Create can_delete and can_view decorators and use them where it's possible

048bcfad · Maël Kervella · root · 876021ae · 048bcfad · 048bcfad
Commit 048bcfad authored Dec 09, 2017 by Maël Kervella Committed by root Jan 06, 2018
5 changed files
--- a/cotisations/views.py
+++ b/cotisations/views.py
@@ -43,7 +43,7 @@ from users.models import User
 from re2o.settings import LOGO_PATH
 from re2o import settings
 from re2o.views import form
-from re2o.utils import SortTable, can_create, can_edit
+from re2o.utils import SortTable, can_create, can_edit, can_delete, can_view
 from preferences.models import OptionalUser, AssoOption, GeneralOption
 from .models import Facture, Article, Vente, Paiement, Banque
 from .forms import (
@@ -284,19 +284,10 @@ def edit_facture(request, facture, factureid):
 @login_required
-@permission_required('cableur')
+@can_delete(Facture)
-def del_facture(request, factureid):
+def del_facture(request, facture, factureid):
    """Suppression d'une facture. Supprime en cascade les ventes
    et cotisations filles"""
-    try:
-        facture = Facture.objects.get(pk=factureid)
-    except Facture.DoesNotExist:
-        messages.error(request, u"Facture inexistante")
-        return redirect(reverse('cotisations:index'))
-    if facture.control or not facture.valid:
-        messages.error(request, "Vous ne pouvez pas editer une facture\
-                controlée ou invalidée par le trésorier")
-        return redirect(reverse('cotisations:index'))
    if request.method == "POST":
        with transaction.atomic(), reversion.create_revision():
            facture.delete()

--- a/machines/models.py
+++ b/machines/models.py
@@ -837,7 +837,7 @@ class Interface(models.Model):
                        d'un autre user que vous sans droit"
        return True, None
-    def can_delete(self, user_resquest, *args, **kwargs):
+    def can_delete(self, user_request, *args, **kwargs):
        if not user_request.has_perms(('cableur',)) and self.machine.user != user_request:
            return False, u"Vous ne pouvez pas éditer une machine d'un autre\
                user que vous sans droit"
@@ -1177,8 +1177,12 @@ class OuverturePortList(models.Model):
        return True, None
    def can_delete(self, user_request, *args, **kwargs):
-        return user_request.has_perms(('bureau',)), u"Vous n'avez pas le droit\
+        if not user_request.has_perms(('bureau',)):
-            de supprimer une ouverture de port"
+            return False, u"Vous n'avez pas le droit de supprimer une ouverture\
+                de port"
+        if self.interface_set.all():
+            return False, u"Cette liste de ports est utilisée"
+        return True, None
    def can_view(self, user_request, *args, **kwargs):
        return user_request.has_perms(('cableur',)), u"Vous n'avez pas le droit\

--- a/machines/views.py
+++ b/machines/views.py
@@ -125,7 +125,9 @@ from re2o.utils import (
    filter_active_interfaces,
    SortTable,
    can_create,
-    can_edit
+    can_edit,
+    can_delete,
+    can_view
 )
 from re2o.views import form
@@ -213,12 +215,12 @@ def generate_ipv4_mbf_param( form, is_type_tt ):
 @login_required
 @can_create(Machine)
-def new_machine(request, userid):
+@can_edit(User)
+def new_machine(request, user, userid):
    """ Fonction de creation d'une machine. Cree l'objet machine, 
    le sous objet interface et l'objet domain à partir de model forms.
    Trop complexe, devrait être simplifié"""
-    user = User.objects.get(pk=userid)
    machine = NewMachineForm(request.POST or None)
    interface = AddInterfaceForm(
        request.POST or None,
@@ -328,10 +330,10 @@ def del_machine(request, machineid):
 @login_required
 @can_create(Interface)
-def new_interface(request, machineid):
+@can_edit(Machine)
+def new_interface(request, machine, machineid):
    """ Ajoute une interface et son domain associé à une machine existante"""
-    machine = Machine.objects.get(pk=machineid)
    interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',)))
    domain_form = DomainForm(request.POST or None)
    if interface_form.is_valid():
@@ -358,20 +360,9 @@ def new_interface(request, machineid):
    return form({'interfaceform': interface_form, 'domainform': domain_form, 'i_mbf_param': i_mbf_param}, 'machines/machine.html', request)
 @login_required
-def del_interface(request, interfaceid):
+@can_delete(Interface)
+def del_interface(request, interface, interfaceid):
    """ Supprime une interface. Domain objet en mode cascade"""
-    try:
-        interface = Interface.objects.get(pk=interfaceid)
-    except Interface.DoesNotExist:
-        messages.error(request, u"Interface inexistante" )
-        return redirect(reverse('machines:index'))
-    if not request.user.has_perms(('cableur',)):
-        if interface.machine.user != request.user:
-            messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit")
-            return redirect(reverse(
-                'users:profil',
-                kwargs={'userid':str(request.user.id)}
-                ))
    if request.method == "POST":
        machine = interface.machine
        with transaction.atomic(), reversion.create_revision():
@@ -751,9 +742,9 @@ def del_srv(request):
 @login_required
 @can_create(Domain)
-def add_alias(request, interfaceid):
+@can_edit(Interface)
+def add_alias(request, interface, interfaceid):
-    interface = Interface.objects.get(pk=interfaceid)
    alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',)))
    if alias.is_valid():
        alias = alias.save(commit=False)
@@ -787,18 +778,8 @@ def edit_alias(request, domain_instance, domainid):
    return form({'aliasform': alias}, 'machines/machine.html', request)
 @login_required
-def del_alias(request, interfaceid):
+@can_edit(Interface)
-    try:
+def del_alias(request, interface, interfaceid):
-        interface = Interface.objects.get(pk=interfaceid)
-    except Interface.DoesNotExist:
-        messages.error(request, u"Interface inexistante" )
-        return redirect(reverse('machines:index'))
-    if not request.user.has_perms(('cableur',)) and interface.machine.user != request.user:
-        messages.error(request, "Vous ne pouvez pas ajouter un alias à une machine d'un autre user que vous sans droit")
-        return redirect(reverse(
-            'users:profil',
-            kwargs={'userid':str(request.user.id)}
-            ))
    alias = DelAliasForm(request.POST or None, interface=interface)
    if alias.is_valid():
        alias_dels = alias.cleaned_data['alias']
@@ -1191,16 +1172,8 @@ def edit_portlist(request, ouvertureportlist_instance, ouvertureportlistid):
    return form({'port_list' : port_list, 'ports' : port_formset}, 'machines/edit_portlist.html', request)
 @login_required
-@permission_required('bureau')
+@can_delete(OuverturePortList)
-def del_portlist(request, ouvertureportlistid):
+def del_portlist(request, port_list_instance, ouvertureportlistid):
-    try:
-        port_list_instance = OuverturePortList.objects.get(pk=ouvertureportlistid)
-    except OuverturePortList.DoesNotExist:
-        messages.error(request, "Liste de ports inexistante")
-        return redirect(reverse('machines:index-portlist'))
-    if port_list_instance.interface_set.all():
-        messages.error(request, "Cette liste de ports est utilisée")
-        return redirect(reverse('machines:index-portlist'))
    port_list_instance.delete()
    messages.success(request, "La liste de ports a été supprimée")
    return redirect(reverse('machines:index-portlist'))

