's avatar
lhark committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017  Gabriel Détraz
# Copyright © 2017  Goulven Kermarec
# Copyright © 2017  Augustin Lemesle
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

chirac's avatar
chirac committed
23
# App de gestion des users pour re2o
Dalahro's avatar
Dalahro committed
24
# Goulven Kermarec, Gabriel Détraz, Lemesle Augustin
chirac's avatar
chirac committed
25
# Gplv2
26
27
from django.shortcuts import get_object_or_404, render, redirect
from django.template.context_processors import csrf
28
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
29
from django.template import Context, RequestContext, loader
30
from django.contrib import messages
31
from django.contrib.auth.decorators import login_required, permission_required
chirac's avatar
chirac committed
32
from django.db.models import Max, ProtectedError
33
from django.db import IntegrityError
34
from django.core.mail import send_mail
35
from django.utils import timezone
36
from django.core.urlresolvers import reverse
37
from django.db import transaction
38
39
40
41
42
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt

from rest_framework.renderers import JSONRenderer

lhark's avatar
lhark committed
43

root's avatar
root committed
44
from reversion.models import Version
45
from reversion import revisions as reversion
46
47
from users.serializers import MailSerializer
from users.models import User, Right, Ban, Whitelist, School, ListRight, Request, ServiceUser, all_has_access
48
49
from users.forms import DelRightForm, BanForm, WhitelistForm, DelSchoolForm, DelListRightForm, NewListRightForm
from users.forms import EditInfoForm, InfoForm, BaseInfoForm, StateForm, RightForm, SchoolForm, EditServiceUserForm, ServiceUserForm, ListRightForm
root's avatar
root committed
50
from cotisations.models import Facture
chirac's avatar
chirac committed
51
from machines.models import Machine, Interface
52
from users.forms import MassArchiveForm, PassForm, ResetPasswordForm
53
from preferences.models import OptionalUser, AssoOption, GeneralOption
chirac's avatar
chirac committed
54

55
from re2o.login import hashNT
chirac's avatar
chirac committed
56

chirac's avatar
chirac committed
57

chirac's avatar
chirac committed
58
59
60
def form(ctx, template, request):
    c = ctx
    c.update(csrf(request))
61
    return render(request, template, c)
62

63
64
65
66
67
68
69
def password_change_action(u_form, user, request, req=False):
    """ Fonction qui effectue le changeemnt de mdp bdd"""
    if u_form.cleaned_data['passwd1'] != u_form.cleaned_data['passwd2']:
        messages.error(request, "Les 2 mots de passe différent")
        return form({'userform': u_form}, 'users/user.html', request)
    user.set_password(u_form.cleaned_data['passwd1'])
    user.pwd_ntlm = hashNT(u_form.cleaned_data['passwd1'])
70
71
72
    with transaction.atomic(), reversion.create_revision():
        user.save()
        reversion.set_comment("Réinitialisation du mot de passe")
73
74
75
76
77
78
    messages.success(request, "Le mot de passe a changé")
    if req:
        req.delete()
        return redirect("/")
    return redirect("/users/profil/" + str(user.id))

chirac's avatar
chirac committed
79
@login_required
chirac's avatar
chirac committed
80
@permission_required('cableur')
chirac's avatar
chirac committed
81
def new_user(request):
chirac's avatar
chirac committed
82
    """ Vue de création d'un nouvel utilisateur, envoie un mail pour le mot de passe"""
83
84
    user = InfoForm(request.POST or None)
    if user.is_valid():
85
        user = user.save(commit=False)
86
87
88
89
        with transaction.atomic(), reversion.create_revision():
            user.save()
            reversion.set_user(request.user)
            reversion.set_comment("Création")
90
        user.reset_passwd_mail(request)
91
        messages.success(request, "L'utilisateur %s a été crée, un mail pour l'initialisation du mot de passe a été envoyé" % user.pseudo)
92
        return redirect("/users/profil/" + str(user.id))
93
    return form({'userform': user}, 'users/user.html', request)
94

