Merge branch 'Aufinal/readonly_user' into 'master'

Désactive la modification des comptes COF sur l'interface K-Fêt

See merge request klub-dev-ens/gestioCOF!360

CHANGELOG

@@ -1,3 +1,4 @@
+- On ne peut plus modifier des comptes COF depuis l'interface K-Fêt
 - Le champ de paiement BdA se fait au niveau des attributions
 - On peut supprimer des comptes et des articles K-Fêt
 - Passage à Django2

kfet/forms.py

@@ -119,11 +119,6 @@ class CofForm(forms.ModelForm):
         fields = ["login_clipper", "is_cof", "departement"]
 
 
-class CofRestrictForm(CofForm):
-    class Meta(CofForm.Meta):
-        fields = ["departement"]
-
-
 class UserForm(forms.ModelForm):
     class Meta:
         model = User
@@ -136,9 +131,12 @@ class UserRestrictForm(UserForm):
         fields = ["first_name", "last_name"]
 
 
-class UserRestrictTeamForm(UserForm):
+class UserInfoForm(UserForm):
+    first_name = forms.CharField(label="Prénom", disabled=True)
+    last_name = forms.CharField(label="Nom de famille", disabled=True)
+
     class Meta(UserForm.Meta):
-        fields = ["first_name", "last_name", "email"]
+        fields = ["first_name", "last_name"]
 
 
 class AccountNegativeForm(forms.ModelForm):

kfet/templates/kfet/account_update.html

@@ -30,8 +30,7 @@
 
 <form action="" method="post" class="form-horizontal">
   {% csrf_token %}
-  {% include 'kfet/form_snippet.html' with form=user_form %}
+  {% include 'kfet/form_snippet.html' with form=user_info_form %}
-  {% include 'kfet/form_snippet.html' with form=cof_form %}
   {% include 'kfet/form_snippet.html' with form=account_form %}
   {% include 'kfet/form_snippet.html' with form=group_form %}
   {% include 'kfet/form_snippet.html' with form=pwd_form %}

kfet/tests/test_views.py

@@ -318,7 +318,7 @@ class AccountUpdateViewTests(ViewTestCaseMixin, TestCase):
 
         self.assertInstanceExpected(
             self.accounts["user1"],
-            {"first_name": "The first", "last_name": "The last", "trigramme": "051"},
+            {"first_name": "first", "last_name": "last", "trigramme": "051"},
         )
 
     def test_post_ok_self(self):

kfet/views.py

@@ -43,7 +43,6 @@ from kfet.forms import (
     CheckoutStatementCreateForm,
     CheckoutStatementUpdateForm,
     CofForm,
-    CofRestrictForm,
     FilterHistoryForm,
     InventoryArticleForm,
     KFetConfigForm,
@@ -56,8 +55,8 @@ from kfet.forms import (
     TransferFormSet,
     UserForm,
     UserGroupForm,
+    UserInfoForm,
     UserRestrictForm,
-    UserRestrictTeamForm,
 )
 from kfet.models import (
     Account,
@@ -330,11 +329,11 @@ def account_update(request, trigramme):
     if not request.user.has_perm("kfet.is_team") and request.user != account.user:
         raise PermissionDenied
 
+    user_info_form = UserInfoForm(instance=account.user)
+
     if request.user.has_perm("kfet.is_team"):
-        user_form = UserRestrictTeamForm(instance=account.user)
         group_form = UserGroupForm(instance=account.user)
         account_form = AccountForm(instance=account)
-        cof_form = CofRestrictForm(instance=account.cofprofile)
         pwd_form = AccountPwdForm()
         if account.balance < 0 and not hasattr(account, "negative"):
             AccountNegative.objects.create(account=account, start=timezone.now())
@@ -344,9 +343,7 @@ def account_update(request, trigramme):
         else:
             negative_form = None
     else:
-        user_form = UserRestrictForm(instance=account.user)
         account_form = AccountRestrictForm(instance=account)
-        cof_form = None
         group_form = None
         negative_form = None
         pwd_form = None
@@ -358,8 +355,6 @@ def account_update(request, trigramme):
 
         if request.user.has_perm("kfet.is_team"):
             account_form = AccountForm(request.POST, instance=account)
-            cof_form = CofRestrictForm(request.POST, instance=account.cofprofile)
-            user_form = UserRestrictTeamForm(request.POST, instance=account.user)
             group_form = UserGroupForm(request.POST, instance=account.user)
             pwd_form = AccountPwdForm(request.POST)
             if hasattr(account, "negative"):
@@ -367,20 +362,11 @@ def account_update(request, trigramme):
                     request.POST, instance=account.negative
                 )
 
-            if (
+            if request.user.has_perm("kfet.change_account") and account_form.is_valid():
-                request.user.has_perm("kfet.change_account")
-                and account_form.is_valid()
-                and cof_form.is_valid()
-                and user_form.is_valid()
-            ):
                 missing_perm = False
-                data = {}
-                # Fill data for Account.save()
-                put_cleaned_data_in_dict(data, user_form)
-                put_cleaned_data_in_dict(data, cof_form)
 
                 # Updating
-                account_form.save(data=data)
+                account_form.save()
 
                 # Checking perm to update password
                 if (
@@ -459,10 +445,9 @@ def account_update(request, trigramme):
         request,
         "kfet/account_update.html",
         {
+            "user_info_form": user_info_form,
             "account": account,
             "account_form": account_form,
-            "cof_form": cof_form,
-            "user_form": user_form,
             "group_form": group_form,
             "negative_form": negative_form,
             "pwd_form": pwd_form,