Merge branch 'dodo/kfet-history-limit-exceptions' into 'master'

Dodo/kfet history limit exceptions

See merge request klub-dev-ens/gestioCOF!508
This commit is contained in:
Tom Hubrecht 2022-05-20 12:08:59 +02:00
commit eba36f2712
4 changed files with 68 additions and 15 deletions

View file

@ -29,6 +29,7 @@ adhérents ni des cotisations.
### K-Fêt
- Ajoute une exception à la limite d'historique pour les comptes `LIQ` et `#13`
- Répare le problème des étiquettes LIQ/Comptes K-Fêt inversées dans les stats des articles K-Fêt
## Version 0.11 - 26/10/2021

View file

@ -7,6 +7,8 @@ Surcharge les settings définis dans common.py
import os
from datetime import timedelta
from django.utils import timezone
from .common import * # NOQA
from .common import (
AUTHENTICATION_BACKENDS,
@ -224,3 +226,8 @@ KFET_HISTORY_DATE_LIMIT = timedelta(days=7)
# Limite plus longue pour les chefs/trez
# (qui ont la permission kfet.access_old_history)
KFET_HISTORY_LONG_DATE_LIMIT = timedelta(days=30)
# These accounts don't represent actual people and can be freely accessed
# Identification based on trigrammes
KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES = ["LIQ", "#13"]
KFET_HISTORY_NO_DATE_LIMIT = timezone.datetime(1794, 10, 30) # AKA the distant past

View file

@ -57,12 +57,18 @@ $(document).ready(function() {
});
}
const history_limit = '{{ history_limit }}';
// trigrammes speciaux (LIQ, #13)
// Peuvent être consulté a une date plus vielle que history_limit
const history_no_limit_accounts = [{% for id in history_no_limit_account_ids %}'{{ id }}', {% endfor %}];
const history_no_limit = '{{ history_no_limit }}';
let defaults_datetimepicker = {
timeZone : 'Europe/Paris',
format : 'YYYY-MM-DD HH:mm',
stepping : 5,
locale : 'fr',
minDate : '{{ history_limit }}',
minDate : history_limit,
showTodayButton: true,
widgetPositioning: {
horizontal: "left",
@ -77,11 +83,29 @@ $(document).ready(function() {
defaultDate: moment(),
}));
$("#from_date").on("dp.change", function (e) {
$('#to_date').data("DateTimePicker").minDate(e.date);
$from_date.on("dp.change", function (e) {
$to_date.data("DateTimePicker").minDate(e.date);
});
$("#to_date").on("dp.change", function (e) {
$('#from_date').data("DateTimePicker").maxDate(e.date);
$to_date.on("dp.change", function (e) {
$from_date.data("DateTimePicker").maxDate(e.date);
});
$account.on("change", function (e) {
const selected_id = $account.val();
if (history_no_limit_accounts.includes(selected_id)) {
// it is a special account
// earlier history limit
$from_date.data("DateTimePicker").minDate(history_no_limit);
}
else {
// normal history limit + reset to date for good measure
if ($to_date.val() < history_limit) {
// setting a min date > max_date causes errors
$from_date.data("DateTimePicker").maxDate(history_limit);
$to_date.data("DateTimePicker").minDate(history_limit);
}
$from_date.data("DateTimePicker").minDate(history_limit);
}
});
$("#btn-fetch").on('click', function() {

View file

@ -3,7 +3,7 @@ import statistics
from collections import defaultdict
from datetime import datetime, timedelta
from decimal import Decimal
from typing import List
from typing import List, Tuple
from urllib.parse import urlencode
from django.conf import settings
@ -1429,16 +1429,23 @@ def cancel_operations(request):
return JsonResponse(data)
def get_history_limit(user) -> datetime:
"""returns the earliest date the given user can view history
according to his/her permissions"""
def get_history_limit(user) -> Tuple[datetime, datetime]:
"""returns a tuple of 2 dates
- the earliest date the given user can view history of any account
- the earliest date the given user can view history of special accounts
(LIQ and #13)"""
now = timezone.now()
if user.has_perm("kfet.access_old_history"):
return now - settings.KFET_HISTORY_LONG_DATE_LIMIT
return (
now - settings.KFET_HISTORY_LONG_DATE_LIMIT,
settings.KFET_HISTORY_NO_DATE_LIMIT,
)
if user.has_perm("kfet.is_team"):
return now - settings.KFET_HISTORY_LONG_DATE_LIMIT
limit = now - settings.KFET_HISTORY_DATE_LIMIT
return limit, limit
# should not happen - future earliest date
return now + timedelta(days=1)
future = now + timedelta(days=1)
return future, future
@login_required
@ -1527,7 +1534,12 @@ def history_json(request):
return JsonResponse({}, status=403)
if limit_date:
# limiter l'accès à l'historique ancien pour confidentialité
earliest_date = get_history_limit(request.user)
earliest_date, earliest_date_no_limit = get_history_limit(request.user)
if (
account
and account.trigramme in settings.KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES
):
earliest_date = earliest_date_no_limit
opegroups = opegroups.filter(at__gte=earliest_date)
transfergroups = transfergroups.filter(at__gte=earliest_date)
@ -1619,10 +1631,19 @@ def kpsul_articles_data(request):
@teamkfet_required
def history(request):
history_limit = get_history_limit(request.user)
# These limits are only useful for JS datepickers
# They don't enforce anything and can be bypassed
# Serious checks are done in history_json
history_limit, history_no_limit = get_history_limit(request.user)
history_no_limit_account_ids = Account.objects.filter(
trigramme__in=settings.KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES
).values_list("id", flat=True)
format_date = lambda date: date.strftime("%Y-%m-%d %H:%M")
data = {
"filter_form": FilterHistoryForm(),
"history_limit": history_limit.strftime("%Y-%m-%d %H:%M"),
"history_limit": format_date(history_limit),
"history_no_limit_account_ids": history_no_limit_account_ids,
"history_no_limit": format_date(history_no_limit),
}
return render(request, "kfet/history.html", data)