chirac's avatar
chirac committed
95
@login_required
96
def edit_info(request, userid):
chirac's avatar
chirac committed
97
98
    """ Edite un utilisateur à partir de son id, 
    si l'id est différent de request.user, vérifie la possession du droit cableur """
99
100
101
    try:
        user = User.objects.get(pk=userid)
    except User.DoesNotExist:
102
        messages.error(request, "Utilisateur inexistant")
103
        return redirect("/users/")
104
105
106
    if not request.user.has_perms(('cableur',)) and user != request.user:
        messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
        return redirect("/users/profil/" + str(request.user.id))
107
108
109
    if not request.user.has_perms(('cableur',)):
        user = BaseInfoForm(request.POST or None, instance=user)
    else:
110
        user = InfoForm(request.POST or None, instance=user)
111
    if user.is_valid():
112
113
114
115
        with transaction.atomic(), reversion.create_revision():
            user.save()
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in user.changed_data))
116
        messages.success(request, "L'user a bien été modifié")
117
        return redirect("/users/profil/" + userid)
118
    return form({'userform': user}, 'users/user.html', request)
119

chirac's avatar
chirac committed
120
@login_required
chirac's avatar
chirac committed
121
@permission_required('bureau')
122
def state(request, userid):
chirac's avatar
chirac committed
123
    """ Changer l'etat actif/desactivé/archivé d'un user, need droit bureau """
124
125
126
    try:
        user = User.objects.get(pk=userid)
    except User.DoesNotExist:
127
        messages.error(request, "Utilisateur inexistant")
128
        return redirect("/users/")
129
130
    state = StateForm(request.POST or None, instance=user)
    if state.is_valid():
131
        with transaction.atomic(), reversion.create_revision():
132
133
134
135
136
137
            if state.cleaned_data['state'] == User.STATE_ARCHIVE:
                user.archive()
            elif state.cleaned_data['state'] == User.STATE_ACTIVE:
                user.unarchive()
            elif state.cleaned_data['state'] == User.STATE_DISABLED:
                user.state = User.STATE_DISABLED
138
139
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in state.changed_data))
140
            user.save()
141
        messages.success(request, "Etat changé avec succès")
142
        return redirect("/users/profil/" + userid)
143
    return form({'userform': state}, 'users/user.html', request)
144

chirac's avatar
chirac committed
145
@login_required
146
def password(request, userid):
chirac's avatar
chirac committed
147
148
149
    """ Reinitialisation d'un mot de passe à partir de l'userid,
    pour self par défaut, pour tous sans droit si droit cableur,
    pour tous si droit bureau """
150
151
152
    try:
        user = User.objects.get(pk=userid)
    except User.DoesNotExist:
153
        messages.error(request, "Utilisateur inexistant")
154
        return redirect("/users/")
155
156
157
158
    if not request.user.has_perms(('cableur',)) and user != request.user:
        messages.error(request, "Vous ne pouvez pas modifier un autre user que vous sans droit cableur")
        return redirect("/users/profil/" + str(request.user.id))
    if not request.user.has_perms(('bureau',)) and user != request.user and Right.objects.filter(user=user):
159
160
        messages.error(request, "Il faut les droits bureau pour modifier le mot de passe d'un membre actif")
        return redirect("/users/profil/" + str(request.user.id))
161
162
    u_form = PassForm(request.POST or None)
    if u_form.is_valid():
163
        return password_change_action(u_form, user, request)
164
    return form({'userform': u_form}, 'users/user.html', request)
chirac's avatar
chirac committed
165

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
@login_required
@permission_required('infra')
def new_serviceuser(request):
    """ Vue de création d'un nouvel utilisateur service"""
    user = ServiceUserForm(request.POST or None)
    if user.is_valid():
        user_object = user.save(commit=False)
        with transaction.atomic(), reversion.create_revision():
            user_object.set_password(user.cleaned_data['password'])
            user_object.save()
            reversion.set_user(request.user)
            reversion.set_comment("Création")
        messages.success(request, "L'utilisateur %s a été crée" % user_object.pseudo)
        return redirect("/users/index_serviceusers/")
    return form({'userform': user}, 'users/user.html', request)