--- a/re2o/utils.py
+++ b/re2o/utils.py
@@ -72,9 +72,9 @@ def can_create(model):
 def can_edit(model):
    """Decorator to check if an user can edit a model.
    It tries to get an instance of the model, using
-    `model.get_instance(*args, **kwargs)` and assumes that the model has a method
+    `model.get_instance(*args, **kwargs)` and assumes that the model has a
-    `can_create(user)` which returns `true` if the user can create this kind
+    method `can_edit(user)` which returns `true` if the user can edit this
-    of models.
+    kind of models.
    """
    def decorator(view):
        def wrapper(request, *args, **kwargs):
@@ -96,6 +96,59 @@ def can_edit(model):
    return decorator
+def can_delete(model):
+    """Decorator to check if an user can delete a model.
+    It tries to get an instance of the model, using
+    `model.get_instance(*args, **kwargs)` and assumes that the model has a
+    method `can_delete(user)` which returns `true` if the user can delete this
+    kind of models.
+    """
+    def decorator(view):
+        def wrapper(request, *args, **kwargs):
+            try:
+                instance = model.get_instance(*args, **kwargs)
+            except model.DoesNotExist:
+                messages.error(request, u"Entrée inexistante")
+                return redirect(reverse('users:profil',
+                    kwargs={'userid':str(request.user.id)}
+                ))
+            can, msg = instance.can_delete(request.user)
+            if not can:
+                messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
+                return redirect(reverse('users:profil',
+                    kwargs={'userid':str(request.user.id)}
+                ))
+            return view(request, instance, *args, **kwargs)
+        return wrapper
+    return decorator
+def can_view(model):
+    """Decorator to check if an user can view a model.
+    It tries to get an instance of the model, using
+    `model.get_instance(*args, **kwargs)` and assumes that the model has a
+    method `can_view(user)` which returns `true` if the user can view this
+    kind of models.
+    """
+    def decorator(view):
+        def wrapper(request, *args, **kwargs):
+            try:
+                instance = model.get_instance(*args, **kwargs)
+            except model.DoesNotExist:
+                messages.error(request, u"Entrée inexistante")
+                return redirect(reverse('users:profil',
+                    kwargs={'userid':str(request.user.id)}
+                ))
+            can, msg = instance.can_view(request.user)
+            if not can:
+                messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
+                return redirect(reverse('users:profil',
+                    kwargs={'userid':str(request.user.id)}
+                ))
+            return view(request, instance, *args, **kwargs)
+        return wrapper
+    return decorator
 def all_adherent(search_time=DT_NOW):
    """ Fonction renvoyant tous les users adherents. Optimisee pour n'est

--- a/users/views.py
+++ b/users/views.py
@@ -92,7 +92,9 @@ from machines.models import Machine
 from preferences.models import OptionalUser, GeneralOption
 from re2o.views import form
-from re2o.utils import all_has_access, SortTable, can_create, can_edit
+from re2o.utils import (
+    all_has_access, SortTable, can_create, can_edit, can_delete, can_view
+)
 def password_change_action(u_form, user, request, req=False):
    """ Fonction qui effectue le changeemnt de mdp bdd"""
@@ -303,14 +305,9 @@ def edit_serviceuser(request, user, userid):
 @login_required
-@permission_required('infra')
+@can_delete(ServiceUser)
-def del_serviceuser(request, userid):
+def del_serviceuser(request, user, userid):
    """Suppression d'un ou plusieurs serviceusers"""
-    try:
-        user = ServiceUser.objects.get(pk=userid)
-    except ServiceUser.DoesNotExist:
-        messages.error(request, u"Utilisateur inexistant")
-        return redirect(reverse('users:index'))
    if request.method == "POST":
        with transaction.atomic(), reversion.create_revision():
            user.delete()