Fix sur les fieldpermissions topologie et machines

916c2e3e · Gabriel Detraz · root · 99c69a5d · 916c2e3e · 916c2e3e
Commit 916c2e3e authored Jan 08, 2018 by Gabriel Detraz Committed by root Jan 08, 2018
7 changed files
--- a/cotisations/models.py
+++ b/cotisations/models.py
@@ -167,9 +167,11 @@ class Facture(FieldPermissionModelMixin, models.Model):
    def can_change_pdf(user_request, *args, **kwargs):
        return user_request.has_perm('cotisations.change_facture_pdf'), "Vous ne pouvez pas éditer une facture sans droit trésorier"
-    field_permissions = {
+    def __init__(self, *args, **kwargs):
-        'control': can_change_control,
+        super(Facture, self).__init__(*args, **kwargs)
-    }
+        self.field_permissions = {
+            'control' : self.can_change_control,
+        }
    def __str__(self):
        return str(self.user) + ' ' + str(self.date)

--- a/machines/forms.py
+++ b/machines/forms.py
@@ -78,14 +78,7 @@ class NewMachineForm(EditMachineForm):
        fields = ['name']
-class BaseEditMachineForm(EditMachineForm):
+class EditInterfaceForm(FieldPermissionFormMixin, ModelForm):
-    """Edition basique, ne permet que de changer le nom et le statut.
-    Réservé aux users sans droits spécifiques"""
-    class Meta(EditMachineForm.Meta):
-        fields = ['name', 'active']
-class EditInterfaceForm(ModelForm):
    """Edition d'une interface. Edition complète"""
    class Meta:
        model = Interface
@@ -93,16 +86,24 @@ class EditInterfaceForm(ModelForm):
    def __init__(self, *args, **kwargs):
        prefix = kwargs.pop('prefix', self.Meta.model.__name__)
+        user = kwargs.get('user')
        super(EditInterfaceForm, self).__init__(*args, prefix=prefix, **kwargs)
        self.fields['mac_address'].label = 'Adresse mac'
        self.fields['type'].label = 'Type de machine'
        self.fields['type'].empty_label = "Séléctionner un type de machine"
        if "ipv4" in self.fields:
-            self.fields['ipv4'].empty_label = "Assignation automatique\
+            self.fields['ipv4'].empty_label = "Assignation automatique de l'ipv4"
-            de l'ipv4"
            self.fields['ipv4'].queryset = IpList.objects.filter(
                interface__isnull=True
            )
+            if not IpType.can_use_all(user):
+                self.fields['ipv4'].queryset = IpList.objects.filter(
+                    interface__isnull=True
+                ).filter(ip_type__in=IpType.objects.filter(need_infra=False))
+            else:
+                self.fields['ipv4'].queryset = IpList.objects.filter(
+                    interface__isnull=True
+                )
            # Add it's own address
            self.fields['ipv4'].queryset |= IpList.objects.filter(
                interface=self.instance
@@ -110,67 +111,18 @@ class EditInterfaceForm(ModelForm):
        if "machine" in self.fields:
            self.fields['machine'].queryset = Machine.objects.all()\
                .select_related('user')
+        if not MachineType.can_use_all(user):
-class AddInterfaceForm(EditInterfaceForm):
-    """Ajout d'une interface à une machine. En fonction des droits,
-    affiche ou non l'ensemble des ip disponibles"""
-    class Meta(EditInterfaceForm.Meta):
-        fields = ['type', 'ipv4', 'mac_address', 'details']
-    def __init__(self, *args, **kwargs):
-        user = kwargs.pop('user')
-        super(AddInterfaceForm, self).__init__(*args, **kwargs)
-        self.fields['ipv4'].empty_label = "Assignation automatique de l'ipv4"
-        if not IpType.can_use_all(user):
            self.fields['type'].queryset = MachineType.objects.filter(
                ip_type__in=IpType.objects.filter(need_infra=False)
            )
-            self.fields['ipv4'].queryset = IpList.objects.filter(
-                interface__isnull=True
-            ).filter(ip_type__in=IpType.objects.filter(need_infra=False))
-        else:
-            self.fields['ipv4'].queryset = IpList.objects.filter(
-                interface__isnull=True
-            )
-class NewInterfaceForm(EditInterfaceForm):
-    """Formulaire light, sans choix de l'ipv4; d'ajout d'une interface"""
-    class Meta(EditInterfaceForm.Meta):
-        fields = ['type', 'mac_address', 'details']
-class BaseEditInterfaceForm(EditInterfaceForm):
+class AddInterfaceForm(EditInterfaceForm):
-    """Edition basique d'une interface. En fonction des droits,
+    """Ajout d'une interface à une machine. En fonction des droits,
-    ajoute ou non l'ensemble des ipv4 disponibles (infra)"""
+    affiche ou non l'ensemble des ip disponibles"""
    class Meta(EditInterfaceForm.Meta):
        fields = ['type', 'ipv4', 'mac_address', 'details']
-    def __init__(self, *args, **kwargs):
-        user = kwargs.pop('user')
-        super(BaseEditInterfaceForm, self).__init__(*args, **kwargs)
-        self.fields['ipv4'].empty_label = "Assignation automatique de l'ipv4"
-        if not MachineType.can_use_all(user):
-            self.fields['type'].queryset = MachineType.objects.filter(
-                ip_type__in=IpType.objects.filter(need_infra=False)
-            )
-        if not IpType.can_use_all(user):
-            self.fields['ipv4'].queryset = IpList.objects.filter(
-                interface__isnull=True
-            ).filter(ip_type__in=IpType.objects.filter(need_infra=False))
-            # Add it's own address
-            self.fields['ipv4'].queryset |= IpList.objects.filter(
-                interface=self.instance
-            )
-        else:
-            self.fields['ipv4'].queryset = IpList.objects.filter(
-                interface__isnull=True
-            )
-            self.fields['ipv4'].queryset |= IpList.objects.filter(
-                interface=self.instance
-            )
 class AliasForm(ModelForm):
    """Ajout d'un alias (et edition), CNAME, contenant nom et extension"""