@login_required
@permission_required('infra')
def edit_serviceuser(request, userid):
    """ Edite un utilisateur à partir de son id, 
    si l'id est différent de request.user, vérifie la possession du droit cableur """
    try:
        user = ServiceUser.objects.get(pk=userid)
    except ServiceUser.DoesNotExist:
        messages.error(request, "Utilisateur inexistant")
        return redirect("/users/")
    user = EditServiceUserForm(request.POST or None, instance=user)
    if user.is_valid():
        user_object = user.save(commit=False)
        with transaction.atomic(), reversion.create_revision():
            if user.cleaned_data['password']:
                user_object.set_password(user.cleaned_data['password'])
            user_object.save()
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in user.changed_data))
        messages.success(request, "L'user a bien été modifié")
        return redirect("/users/index_serviceusers")
    return form({'userform': user}, 'users/user.html', request)

@login_required
@permission_required('infra')
def del_serviceuser(request, userid):
    try:
        user = ServiceUser.objects.get(pk=userid)
    except ServiceUser.DoesNotExist:
        messages.error(request, u"Utilisateur inexistant" )
        return redirect("/users/")
    if request.method == "POST":
        with transaction.atomic(), reversion.create_revision():
            user.delete()
            reversion.set_user(request.user)
        messages.success(request, "L'user a été détruite")
        return redirect("/users/index_serviceusers/")
    return form({'objet': user, 'objet_name': 'serviceuser'}, 'users/delete.html', request)

chirac's avatar
chirac committed
221
@login_required
222
@permission_required('bureau')
223
def add_right(request, userid):
chirac's avatar
chirac committed
224
    """ Ajout d'un droit à un user, need droit bureau """
225
226
227
    try:
        user = User.objects.get(pk=userid)
    except User.DoesNotExist:
228
        messages.error(request, "Utilisateur inexistant")
229
        return redirect("/users/")
lhark's avatar
lhark committed
230
231
    right = RightForm(request.POST or None)
    if right.is_valid():
232
233
234
        right = right.save(commit=False)
        right.user = user
        try:
chirac's avatar
chirac committed
235
236
237
238
            with transaction.atomic(), reversion.create_revision():
                reversion.set_user(request.user)
                reversion.set_comment("Ajout du droit %s" % right.right)
                right.save()
239
240
241
            messages.success(request, "Droit ajouté")
        except IntegrityError:
            pass
242
        return redirect("/users/profil/" + userid)
lhark's avatar
lhark committed
243
244
    return form({'userform': right}, 'users/user.html', request)

chirac's avatar
chirac committed
245
@login_required
246
@permission_required('bureau')
247
def del_right(request):
chirac's avatar
chirac committed
248
    """ Supprimer un droit à un user, need droit bureau """
249
250
251
252
253
254
255
256
257
258
259
260
261
    user_right_list = dict()
    for right in ListRight.objects.all():
        user_right_list[right]= DelRightForm(right, request.POST or None)
    for keys, right_item in user_right_list.items():
        if right_item.is_valid():
            right_del = right_item.cleaned_data['rights']
            with transaction.atomic(), reversion.create_revision():
                reversion.set_user(request.user)
                reversion.set_comment("Retrait des droit %s" % ','.join(str(deleted_right) for deleted_right in right_del))
                right_del.delete()
            messages.success(request, "Droit retiré avec succès")
            return redirect("/users/")
    return form({'userform': user_right_list}, 'users/del_right.html', request)
262

chirac's avatar
chirac committed
263
@login_required
chirac's avatar
chirac committed
264
@permission_required('bofh')
265
def add_ban(request, userid):
chirac's avatar
chirac committed
266
267
    """ Ajouter un banissement, nécessite au moins le droit bofh (a fortiori bureau)
    Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement"""
268
269
270
    try:
        user = User.objects.get(pk=userid)
    except User.DoesNotExist:
271
        messages.error(request, "Utilisateur inexistant")
272
273
274
275
        return redirect("/users/")
    ban_instance = Ban(user=user)
    ban = BanForm(request.POST or None, instance=ban_instance)
    if ban.is_valid():
276
        with transaction.atomic(), reversion.create_revision():
277
            ban_object = ban.save()
278
279
            reversion.set_user(request.user)
            reversion.set_comment("Création")
280
        messages.success(request, "Bannissement ajouté")
281
        return redirect("/users/profil/" + userid)
282
    if user.is_ban:
283
284
285
286
        messages.error(
            request,
            "Attention, cet utilisateur a deja un bannissement actif"
        )
287
288
    return form({'userform': ban}, 'users/user.html', request)

