Ne montre la liste des participants qu'aux personnes autorisées

elections/models.py

@@ -254,6 +254,9 @@ class User(AbstractUser):
         # Pour les élections restreintes, il faut y être associé
         return election.restricted and (self.election == election)
 
+    def is_admin(self, election):
+        return election.created_by == self or self.is_staff
+
     def get_prefix(self):
         return self.username.split("__")[0]
 

elections/templates/elections/election_voters.html

@@ -3,176 +3,224 @@
 
 
 {% block custom_js %}
-{% if can_delete %}
-<script>
-  _$('.modal-button').forEach(b => {
-    b.addEventListener('click', () => {
-      const f = _$('form', _id(b.dataset.target), false);
-      f.dataset.target = b.dataset.origin;
-      _$('[name="delete"]', f, false).value = 'non';
-    });
-  });
+  {% if can_delete %}
+    <script>
+      _$('.modal-button').forEach(b => {
+        b.addEventListener('click', () => {
+          const f = _$('form', _id(b.dataset.target), false);
+          f.dataset.target = b.dataset.origin;
+          _$('[name="delete"]', f, false).value = 'non';
+        });
+      });
 
-  _$('form').forEach(f => {
-    f.addEventListener('submit', event => {
-      event.preventDefault();
+      _$('form').forEach(f => {
+        f.addEventListener('submit', event => {
+          event.preventDefault();
 
-      if (_$('[name="delete"]', f, false).value == 'oui') {
-        _get(f.action, r => {
-          if (r.success && r.action == 'delete') {
-            {% if election.restricted %}
-            const r = _id(f.dataset.target);
-            _$('.modal-button', r, false).remove();
-            const i = _$('.fas', r, false);
-            i.classList.remove('fa-check');
-            i.classList.add('fa-times');
-            {% else %}
-            _id(f.dataset.target).remove()
-            {% endif %}
+          if (_$('[name="delete"]', f, false).value == 'oui') {
+            _get(f.action, r => {
+              if (r.success && r.action == 'delete') {
+                {% if election.restricted %}
+                  const r = _id(f.dataset.target);
+                  _$('.modal-button', r, false).remove();
+                  const i = _$('.fas', r, false);
+                  i.classList.remove('fa-check');
+                  i.classList.add('fa-times');
+                {% else %}
+                  _id(f.dataset.target).remove()
+                {% endif %}
 
-            // On ferme le modal
+                // On ferme le modal
+                document.documentElement.classList.remove('is-clipped');
+                _id(f.dataset.modal).classList.remove('is-active');
+              }
+
+              if (r.message) {
+                _notif(r.message.content, r.message.class);
+              }
+            });
+          } else {
             document.documentElement.classList.remove('is-clipped');
             _id(f.dataset.modal).classList.remove('is-active');
           }
-
-          if (r.message) {
-            _notif(r.message.content, r.message.class);
-          }
         });
-      } else {
-        document.documentElement.classList.remove('is-clipped');
-        _id(f.dataset.modal).classList.remove('is-active');
-      }
-    });
-  });
+      });
 
-</script>
-{% endif %}
+    </script>
+  {% endif %}
 {% endblock %}
 
 
 {% block content %}
 
-<div class="level is-mobile">
-  {# Titre de l'élection #}
-  <div class="level-left is-flex-shrink-1 mr-3">
-    <h1 class="title">{{ election.name }}</h1>
-  </div>
+  <div class="level is-mobile">
+    {# Titre de l'élection #}
+    <div class="level-left is-flex-shrink-1 mr-3">
+      <h1 class="title">{{ election.name }}</h1>
+    </div>
 
-  <div class="level-right">
-    <div class="level-item">
-      <a class="button is-primary" href="{% if from_admin %}{% url 'election.admin' election.pk %}{% else %}{% url 'election.view' election.pk %}{% endif %}">
-        <span class="icon">
-          <i class="fas fa-undo-alt"></i>
-        </span>
-        <span>{% trans "Retour" %}</span>
-      </a>
+    <div class="level-right">
+      <div class="level-item">
+        <a class="button is-primary" href="{% if from_admin %}{% url 'election.admin' election.pk %}{% else %}{% url 'election.view' election.pk %}{% endif %}">
+          <span class="icon">
+            <i class="fas fa-undo-alt"></i>
+          </span>
+          <span>{% trans "Retour" %}</span>
+        </a>
+      </div>
     </div>
   </div>
-</div>
 
-<div class="level">
-  <div class="level-left">
-    <h3 class="subtitle">{% trans "Liste des votant·e·s" %} ({{ voters|length }})</h3>
+  <div class="level">
+    <div class="level-left">
+      <h3 class="subtitle">{% trans "Liste des votant·e·s" %} ({{ voters|length }})</h3>
+    </div>
   </div>
-</div>
-<hr>
+  <hr>
 
-{# Précisions sur les modalités de vote #}
-{% if election.vote_restrictions %}
-<div class="message is-warning">
-  <div class="message-body content">{{ election.vote_restrictions|markdown|safe }}</div>
-</div>
-{% endif %}
+  {# Précisions sur les modalités de vote #}
+  {% if election.vote_restrictions %}
+    <div class="message is-warning">
+      <div class="message-body content">{{ election.vote_restrictions|markdown|safe }}</div>
+    </div>
+  {% endif %}
 
-<div class="message is-warning">
-  <div class="message-body">
-    {% if election.restricted %}
-    {% trans "Seules les personnes présentes sur cette liste peuvent voter, vous avez dû recevoir un mail avec vos identifiants de connexion." %}
-    {% else %}
-    {% trans "Pour voter lors de cette élection, vous devez vous connecter à l'aide du CAS élève, d'autres restrictions peuvent s'appliquer et votre vote pourra être supprimé si vous n'avez pas le droit de vote." %}
-    {% endif %}
+  <div class="message is-warning">
+    <div class="message-body">
+      {% if election.restricted %}
+        {% trans "Seules les personnes présentes sur cette liste peuvent voter, vous avez dû recevoir un mail avec vos identifiants de connexion." %}
+      {% else %}
+        {% trans "Pour voter lors de cette élection, vous devez vous connecter à l'aide du CAS élève, d'autres restrictions peuvent s'appliquer et votre vote pourra être supprimé si vous n'avez pas le droit de vote." %}
+      {% endif %}
+    </div>
   </div>
-</div>
 
-<div class="columns is-centered">
-  <div class="column is-narrow">
-    {% if can_delete %}
-    {% include "forms/modal-form.html" with modal_id="delete" form=d_form %}
-    {% endif %}
-
-    <table class="table is-striped is-fullwidth">
-      <thead>
-        <tr>
-          <th>{% trans "Nom" %}</th>
-          <th class="has-text-centered">{% trans "Vote enregistré" %}</th>
-          {% if can_delete %}
-          <th class="has-text-centered">{% trans "Supprimer" %}</th>
-          {% endif %}
-        <tr>
-      </thead>
-
-      <tbody>
-        {% if election.restricted %}
-        {% for v in election.registered_voters.all %}
-        <tr id="v_{{ forloop.counter }}">
-          <td>{{ v.full_name }} ({{ v.base_username }})</td>
-          {% if v in voters %}
-          <td class="has-text-centered">
-            <span class="icon">
-              <i class="fas fa-check"></i>
-            </span>
-          </td>
-          {% if can_delete %}
-          <td class="has-text-centered">
-            {% blocktrans with v_name=v.full_name asvar v_delete %}Supprimer le vote de {{ v_name }}{% endblocktrans %}
-            <a class="tag is-danger modal-button delete-vote" data-target="modal-delete" data-post_url="{% url 'election.delete-vote' election.pk v.pk forloop.counter %}" data-title="{{ v_delete }}" data-origin="v_{{ forloop.counter }}">
-              <span class="icon">
-                <i class="fas fa-user-minus"></i>
-              </span>
-            </a>
-          </td>
-          {% endif %}
-          {% else %}
-          <td class="has-text-centered">
-            <span class="icon">
-              <i class="fas fa-times"></i>
-            </span>
-          </td>
-          {% if can_delete %}
-          <td></td>
-          {% endif %}
-          {% endif %}
-        </tr>
-        {% endfor %}
-
-        {% else %}
-
-        {% for v in voters %}
-        <tr id="v_{{ forloop.counter }}">
-          <td>{{ v.full_name }} ({{ v.base_username }})</td>
-          <td class="has-text-centered">
-            <span class="icon">
-              <i class="fas fa-check"></i>
-            </span>
-          </td>
-          {% if can_delete %}
-          <td class="has-text-centered">
-            {% blocktrans with v_name=v.full_name asvar v_delete %}Supprimer le vote de {{ v_name }}{% endblocktrans %}
-            <a class="tag is-danger modal-button delete-vote" data-target="modal-delete" data-post_url="{% url 'election.delete-vote' election.pk v.pk forloop.counter %}" data-title="{{ v_delete }}" data-origin="v_{{ forloop.counter }}">
-              <span class="icon">
-                <i class="fas fa-user-minus"></i>
-              </span>
-            </a>
-          </td>
-          {% endif %}
-        </tr>
-        {% endfor %}
+  {% if can_vote or is_admin %}
+    <div class="columns is-centered">
+      <div class="column is-narrow">
+        {% if can_delete %}
+          {% include "forms/modal-form.html" with modal_id="delete" form=d_form %}
         {% endif %}
-    </table>
 
-  </div>
-</div>
+        <table class="table is-striped is-fullwidth">
+          <thead>
+            <tr>
+              <th>{% trans "Nom" %}</th>
+              <th class="has-text-centered">{% trans "Vote enregistré" %}</th>
+              {% if can_delete %}
+                <th class="has-text-centered">{% trans "Supprimer" %}</th>
+              {% endif %}
+            </tr>
+          </thead>
+
+          <tbody>
+            {% if election.restricted %}
+              {% for v in election.registered_voters.all %}
+                <tr id="v_{{ forloop.counter }}">
+                  <td>{{ v.full_name }} ({{ v.base_username }})</td>
+                  {% if v in voters %}
+                    <td class="has-text-centered">
+                      <span class="icon">
+                        <i class="fas fa-check"></i>
+                      </span>
+                    </td>
+                    {% if can_delete %}
+                      <td class="has-text-centered">
+                        {% blocktrans with v_name=v.full_name asvar v_delete %}Supprimer le vote de {{ v_name }}{% endblocktrans %}
+                        <a class="tag is-danger modal-button delete-vote" data-target="modal-delete" data-post_url="{% url 'election.delete-vote' election.pk v.pk forloop.counter %}" data-title="{{ v_delete }}" data-origin="v_{{ forloop.counter }}">
+                          <span class="icon">
+                            <i class="fas fa-user-minus"></i>
+                          </span>
+                        </a>
+                      </td>
+                    {% endif %}
+                  {% else %}
+                    <td class="has-text-centered">
+                      <span class="icon">
+                        <i class="fas fa-times"></i>
+                      </span>
+                    </td>
+                    {% if can_delete %}
+                      <td></td>
+                    {% endif %}
+                  {% endif %}
+                </tr>
+              {% endfor %}
+
+            {% else %}
+
+              {% for v in voters %}
+                <tr id="v_{{ forloop.counter }}">
+                  <td>{{ v.full_name }} ({{ v.base_username }})</td>
+                  <td class="has-text-centered">
+                    <span class="icon">
+                      <i class="fas fa-check"></i>
+                    </span>
+                  </td>
+                  {% if can_delete %}
+                    <td class="has-text-centered">
+                      {% blocktrans with v_name=v.full_name asvar v_delete %}Supprimer le vote de {{ v_name }}{% endblocktrans %}
+                      <a class="tag is-danger modal-button delete-vote" data-target="modal-delete" data-post_url="{% url 'election.delete-vote' election.pk v.pk forloop.counter %}" data-title="{{ v_delete }}" data-origin="v_{{ forloop.counter }}">
+                        <span class="icon">
+                          <i class="fas fa-user-minus"></i>
+                        </span>
+                      </a>
+                    </td>
+                  {% endif %}
+                </tr>
+              {% endfor %}
+            {% endif %}
+          </tbody>
+        </table>
+
+      </div>
+    </div>
+
+  {% else %}
+
+    <div class="notification is-danger is-light has-text-centered">
+      <b>{% trans "Pour voir la liste des votant·e·s vous devez être connecté·e." %}</b>
+      {% if election.restricted %}
+        <br>
+        <span class="icon">
+          <i class="fas fa-info-circle"></i>
+        </span>
+        <i>{% trans "La connexion doit s'effectuer via les identifiants reçus par mail." %}</i>
+      {% endif %}
+    </div>
+
+    <div class="columns is-centered">
+      <div class="column is-half">
+        <div class="tile is-ancestor">
+          <div class="tile is-parent">
+            {% if election.restricted %}
+              <a class="tile is-child notification is-primary" href="{% url 'auth.election' election.pk %}?next={% url 'election.voters' election.pk %}">
+                <div class="subtitle has-text-centered mb-2">
+                  <span class="icon-text">
+                    <span class="icon has-text-white">
+                      <i class="fas fa-unlock"></i>
+                    </span>
+                    <span class="ml-3">{% trans "Connexion par identifiants" %}</span>
+                  </span>
+                </div>
+              </a>
+            {% else %}
+              <a class="tile is-child notification is-primary" href="{% url 'authens:login.cas' %}?next={% url 'election.voters' election.pk %}">
+                <div class="subtitle has-text-centered mb-2">
+                  <span class="icon-text">
+                    <span class="icon has-text-white">
+                      <i class="fas fa-school"></i>
+                    </span>
+                    <span class="ml-3">{% trans "Connexion via CAS" %}</span>
+                  </span>
+                </div>
+              </a>
+            {% endif %}
+          </div>
+        </div>
+      </div>
+    </div>
+  {% endif %}
 
 
 {% endblock %}

elections/views.py

@@ -445,6 +445,8 @@ class ElectionVotersView(NotArchivedMixin, DetailView):
         voters = list(election.voters.all())
 
         if user.is_authenticated:
+            context["can_vote"] = user.can_vote(self.request, context["election"])
+            context["is_admin"] = user.is_admin(election)
             can_delete = (
                 election.created_by == user
                 and election.end_date < timezone.now()