From cd31c5525459b380b2ad0676f84b48a5ac8966a9 Mon Sep 17 00:00:00 2001 From: Qwann Date: Fri, 10 Mar 2017 16:40:36 +0100 Subject: [PATCH] permission working --- kfet/decorators.py | 4 ++++ kfet/models.py | 2 +- kfet/static/kfet/js/kfet_open.js | 38 ++++++++++++++++++++++++++------ kfet/views.py | 3 ++- 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/kfet/decorators.py b/kfet/decorators.py index 9af9247f..accfa143 100644 --- a/kfet/decorators.py +++ b/kfet/decorators.py @@ -9,4 +9,8 @@ from django_cas_ng.decorators import user_passes_test def kfet_is_team(user): return user.has_perm('kfet.is_team') +def can_force_close(user): + return user.has_perm('force_close_kfet') + teamkfet_required = user_passes_test(lambda u: kfet_is_team(u)) +force_close_required = user_passes_test(lambda u: can_force_close(u)) diff --git a/kfet/models.py b/kfet/models.py index b95755b7..928b7d88 100644 --- a/kfet/models.py +++ b/kfet/models.py @@ -594,7 +594,7 @@ class GlobalPermissions(models.Model): ('edit_balance_account', "Modifier la balance d'un compte"), ('change_account_password', "Modifier le mot de passe d'une personne de l'équipe"), ('special_add_account', "Créer un compte avec une balance initiale"), - ('can_close_kfet', "Peut fermer manuelement la K-Fêt"), + ('force_close_kfet', "Fermer manuelement la K-Fêt"), ) diff --git a/kfet/static/kfet/js/kfet_open.js b/kfet/static/kfet/js/kfet_open.js index 93374094..8ea0be70 100644 --- a/kfet/static/kfet/js/kfet_open.js +++ b/kfet/static/kfet/js/kfet_open.js @@ -17,13 +17,7 @@ function kfet_open(init_date, init_satus, init_force_close, force_close_url, for var force_close = init_force_close; // EVENT - force_close_button.click(function() { - if (force_close) { - $.get(force_open_url, function(data) {}); - } else { - $.get(force_close_url, function(data) {}); - } - }); + force_close_button.click(forceClose); // INITIALISAITION update_open(); @@ -36,6 +30,36 @@ function kfet_open(init_date, init_satus, init_force_close, force_close_url, for }, 30 * 1000); // 60 * 1000 milsec // FONCTIONS + function forceClose(password = '') { + if (force_close) { + force_url = force_open_url; + } else { + force_url = force_close_url; + } + $.ajax({ + dataType: "html", + url : force_url, + method : "GET", + beforeSend: function ($xhr) { + if (password != '') + $xhr.setRequestHeader("KFetPassword", password); + }, + }) + .done(function() {}) + .fail(function($xhr) { + var data = $xhr.responseJSON; + switch ($xhr.status) { + case 403: + requestAuth({'errors':{}}, forceClose); + break; + case 400: + alert('lol'); + break; + } + lock = 0; + }); + } + function nb_min_diff() { var date_now = new Date(); // On calcule le nb de minutes depuis le dernier diff --git a/kfet/views.py b/kfet/views.py index 4278aa88..af633cd7 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -22,7 +22,7 @@ from django.utils import timezone from django.utils.crypto import get_random_string from django.utils.decorators import method_decorator from gestioncof.models import CofProfile, Clipper -from kfet.decorators import teamkfet_required +from kfet.decorators import teamkfet_required, force_close_required from kfet.models import ( Account, Checkout, Article, Settings, AccountNegative, CheckoutStatement, GenericTeamToken, Supplier, SupplierArticle, Inventory, @@ -126,6 +126,7 @@ class UpdateForceClose(View): @method_decorator(login_required) @method_decorator(teamkfet_required) + @method_decorator(force_close_required) def dispatch(self, *args, **kwargs): return super(UpdateForceClose, self).dispatch(*args, **kwargs)