chirac's avatar
chirac committed
289
@login_required
chirac's avatar
chirac committed
290
@permission_required('bofh')
291
def edit_ban(request, banid):
chirac's avatar
chirac committed
292
293
    """ Editer un bannissement, nécessite au moins le droit bofh (a fortiori bureau)
    Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement"""
294
295
    try:
        ban_instance = Ban.objects.get(pk=banid)
chirac's avatar
chirac committed
296
    except Ban.DoesNotExist:
297
        messages.error(request, "Entrée inexistante")
298
299
300
        return redirect("/users/")
    ban = BanForm(request.POST or None, instance=ban_instance)
    if ban.is_valid():
301
302
303
304
        with transaction.atomic(), reversion.create_revision():
            ban.save()
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in ban.changed_data))
305
306
307
308
        messages.success(request, "Bannissement modifié")
        return redirect("/users/")
    return form({'userform': ban}, 'users/user.html', request)

chirac's avatar
chirac committed
309
@login_required
chirac's avatar
chirac committed
310
@permission_required('cableur')
chirac's avatar
chirac committed
311
def add_whitelist(request, userid):
chirac's avatar
chirac committed
312
313
    """ Accorder un accès gracieux, temporaire ou permanent. Need droit cableur
    Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement, raison obligatoire"""
chirac's avatar
chirac committed
314
315
316
    try:
        user = User.objects.get(pk=userid)
    except User.DoesNotExist:
317
        messages.error(request, "Utilisateur inexistant")
chirac's avatar
chirac committed
318
319
320
321
        return redirect("/users/")
    whitelist_instance = Whitelist(user=user)
    whitelist = WhitelistForm(request.POST or None, instance=whitelist_instance)
    if whitelist.is_valid():
322
323
324
325
        with transaction.atomic(), reversion.create_revision():
            whitelist.save()
            reversion.set_user(request.user)
            reversion.set_comment("Création")
chirac's avatar
chirac committed
326
        messages.success(request, "Accès à titre gracieux accordé")
327
        return redirect("/users/profil/" + userid)
328
    if user.is_whitelisted:
329
330
331
332
        messages.error(
            request,
            "Attention, cet utilisateur a deja un accès gracieux actif"
        )
chirac's avatar
chirac committed
333
334
    return form({'userform': whitelist}, 'users/user.html', request)

chirac's avatar
chirac committed
335
@login_required
chirac's avatar
chirac committed
336
@permission_required('cableur')
chirac's avatar
chirac committed
337
def edit_whitelist(request, whitelistid):
chirac's avatar
chirac committed
338
339
    """ Editer un accès gracieux, temporaire ou permanent. Need droit cableur
    Syntaxe : JJ/MM/AAAA , heure optionnelle, prend effet immédiatement, raison obligatoire"""
chirac's avatar
chirac committed
340
341
342
    try:
        whitelist_instance = Whitelist.objects.get(pk=whitelistid)
    except Whitelist.DoesNotExist:
343
        messages.error(request, "Entrée inexistante")
chirac's avatar
chirac committed
344
345
346
        return redirect("/users/")
    whitelist = WhitelistForm(request.POST or None, instance=whitelist_instance)
    if whitelist.is_valid():
347
348
349
350
        with transaction.atomic(), reversion.create_revision():
            whitelist.save()
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in whitelist.changed_data))
chirac's avatar
chirac committed
351
352
353
354
        messages.success(request, "Whitelist modifiée")
        return redirect("/users/")
    return form({'userform': whitelist}, 'users/user.html', request)

chirac's avatar
chirac committed
355
@login_required
chirac's avatar
chirac committed
356
@permission_required('cableur')
chirac's avatar
chirac committed
357
def add_school(request):
chirac's avatar
chirac committed
358
    """ Ajouter un établissement d'enseignement à la base de donnée, need cableur"""
chirac's avatar
chirac committed
359
360
    school = SchoolForm(request.POST or None)
    if school.is_valid():
361
362
363
364
        with transaction.atomic(), reversion.create_revision():
            school.save()
            reversion.set_user(request.user)
            reversion.set_comment("Création")
chirac's avatar
chirac committed
365
        messages.success(request, "L'établissement a été ajouté")
366
        return redirect("/users/index_school/")
367
    return form({'userform': school}, 'users/user.html', request)
chirac's avatar
chirac committed
368

chirac's avatar
chirac committed
369
@login_required
chirac's avatar
chirac committed
370
@permission_required('cableur')
371
def edit_school(request, schoolid):
chirac's avatar
chirac committed
372
    """ Editer un établissement d'enseignement à partir du schoolid dans la base de donnée, need cableur"""
373
374
375
376
377
378
379
    try:
        school_instance = School.objects.get(pk=schoolid)
    except School.DoesNotExist:
        messages.error(request, u"Entrée inexistante" )
        return redirect("/users/")
    school = SchoolForm(request.POST or None, instance=school_instance)
    if school.is_valid():
380
381
382
383
        with transaction.atomic(), reversion.create_revision():
            school.save()
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in school.changed_data))
384
385
386
387
        messages.success(request, "Établissement modifié")
        return redirect("/users/index_school/")
    return form({'userform': school}, 'users/user.html', request)

chirac's avatar
chirac committed
388
@login_required
chirac's avatar
chirac committed
389
@permission_required('cableur')
chirac's avatar
chirac committed
390
def del_school(request):
chirac's avatar
chirac committed
391
392
    """ Supprimer un établissement d'enseignement à la base de donnée, need cableur
    Objet protégé, possible seulement si aucun user n'est affecté à l'établissement """
chirac's avatar
chirac committed
393
394
395
396
397
    school = DelSchoolForm(request.POST or None)
    if school.is_valid():
        school_dels = school.cleaned_data['schools']
        for school_del in school_dels:
            try:
398
399
400
                with transaction.atomic(), reversion.create_revision():
                    school_del.delete()
                    reversion.set_comment("Destruction")
chirac's avatar
chirac committed
401
402
                messages.success(request, "L'établissement a été supprimé")
            except ProtectedError:
403
404
405
                messages.error(
                    request,
                    "L'établissement %s est affecté à au moins un user, \
lhark's avatar
lhark committed
406
                        vous ne pouvez pas le supprimer" % school_del)
407
        return redirect("/users/index_school/")
chirac's avatar
chirac committed
408
409
    return form({'userform': school}, 'users/user.html', request)

410
411
412
@login_required
@permission_required('bureau')
def add_listright(request):
chirac's avatar
chirac committed
413
414
    """ Ajouter un droit/groupe, nécessite droit bureau.
    Obligation de fournir un gid pour la synchro ldap, unique """
415
416
417
418
419
420
421
422
423
424
425
426
427
    listright = NewListRightForm(request.POST or None)
    if listright.is_valid():
        with transaction.atomic(), reversion.create_revision():
            listright.save()
            reversion.set_user(request.user)
            reversion.set_comment("Création")
        messages.success(request, "Le droit/groupe a été ajouté")
        return redirect("/users/index_listright/")
    return form({'userform': listright}, 'users/user.html', request)

@login_required
@permission_required('bureau')
def edit_listright(request, listrightid):
chirac's avatar
chirac committed
428
    """ Editer un groupe/droit, necessite droit bureau, à partir du listright id """
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
    try:
        listright_instance = ListRight.objects.get(pk=listrightid)
    except ListRight.DoesNotExist:
        messages.error(request, u"Entrée inexistante" )
        return redirect("/users/")
    listright = ListRightForm(request.POST or None, instance=listright_instance)
    if listright.is_valid():
        with transaction.atomic(), reversion.create_revision():
            listright.save()
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in listright.changed_data))
        messages.success(request, "Droit modifié")
        return redirect("/users/index_listright/")
    return form({'userform': listright}, 'users/user.html', request)

@login_required
@permission_required('bureau')
def del_listright(request):
chirac's avatar
chirac committed
447
    """ Supprimer un ou plusieurs groupe, possible si il est vide, need droit bureau """
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
    listright = DelListRightForm(request.POST or None)
    if listright.is_valid():
        listright_dels = listright.cleaned_data['listrights']
        for listright_del in listright_dels:
            try:
                with transaction.atomic(), reversion.create_revision():
                    listright_del.delete()
                    reversion.set_comment("Destruction")
                messages.success(request, "Le droit/groupe a été supprimé")
            except ProtectedError:
                messages.error(
                    request,
                    "L'établissement %s est affecté à au moins un user, \
                        vous ne pouvez pas le supprimer" % listright_del)
        return redirect("/users/index_listright/")
    return form({'userform': listright}, 'users/user.html', request)

