Merge branch 'Kerl/permissions' into 'master'
Meilleure gestion des permissions Il n'est plus possible de modifier l'attribut `is_superuser` dans l'interface admin. les membres du burô ne doivent plus être super- utilisateurs en prévision de l'arrivée de l'appli K-Fêt. Pour donner les permissions adéquates au burô, il faut créer un groupe COF avec tous les droits sur les applis `gestioncof` et `bda` ainsi que les droits sur les d'utilisateurs et ajouter les membres du burô à ce groupe. Fix #62 See merge request !75
This commit is contained in:
commit
0398a98dbb
2 changed files with 39 additions and 3 deletions
|
@ -6,16 +6,18 @@ from __future__ import unicode_literals
|
|||
|
||||
from django import forms
|
||||
from django.contrib import admin
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from gestioncof.models import SurveyQuestionAnswer, SurveyQuestion, \
|
||||
CofProfile, EventOption, EventOptionChoice, Event, Club, CustomMail, \
|
||||
Survey, EventCommentField, EventRegistration
|
||||
from gestioncof.petits_cours_models import PetitCoursDemande, \
|
||||
PetitCoursSubject, PetitCoursAbility, PetitCoursAttribution, \
|
||||
PetitCoursAttributionCounter
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.contrib.auth.admin import UserAdmin
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.db.models import Q
|
||||
import django.utils.six as six
|
||||
|
||||
import autocomplete_light
|
||||
|
@ -163,6 +165,7 @@ class UserProfileAdmin(UserAdmin):
|
|||
return False
|
||||
is_cof.short_description = 'Membre du COF'
|
||||
is_cof.boolean = True
|
||||
|
||||
list_display = ('profile_num',) + UserAdmin.list_display \
|
||||
+ ('profile_login_clipper', 'profile_phone', 'profile_occupation',
|
||||
'profile_mailing_cof', 'profile_mailing_bda',
|
||||
|
@ -176,6 +179,40 @@ class UserProfileAdmin(UserAdmin):
|
|||
CofProfileInline,
|
||||
]
|
||||
|
||||
staff_fieldsets = [
|
||||
(None, {'fields': ['username', 'password']}),
|
||||
(_('Personal info'), {'fields': ['first_name', 'last_name', 'email']}),
|
||||
]
|
||||
|
||||
def get_fieldsets(self, request, user=None):
|
||||
if not request.user.is_superuser:
|
||||
return self.staff_fieldsets
|
||||
return super(UserProfileAdmin, self).get_fieldsets(request, user)
|
||||
|
||||
def save_model(self, request, user, form, change):
|
||||
cof_group, created = Group.objects.get_or_create(name='COF')
|
||||
if created:
|
||||
# Si le groupe COF n'était pas déjà dans la bdd
|
||||
# On lui assigne les bonnes permissions
|
||||
perms = Permission.objects.filter(
|
||||
Q(content_type__app_label='gestioncof')
|
||||
| Q(content_type__app_label='bda')
|
||||
| (Q(content_type__app_label='auth')
|
||||
& Q(content_type__model='user')))
|
||||
cof_group.permissions = perms
|
||||
# On y associe les membres du Burô
|
||||
cof_group.user_set = User.objects.filter(profile__is_buro=True)
|
||||
# Sauvegarde
|
||||
cof_group.save()
|
||||
# le Burô est staff et appartient au groupe COF
|
||||
if user.profile.is_buro:
|
||||
user.is_staff = True
|
||||
user.groups.add(cof_group)
|
||||
else:
|
||||
user.is_staff = False
|
||||
user.groups.remove(cof_group)
|
||||
user.save()
|
||||
|
||||
|
||||
# FIXME: This is absolutely horrible.
|
||||
def user_unicode(self):
|
||||
|
|
|
@ -58,8 +58,7 @@ class COFCASBackend(CASBackend):
|
|||
if not user.email:
|
||||
user.email = settings.CAS_EMAIL_FORMAT % profile.login_clipper
|
||||
user.save()
|
||||
if profile.is_buro and not user.is_superuser:
|
||||
user.is_superuser = True
|
||||
if profile.is_buro and not user.is_staff:
|
||||
user.is_staff = True
|
||||
user.save()
|
||||
return user
|
||||
|
|
Loading…
Reference in a new issue