--- a/machines/migrations/0072_auto_20180108_1822.py
+++ b/machines/migrations/0072_auto_20180108_1822.py
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.7 on 2018-01-08 17:22
+from __future__ import unicode_literals
+from django.db import migrations
+class Migration(migrations.Migration):
+    dependencies = [
+        ('machines', '0071_auto_20171231_2100'),
+    ]
+    operations = [
+        migrations.AlterModelOptions(
+            name='interface',
+            options={'permissions': (('view_interface', 'Peut voir un objet interface'), ('change_interface_machine', "Peut changer le propriétaire d'une interface"))},
+        ),
+    ]
--- a/machines/models.py
+++ b/machines/models.py
@@ -81,8 +81,7 @@ class Machine(FieldPermissionModelMixin, models.Model):
            A tuple with a boolean stating if edition is allowed and an
            explanation message.
        """
-        return user_request.has_perm('machines.change_machine_user'), "Vous ne pouvez pas \
+        return user_request.has_perm('machines.change_machine_user'), "Vous ne pouvez pas modifier l'utilisateur de la machine."
-                modifier l'utilisateur de la machine."
    def can_create(user_request, userid, *args, **kwargs):
        """Vérifie qu'un user qui fait la requète peut bien créer la machine
@@ -150,6 +149,12 @@ class Machine(FieldPermissionModelMixin, models.Model):
                que les vôtres"
        return True, None
+    def __init__(self, *args, **kwargs):
+        super(Machine, self).__init__(*args, **kwargs)
+        self.field_permissions = {
+            'user' : self.can_change_user,
+        }
    def __str__(self):
        return str(self.user) + ' - ' + str(self.id) + ' - ' + str(self.name)
@@ -1147,7 +1152,7 @@ class Srv(models.Model):
            str(self.port) + ' ' + str(self.target) + '.'
-class Interface(models.Model):
+class Interface(FieldPermissionModelMixin,models.Model):
    """ Une interface. Objet clef de l'application machine :
    - une address mac unique. Possibilité de la rendre unique avec le
    typemachine
@@ -1172,6 +1177,7 @@ class Interface(models.Model):
    class Meta:
        permissions = (
            ("view_interface", "Peut voir un objet interface"),
+            ("change_interface_machine", "Peut changer le propriétaire d'une interface"),
        )
    @cached_property
@@ -1283,6 +1289,10 @@ class Interface(models.Model):
                        % max_lambdauser_interfaces
        return True, None
+    @staticmethod
+    def can_change_machine(user_request, *args, **kwargs):
+        return user_request.has_perm('machines.change_interface_machine'), "Droit requis pour changer la machine"
    def can_edit(self, user_request, *args, **kwargs):
        """Verifie que l'user a les bons droits infra pour editer
        cette instance interface, ou qu'elle lui appartient
@@ -1328,6 +1338,12 @@ class Interface(models.Model):
                que les vôtres"
        return True, None
+    def __init__(self, *args, **kwargs):
+        super(Interface, self).__init__(*args, **kwargs)
+        self.field_permissions = {
+            'machine' : self.can_change_machine,
+        }
    def __str__(self):
        try:
            domain = self.domain

