Rajout de la gestion admin

shared/auth/__init__.py

@@ -0,0 +1,3 @@
+from .staticdefs import CONNECTION_METHODS
+
+__all__ = [CONNECTION_METHODS]

shared/auth/forms.py

@@ -82,3 +82,38 @@ class PwdUserForm(forms.ModelForm):
     class Meta:
         model = User
         fields = ["username", "full_name", "email"]
+
+
+class UserAdminForm(forms.Form):
+    """
+    Allows to select an user and give them some admin permissions
+    """
+
+    username = forms.CharField(label=_("Nom d'utilisateur"), max_length=150)
+
+    full_admin = forms.BooleanField(
+        label=_("Passer administrateur de Kadenios"), required=False
+    )
+    faq_admin = forms.BooleanField(
+        label=_("Autoriser à créer des FAQs"), required=False
+    )
+    election_admin = forms.BooleanField(
+        label=_("Autoriser à créer des élections"), required=False
+    )
+
+    def clean(self):
+        cleaned_data = super().clean()
+        username = cleaned_data["username"]
+
+        if not username[:5] in ["cas__", "pwd__"]:
+            self.add_error(
+                "username",
+                _(
+                    "Format de login invalide, seuls les comptes CAS ou avec "
+                    "mot de passe sont modifiables"
+                ),
+            )
+        elif not User.objects.filter(username=username).exists():
+            self.add_error("username", _("Pas d'utilisateur·rice avec ce login"))
+
+        return cleaned_data

shared/auth/staticdefs.py

@@ -0,0 +1,6 @@
+from django.utils.translation import gettext_lazy as _
+
+CONNECTION_METHODS = {
+    "pwd": _("mot de passe"),
+    "cas": _("CAS"),
+}

shared/auth/urls.py

@@ -9,4 +9,9 @@ urlpatterns = [
         name="auth.election",
     ),
     path("pwd-create", views.CreatePwdAccount.as_view(), name="auth.create-account"),
+    path("admin", views.AdminPanelView.as_view(), name="auth.admin"),
+    path(
+        "permissions", views.PermissionManagementView.as_view(), name="auth.permissions"
+    ),
+    path("accounts", views.AccountListView.as_view(), name="auth.accounts"),
 ]

shared/auth/views.py

@@ -1,16 +1,34 @@
-from django.contrib.admin.views.decorators import staff_member_required
 from django.contrib.auth import get_user_model
 from django.contrib.auth import views as auth_views
 from django.contrib.auth.hashers import make_password
-from django.urls import reverse_lazy
-from django.utils.decorators import method_decorator
-from django.views.generic.edit import CreateView
+from django.contrib.auth.mixins import UserPassesTestMixin
+from django.contrib.auth.models import Permission
+from django.contrib.messages.views import SuccessMessageMixin
+from django.urls import reverse, reverse_lazy
+from django.utils.translation import gettext_lazy as _
+from django.views.generic import CreateView, FormView, ListView, TemplateView
 
-from .forms import ElectionAuthForm, PwdUserForm
+from .forms import ElectionAuthForm, PwdUserForm, UserAdminForm
 from .utils import generate_password
 
 User = get_user_model()
 
+
+# #############################################################################
+#  Mixin to restrict access to staff members
+# #############################################################################
+
+
+class StaffMemberMixin(UserPassesTestMixin):
+    """
+    Mixin permettant de restreindre l'accès aux membres `staff`, si la personne
+    n'est pas connectée, renvoie sur la page d'authentification
+    """
+
+    def test_func(self):
+        return self.request.user.is_active and self.request.user.is_staff
+
+
 # #############################################################################
 #  Election Specific Login
 # #############################################################################
@@ -28,13 +46,21 @@ class ElectionLoginView(auth_views.LoginView):
         return super().get_context_data(**kwargs)
 
 
+# #############################################################################
+#  Admin Panel
+# #############################################################################
+
+
+class AdminPanelView(StaffMemberMixin, TemplateView):
+    template_name = "auth/admin-panel.html"
+
+
 # #############################################################################
 #  Creation of Password Accounts
 # #############################################################################
 
 
-@method_decorator(staff_member_required, name="dispatch")
-class CreatePwdAccount(CreateView):
+class CreatePwdAccount(StaffMemberMixin, CreateView):
     model = User
     form_class = PwdUserForm
     template_name = "auth/create-user.html"
@@ -46,3 +72,79 @@ class CreatePwdAccount(CreateView):
 
         # On envoie un mail pour réinitialiser le mot de passe
         return super().form_valid(form)
+
+
+# #############################################################################
+#  List of password and CAS users
+# #############################################################################
+
+
+class AccountListView(StaffMemberMixin, ListView):
+    model = User
+    template_name = "auth/account-list.html"
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+        qs = self.get_queryset()
+
+        ctx["cas_users"] = qs.filter(username__startswith="cas__")
+        ctx["pwd_users"] = qs.filter(username__startswith="pwd__")
+
+        return ctx
+
+
+# #############################################################################
+#  Permission management
+# #############################################################################
+
+
+class PermissionManagementView(StaffMemberMixin, SuccessMessageMixin, FormView):
+    form_class = UserAdminForm
+    template_name = "auth/permission-management.html"
+    success_message = _("Permissions modifiées avec succès !")
+
+    def get_context_data(self, **kwargs):
+        kwargs.update({"username": self.request.GET.get("user", None)})
+        return super().get_context_data(**kwargs)
+
+    def get_initial(self):
+        username = self.request.GET.get("user", None)
+        if username is not None:
+            user = User.objects.filter(username=username).first()
+
+            if user is not None:
+                return {
+                    "username": username,
+                    "full_admin": user.is_staff,
+                    "election_admin": user.has_perm("elections.election_admin"),
+                    "faq_admin": user.has_perm("faqs.faq_admin"),
+                }
+
+        return {}
+
+    def get_success_url(self):
+        return reverse("auth.permissions") + f"?user={self.user}"
+
+    def form_valid(self, form):
+        user = User.objects.get(username=form.cleaned_data["username"])
+        self.user = user.username
+
+        # Kadenios admin
+        user.is_staff = form.cleaned_data["full_admin"]
+
+        # Election admin
+        perm_election = Permission.objects.get(codename="election_admin")
+        if form.cleaned_data["election_admin"]:
+            perm_election.user_set.add(user)
+        else:
+            perm_election.user_set.remove(user)
+
+        # FAQ admin
+        perm_faq = Permission.objects.get(codename="faq_admin")
+        if form.cleaned_data["faq_admin"]:
+            perm_faq.user_set.add(user)
+        else:
+            perm_faq.user_set.remove(user)
+
+        user.save()
+        return super().form_valid(form)