465
466
467
468
469
470
471
472
@login_required
@permission_required('bureau')
def mass_archive(request):
    """ Permet l'archivage massif"""
    to_archive_date = MassArchiveForm(request.POST or None)
    to_archive_list = []
    if to_archive_date.is_valid():
        date = to_archive_date.cleaned_data['date']
Gabriel Detraz's avatar
iTypoS    
Gabriel Detraz committed
473
        to_archive_list = [user for user in User.objects.exclude(state=User.STATE_ARCHIVE) if not user.end_access() or user.end_access() < date]
474
475
476
        if "valider" in request.POST:
            for user in to_archive_list:
                with transaction.atomic(), reversion.create_revision():
477
                    user.archive()
478
                    user.save()
479
                    reversion.set_user(request.user)
480
481
482
483
484
                    reversion.set_comment("Archivage")
            messages.success(request, "%s users ont été archivés" % len(to_archive_list))
            return redirect("/users/")        
    return form({'userform': to_archive_date, 'to_archive_list': to_archive_list}, 'users/mass_archive.html', request)

chirac's avatar
chirac committed
485
@login_required
486
@permission_required('cableur')
chirac's avatar
chirac committed
487
def index(request):
chirac's avatar
chirac committed
488
    """ Affiche l'ensemble des users, need droit cableur """
489
490
    options, created = GeneralOption.objects.get_or_create()
    pagination_number = options.pagination_number
491
    users_list = User.objects.select_related('room').order_by('state', 'name')
492
    paginator = Paginator(users_list, pagination_number)
493
494
495
496
497
498
499
500
501
    page = request.GET.get('page')
    try:
        users_list = paginator.page(page)
    except PageNotAnInteger:
        # If page is not an integer, deliver first page.
        users_list = paginator.page(1)
    except EmptyPage:
        # If page is out of range (e.g. 9999), deliver last page of results.
        users_list = paginator.page(paginator.num_pages)
502
    return render(request, 'users/index.html', {'users_list': users_list})
root's avatar
root committed
503

chirac's avatar
chirac committed
504
@login_required
chirac's avatar
chirac committed
505
@permission_required('cableur')
506
def index_ban(request):
chirac's avatar
chirac committed
507
    """ Affiche l'ensemble des ban, need droit cableur """
508
509
    options, created = GeneralOption.objects.get_or_create()
    pagination_number = options.pagination_number
Gabriel Detraz's avatar
Gabriel Detraz committed
510
    ban_list = Ban.objects.order_by('date_start').select_related('user').reverse()
511
    paginator = Paginator(ban_list, pagination_number)
512
513
514
515
516
517
518
519
520
    page = request.GET.get('page')
    try:
        ban_list = paginator.page(page)
    except PageNotAnInteger:
        # If page isn't an integer, deliver first page
        ban_list = paginator.page(1)
    except EmptyPage:
        # If page is out of range (e.g. 9999), deliver last page of results. 
        ban_list = paginator.page(paginator.num_pages) 
521
    return render(request, 'users/index_ban.html', {'ban_list': ban_list})
522

chirac's avatar
chirac committed
523
@login_required
chirac's avatar
chirac committed
524
@permission_required('cableur')
525
def index_white(request):
chirac's avatar
chirac committed
526
    """ Affiche l'ensemble des whitelist, need droit cableur """
Gabriel Detraz's avatar
Gabriel Detraz committed
527
    white_list = Whitelist.objects.select_related('user').order_by('date_start')
528
529
530
531
532
533
    return render(
        request,
        'users/index_whitelist.html',
        {'white_list': white_list}
    )

chirac's avatar
chirac committed
534
@login_required
chirac's avatar
chirac committed
535
@permission_required('cableur')
536
def index_school(request):
chirac's avatar
chirac committed
537
    """ Affiche l'ensemble des établissement, need droit cableur """
538
539
540
    school_list = School.objects.order_by('name')
    return render(request, 'users/index_schools.html', {'school_list':school_list})

