Commit 72453549 authored by LEVY-FALK Hugo's avatar LEVY-FALK Hugo Committed by root

Décorateur d'accès à une application.

parent 3cff0683
......@@ -69,7 +69,7 @@ def can_create(model):
return decorator
def can_edit(model):
def can_edit(model, *field_list):
"""Decorator to check if an user can edit a model.
It tries to get an instance of the model, using
`model.get_instance(*args, **kwargs)` and assumes that the model has a
......@@ -91,12 +91,20 @@ def can_edit(model):
return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)}
))
for field in field_list:
can_create = getattr(model, 'can_change_' + field)
can, msg = can_create(instance, request.user, *args, **kwargs)
if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)}
))
return view(request, instance, *args, **kwargs)
return wrapper
return decorator
def can_change(model, field_list):
def can_change(model, *field_list):
"""Decorator to check if an user can edit a field of a model.
It assumes that a valid user exists in the request and that the model has a
method can_create(user) which returns true if the user can create this kind
......@@ -106,7 +114,7 @@ def can_change(model, field_list):
def wrapper(request, *args, **kwargs):
for field in field_list:
can_create = getattr(model, 'can_change_' + field)
can, msg = can_create(request.user, *args, **kwargs)
can, msg = can_create(None, request.user, *args, **kwargs)
if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil',
......@@ -209,6 +217,35 @@ def can_view_all(model):
return decorator
APP_VIEWING_RIGHT = {
'cotisations' : 'cableur',
'logs' : 'cableur',
'machines' : 'cableur',
'preferences' : 'cableur',
'search' : 'cableur',
'topologie' : 'cableur',
'users' : 'cableur',
}
def can_view_app(app_name):
"""Decorator to check if an user can view an application.
"""
assert app_name in APP_VIEWING_RIGHT.keys()
def decorator(view):
def wrapper(request, *args, **kwargs):
if request.user.has_perms((APP_VIEWING_RIGHT[app_name],)):
return view(request, *args, **kwargs)
messages.error(
request,
msg or "Vous ne pouvez pas accéder à l'application " + app_name
)
return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)}
))
return wrapper
return decorator
def all_adherent(search_time=DT_NOW):
""" Fonction renvoyant tous les users adherents. Optimisee pour n'est
qu'une seule requete sql
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment