This commit is contained in:
Ludovic Stephan 2017-01-07 13:28:53 -02:00
parent 1c5c1fe94d
commit 2a20beeb59

View file

@ -1,45 +1,56 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from __future__ import (absolute_import, division,
print_function, unicode_literals)
from builtins import *
from django.shortcuts import render, get_object_or_404, redirect from django.shortcuts import render, get_object_or_404, redirect
from django.core.exceptions import PermissionDenied, ValidationError from django.core.exceptions import PermissionDenied
from django.core.cache import cache from django.core.cache import cache
from django.views.generic import ListView, DetailView from django.views.generic import ListView, DetailView
from django.views.generic.edit import CreateView, UpdateView, DeleteView, FormView from django.views.generic.edit import CreateView, UpdateView
from django.core.urlresolvers import reverse_lazy from django.core.urlresolvers import reverse_lazy
from django.contrib import messages from django.contrib import messages
from django.contrib.messages.views import SuccessMessageMixin from django.contrib.messages.views import SuccessMessageMixin
from django.contrib.auth import authenticate, login from django.contrib.auth import authenticate, login
from django.contrib.auth.decorators import login_required, permission_required from django.contrib.auth.decorators import login_required, permission_required
from django.contrib.auth.models import User, Permission, Group from django.contrib.auth.models import User, Permission, Group
from django.http import HttpResponse, JsonResponse, Http404 from django.http import JsonResponse, Http404
from django.forms import modelformset_factory, formset_factory from django.forms import formset_factory
from django.db import IntegrityError, transaction from django.db import transaction
from django.db.models import F, Sum, Prefetch, Count, Func from django.db.models import F, Sum, Prefetch, Count
from django.db.models.functions import Coalesce from django.db.models.functions import Coalesce
from django.utils import timezone from django.utils import timezone
from django.utils.crypto import get_random_string from django.utils.crypto import get_random_string
from gestioncof.models import CofProfile, Clipper from gestioncof.models import CofProfile, Clipper
from kfet.decorators import teamkfet_required from kfet.decorators import teamkfet_required
from kfet.models import (Account, Checkout, Article, Settings, AccountNegative, from kfet.models import (
Account, Checkout, Article, Settings, AccountNegative,
CheckoutStatement, GenericTeamToken, Supplier, SupplierArticle, Inventory, CheckoutStatement, GenericTeamToken, Supplier, SupplierArticle, Inventory,
InventoryArticle, Order, OrderArticle) InventoryArticle, Order, OrderArticle, Operation, OperationGroup,
from kfet.forms import * TransferGroup, Transfer)
from kfet.forms import (
AccountTriForm, AccountBalanceForm, AccountNoTriForm, UserForm, CofForm,
UserRestrictTeamForm, UserGroupForm, AccountForm, CofRestrictForm,
AccountPwdForm, AccountNegativeForm, UserRestrictForm, AccountRestrictForm,
GroupForm, CheckoutForm, CheckoutRestrictForm, CheckoutStatementCreateForm,
CheckoutStatementUpdateForm, ArticleForm, ArticleRestrictForm,
KPsulOperationGroupForm, KPsulAccountForm, KPsulCheckoutForm,
KPsulOperationFormSet, AddcostForm, FilterHistoryForm, SettingsForm,
TransferFormSet, InventoryArticleForm, OrderArticleForm,
OrderArticleToInventoryForm
)
from collections import defaultdict from collections import defaultdict
from kfet import consumers from kfet import consumers
from datetime import timedelta from datetime import timedelta
from decimal import Decimal
import django_cas_ng import django_cas_ng
import hashlib import hashlib
import heapq import heapq
import statistics import statistics
@login_required @login_required
def home(request): def home(request):
return render(request, "kfet/base.html") return render(request, "kfet/base.html")
@teamkfet_required @teamkfet_required
def login_genericteam(request): def login_genericteam(request):
# Check si besoin de déconnecter l'utilisateur de CAS # Check si besoin de déconnecter l'utilisateur de CAS
@ -345,6 +356,7 @@ def account_read(request, trigramme):
# Account - Update # Account - Update
@login_required @login_required
def account_update(request, trigramme): def account_update(request, trigramme):
account = get_object_or_404(Account, trigramme=trigramme) account = get_object_or_404(Account, trigramme=trigramme)
@ -355,39 +367,43 @@ def account_update(request, trigramme):
raise PermissionDenied raise PermissionDenied
if request.user.has_perm('kfet.is_team'): if request.user.has_perm('kfet.is_team'):
user_form = UserRestrictTeamForm(instance=account.user) user_form = UserRestrictTeamForm(instance=account.user)
group_form = UserGroupForm(instance=account.user) group_form = UserGroupForm(instance=account.user)
account_form = AccountForm(instance=account) account_form = AccountForm(instance=account)
cof_form = CofRestrictForm(instance=account.cofprofile) cof_form = CofRestrictForm(instance=account.cofprofile)
pwd_form = AccountPwdForm() pwd_form = AccountPwdForm()
if account.balance < 0 and not hasattr(account, 'negative'): if account.balance < 0 and not hasattr(account, 'negative'):
AccountNegative.objects.create(account=account, start=timezone.now()) AccountNegative.objects.create(account=account,
start=timezone.now())
account.refresh_from_db() account.refresh_from_db()
if hasattr(account, 'negative'): if hasattr(account, 'negative'):
negative_form = AccountNegativeForm(instance=account.negative) negative_form = AccountNegativeForm(instance=account.negative)