541
542
543
@login_required
@permission_required('cableur')
def index_listright(request):
chirac's avatar
chirac committed
544
    """ Affiche l'ensemble des droits , need droit cableur """
545
546
547
    listright_list = ListRight.objects.order_by('listright')
    return render(request, 'users/index_listright.html', {'listright_list':listright_list})

548
549
550
551
552
553
554
@login_required
@permission_required('cableur')
def index_serviceusers(request):
    """ Affiche les users de services (pour les accès ldap)"""
    serviceusers_list = ServiceUser.objects.order_by('pseudo')
    return render(request, 'users/index_serviceusers.html', {'serviceusers_list':serviceusers_list})

555
556
@login_required
def history(request, object, id):
chirac's avatar
chirac committed
557
558
559
560
561
562
    """ Affichage de l'historique : (acl, argument)
    user : self or cableur, userid,
    ban : self or cableur, banid,
    whitelist : self or cableur, whitelistid,
    school : cableur, schoolid,
    listright : cableur, listrightid """
563
564
565
566
567
568
569
570
571
    if object == 'user':
        try:
             object_instance = User.objects.get(pk=id)
        except User.DoesNotExist:
             messages.error(request, "Utilisateur inexistant")
             return redirect("/users/")
        if not request.user.has_perms(('cableur',)) and object_instance != request.user:
             messages.error(request, "Vous ne pouvez pas afficher l'historique d'un autre user que vous sans droit cableur")
             return redirect("/users/profil/" + str(request.user.id))
572
573
574
575
576
577
    elif object == 'serviceuser' and request.user.has_perms(('cableur',)):
        try:
             object_instance = ServiceUser.objects.get(pk=id)
        except ServiceUser.DoesNotExist:
             messages.error(request, "User service inexistant")
             return redirect("/users/")
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
    elif object == 'ban':
        try:
             object_instance = Ban.objects.get(pk=id)
        except Ban.DoesNotExist:
             messages.error(request, "Bannissement inexistant")
             return redirect("/users/")
        if not request.user.has_perms(('cableur',)) and object_instance.user != request.user:
             messages.error(request, "Vous ne pouvez pas afficher les bans d'un autre user que vous sans droit cableur")
             return redirect("/users/profil/" + str(request.user.id))
    elif object == 'whitelist':
        try:
             object_instance = Whitelist.objects.get(pk=id)
        except Whiltelist.DoesNotExist:
             messages.error(request, "Whitelist inexistant")
             return redirect("/users/")
        if not request.user.has_perms(('cableur',)) and object_instance.user != request.user:
             messages.error(request, "Vous ne pouvez pas afficher les whitelist d'un autre user que vous sans droit cableur")
             return redirect("/users/profil/" + str(request.user.id))
    elif object == 'school' and request.user.has_perms(('cableur',)):
        try:
             object_instance = School.objects.get(pk=id)
        except School.DoesNotExist:
             messages.error(request, "Ecole inexistante")
             return redirect("/users/")
602
603
604
605
606
607
    elif object == 'listright' and request.user.has_perms(('cableur',)):
        try:
             object_instance = ListRight.objects.get(pk=id)
        except ListRight.DoesNotExist:
             messages.error(request, "Droit inexistant")
             return redirect("/users/")
608
609
610
    else:
        messages.error(request, "Objet  inconnu")
        return redirect("/users/")
611
612
    options, created = GeneralOption.objects.get_or_create()
    pagination_number = options.pagination_number
root's avatar
root committed
613
    reversions = Version.objects.get_for_object(object_instance)
614
    paginator = Paginator(reversions, pagination_number)
chirac's avatar
chirac committed
615
616
617
618
619
620
621
622
623
    page = request.GET.get('page')
    try:
        reversions = paginator.page(page)
    except PageNotAnInteger:
        # If page is not an integer, deliver first page.
        reversions = paginator.page(1)
    except EmptyPage:
        # If page is out of range (e.g. 9999), deliver last page of results.
        reversions = paginator.page(paginator.num_pages)
624
625
626
    return render(request, 're2o/history.html', {'reversions': reversions, 'object': object_instance})