--- a/machines/views.py
+++ b/machines/views.py
@@ -69,8 +69,6 @@ from .forms import (
    DelMachineTypeForm,
    ExtensionForm,
    DelExtensionForm,
-    BaseEditInterfaceForm,
-    BaseEditMachineForm
 )
 from .forms import (
    EditIpTypeForm,
@@ -225,7 +223,7 @@ def new_machine(request, user, userid):
    le sous objet interface et l'objet domain à partir de model forms.
    Trop complexe, devrait être simplifié"""
-    machine = NewMachineForm(request.POST or None, user=user)
+    machine = NewMachineForm(request.POST or None, user=request.user)
    interface = AddInterfaceForm(
        request.POST or None,
        user=request.user
@@ -280,7 +278,7 @@ def edit_interface(request, interface_instance, interfaceid):
        instance=interface_instance.machine,
        user=request.user
    )
-    interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface_instance, user=request.user)
+    interface_form = EditInterfaceForm(request.POST or None, instance=interface_instance, user=request.user)
    domain_form = DomainForm(request.POST or None, instance=interface_instance.domain)
    if machine_form.is_valid() and interface_form.is_valid() and domain_form.is_valid():
        new_machine = machine_form.save(commit=False)
@@ -327,7 +325,7 @@ def del_machine(request, machine, machineid):
 def new_interface(request, machine, machineid):
    """ Ajoute une interface et son domain associé à une machine existante"""
-    interface_form = AddInterfaceForm(request.POST or None, user=user)
+    interface_form = AddInterfaceForm(request.POST or None, user=request.user)
    domain_form = DomainForm(request.POST or None)
    if interface_form.is_valid():
        new_interface = interface_form.save(commit=False)

--- a/topologie/views.py
+++ b/topologie/views.py
@@ -456,11 +456,13 @@ def edit_switch(request, switch, switch_id):
    switch_form = EditSwitchForm(request.POST or None, instance=switch)
    machine_form = EditMachineForm(
        request.POST or None,
-        instance=switch.switch_interface.machine
+        instance=switch.switch_interface.machine,
+        user=request.user
        )
    interface_form = EditInterfaceForm(
        request.POST or None,
-        instance=switch.switch_interface
+        instance=switch.switch_interface,
+        user=request.user
        )
    domain_form = DomainForm(
        request.POST or None,

--- a/users/models.py
+++ b/users/models.py
@@ -809,9 +809,11 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
            else:
                return False, u"Vous ne pouvez voir un autre utilisateur que vous même"
-        field_permissions = {
+    def __init__(self, *args, **kwargs):
-            'shell' : can_change_shell,
+        super(User, self).__init__(*args, **kwargs)
-            'force' : can_change_force,
+        self.field_permissions = {
+            'shell' : self.can_change_shell,
+            'force' : self.can_change_force,
        }
    def __str__(self):