else: else:
negative_form = None negative_form = None
else: else:
user_form = UserRestrictForm(instance=account.user) user_form = UserRestrictForm(instance=account.user)
account_form = AccountRestrictForm(instance=account) account_form = AccountRestrictForm(instance=account)
cof_form = None cof_form = None
group_form = None group_form = None
negative_form = None negative_form = None
pwd_form = None pwd_form = None
if request.method == "POST": if request.method == "POST":
# Update attempt # Update attempt
success = False success = False
missing_perm = True missing_perm = True
if request.user.has_perm('kfet.is_team'): if request.user.has_perm('kfet.is_team'):
account_form = AccountForm(request.POST, instance=account) account_form = AccountForm(request.POST, instance=account)
cof_form = CofRestrictForm(request.POST, instance=account.cofprofile) cof_form = CofRestrictForm(request.POST,
user_form = UserRestrictTeamForm(request.POST, instance=account.user) instance=account.cofprofile)
group_form = UserGroupForm(request.POST, instance=account.user) user_form = UserRestrictTeamForm(request.POST,
pwd_form = AccountPwdForm(request.POST) instance=account.user)
group_form = UserGroupForm(request.POST, instance=account.user)
pwd_form = AccountPwdForm(request.POST)
if hasattr(account, 'negative'): if hasattr(account, 'negative'):
negative_form = AccountNegativeForm(request.POST, instance=account.negative) negative_form = AccountNegativeForm(request.POST,
instance=account.negative)
if (request.user.has_perm('kfet.change_account') if (request.user.has_perm('kfet.change_account')
and account_form.is_valid() and cof_form.is_valid() and account_form.is_valid() and cof_form.is_valid()
@ -399,16 +415,16 @@ def account_update(request, trigramme):
put_cleaned_data_in_dict(data, cof_form) put_cleaned_data_in_dict(data, cof_form)
# Updating # Updating
account_form.save(data = data) account_form.save(data=data)
# Checking perm to update password # Checking perm to update password
if ((request.user.has_perm('kfet.change_account_password') if (request.user.has_perm('kfet.change_account_password')
or request.user = account.user)
and pwd_form.is_valid()): and pwd_form.is_valid()):
pwd = pwd_form.cleaned_data['pwd1'] pwd = pwd_form.cleaned_data['pwd1']
pwd_sha256 = hashlib.sha256(pwd.encode('utf-8')).hexdigest() pwd_sha256 = hashlib.sha256(pwd.encode('utf-8'))\
.hexdigest()
Account.objects.filter(pk=account.pk).update( Account.objects.filter(pk=account.pk).update(
password = pwd_sha256) password=pwd_sha256)
messages.success(request, 'Mot de passe mis à jour') messages.success(request, 'Mot de passe mis à jour')
# Checking perm to manage perms # Checking perm to manage perms
@ -422,21 +438,26 @@ def account_update(request, trigramme):
if account.negative.balance_offset: if account.negative.balance_offset:
balance_offset_old = account.negative.balance_offset balance_offset_old = account.negative.balance_offset
if (hasattr(account, 'negative') if (hasattr(account, 'negative')
and request.user.has_perm('kfet.change_accountnegative') and request.user.has_perm('kfet.change_accountnegative')
and negative_form.is_valid()): and negative_form.is_valid()):
balance_offset_new = negative_form.cleaned_data['balance_offset'] balance_offset_new = \
negative_form.cleaned_data['balance_offset']
if not balance_offset_new: if not balance_offset_new:
balance_offset_new = 0 balance_offset_new = 0
balance_offset_diff = balance_offset_new - balance_offset_old balance_offset_diff = (balance_offset_new
- balance_offset_old)
Account.objects.filter(pk=account.pk).update( Account.objects.filter(pk=account.pk).update(
balance = F('balance') + balance_offset_diff) balance=F('balance') + balance_offset_diff)
negative_form.save() negative_form.save()
if not balance_offset_new and Account.objects.get(pk=account.pk).balance >= 0: if Account.objects.get(pk=account.pk).balance >= 0 \
and not balance_offset_new:
AccountNegative.objects.get(account=account).delete() AccountNegative.objects.get(account=account).delete()
success = True success = True
messages.success(request, messages.success(
'Informations du compte %s mises à jour' % account.trigramme) request,
'Informations du compte %s mises à jour'
% account.trigramme)
if request.user == account.user: if request.user == account.user:
missing_perm = False missing_perm = False
@ -448,23 +469,25 @@ def account_update(request, trigramme):
user_form.save() user_form.save()
account_form.save() account_form.save()
success = True success = True
messages.success(request, 'Vos informations ont été mises à jour') messages.success(request,
'Vos informations ont été mises à jour')
if missing_perm: if missing_perm:
messages.error(request, 'Permission refusée') messages.error(request, 'Permission refusée')
if success: if success:
return redirect('kfet.account.read', account.trigramme) return redirect('kfet.account.read', account.trigramme)
else: else:
messages.error(request, 'Informations non mises à jour. Corrigez les erreurs') messages.error(
request, 'Informations non mises à jour. Corrigez les erreurs')
return render(request, "kfet/account_update.html", { return render(request, "kfet/account_update.html", {
'account' : account, 'account': account,
'account_form' : account_form, 'account_form': account_form,
'cof_form' : cof_form, 'cof_form': cof_form,
'user_form' : user_form, 'user_form': user_form,
'group_form' : group_form, 'group_form': group_form,
'negative_form': negative_form, 'negative_form': negative_form,
'pwd_form' : pwd_form, 'pwd_form': pwd_form,
}) })
@permission_required('kfet.manage_perms') @permission_required('kfet.manage_perms')