627
628
@login_required
def mon_profil(request):
chirac's avatar
chirac committed
629
    """ Lien vers profil, renvoie request.id à la fonction """
630
631
    return redirect("/users/profil/" + str(request.user.id))

chirac's avatar
chirac committed
632
@login_required
633
def profil(request, userid):
chirac's avatar
chirac committed
634
    """ Affiche un profil, self or cableur, prend un userid en argument """
635
636
637
    try:
        users = User.objects.get(pk=userid)
    except User.DoesNotExist:
638
        messages.error(request, "Utilisateur inexistant")
639
        return redirect("/users/")
640
641
642
    if not request.user.has_perms(('cableur',)) and users != request.user:
        messages.error(request, "Vous ne pouvez pas afficher un autre user que vous sans droit cableur")
        return redirect("/users/profil/" + str(request.user.id))
643
    machines = Machine.objects.filter(user__pseudo=users).select_related('user').prefetch_related('interface_set__domain__extension').prefetch_related('interface_set__ipv4__ip_type__extension').prefetch_related('interface_set__type').prefetch_related('interface_set__domain__related_domain__extension')
644
645
646
    factures = Facture.objects.filter(user__pseudo=users)
    bans = Ban.objects.filter(user__pseudo=users)
    whitelists = Whitelist.objects.filter(user__pseudo=users)
647
    list_droits = Right.objects.filter(user=users)
chibrac's avatar
chibrac committed
648
649
    options, created = OptionalUser.objects.get_or_create()
    user_solde = options.user_solde
650
651
652
653
654
    return render(
        request,
        'users/profil.html',
        {
            'user': users,
655
            'machines_list': machines,
656
657
658
            'facture_list': factures,
            'ban_list': bans,
            'white_list': whitelists,
chirac's avatar
chirac committed
659
            'list_droits': list_droits,
chibrac's avatar
chibrac committed
660
            'user_solde': user_solde,
lhark's avatar
lhark committed
661
662
        }
    )
root's avatar
root committed
663

chirac's avatar
chirac committed
664
def reset_password(request):
chirac's avatar
chirac committed
665
    """ Reintialisation du mot de passe si mdp oublié """
chirac's avatar
chirac committed
666
667
668
669
670
671
    userform = ResetPasswordForm(request.POST or None)
    if userform.is_valid():
        try:
            user = User.objects.get(pseudo=userform.cleaned_data['pseudo'],email=userform.cleaned_data['email'])
        except User.DoesNotExist:
            messages.error(request, "Cet utilisateur n'existe pas")
672
673
            return form({'userform': userform}, 'users/user.html', request)
        user.reset_passwd_mail(request)
chirac's avatar
chirac committed
674
675
676
677
        messages.success(request, "Un mail pour l'initialisation du mot de passe a été envoyé")
        redirect("/") 
    return form({'userform': userform}, 'users/user.html', request)

678
679
680
681
682
683
684
685
686
def process(request, token):
    valid_reqs = Request.objects.filter(expires_at__gt=timezone.now())
    req = get_object_or_404(valid_reqs, token=token)

    if req.type == Request.PASSWD:
        return process_passwd(request, req)
    elif req.type == Request.EMAIL:
        return process_email(request, req=req)
    else:
chirac's avatar
chirac committed
687
688
        messages.error(request, "Entrée incorrecte, contactez un admin")
        redirect("/")
689
690
691
692
693
694
695

def process_passwd(request, req):
    u_form = PassForm(request.POST or None)
    user = req.user
    if u_form.is_valid():
        return password_change_action(u_form, user, request, req=req)
    return form({'userform': u_form}, 'users/user.html', request)
696
697
698
699
700
701
702
703
704
705
706
707
""" Framework Rest """

class JSONResponse(HttpResponse):
    def __init__(self, data, **kwargs):
        content = JSONRenderer().render(data)
        kwargs['content_type'] = 'application/json'
        super(JSONResponse, self).__init__(content, **kwargs)

@csrf_exempt
@login_required
@permission_required('serveur')
def mailing(request):
708
    mails = all_has_access().values('email').distinct()
709
710
    seria = MailSerializer(mails, many=True)
    return JSONResponse(seria.data)
711