forked from DGNum/gestioCOF
Added kfet history date limit when not accessing own account
This commit is contained in:
Dorian Lesbre
parent
46ef12309a
commit
fbafdb7134
2 changed files with 17 additions and 1 deletions
|
|
@ -5,6 +5,7 @@ Surcharge les settings définis dans common.py
|
|||
"""
|
||||
|
||||
import os
|
||||
from datetime import timedelta
|
||||
|
||||
from .common import * # NOQA
|
||||
from .common import (
|
||||
|
|
@ -202,3 +203,6 @@ MAIL_DATA = {
|
|||
"REPLYTO": "BdA-Revente <bda-revente@ens.fr>",
|
||||
},
|
||||
}
|
||||
|
||||
# Max lookback date into kfet history
|
||||
KFET_HISTORY_DATE_LIMIT = timedelta(weeks=1)
|
||||
|
|
|
|||
|
|
@ -1,11 +1,12 @@
|
|||
import heapq
|
||||
import statistics
|
||||
from collections import defaultdict
|
||||
from datetime import timedelta
|
||||
from datetime import datetime, timedelta
|
||||
from decimal import Decimal
|
||||
from typing import List
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.contrib.auth.mixins import PermissionRequiredMixin
|
||||
|
|
@ -1468,6 +1469,9 @@ def history_json(request):
|
|||
.order_by("at")
|
||||
)
|
||||
|
||||
# limite l'accès à l'historique plus vieux que settings.KFET_HISTORY_DATE_LIMIT
|
||||
limit_date = True
|
||||
|
||||
# Application des filtres
|
||||
if start:
|
||||
opegroups = opegroups.filter(at__gte=start)
|
||||
|
|
@ -1484,9 +1488,17 @@ def history_json(request):
|
|||
transfergroups = TransferGroup.objects.none()
|
||||
if account:
|
||||
opegroups = opegroups.filter(on_acc=account)
|
||||
if account.cofprofile.user.id == request.user.id:
|
||||
limit_date = False # pas de limite de date sur son propre historique
|
||||
# Un non-membre de l'équipe n'a que accès à son historique
|
||||
if not request.user.has_perm("kfet.is_team"):
|
||||
opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet)
|
||||
limit_date = False # pas de limite de date sur son propre historique
|
||||
if limit_date:
|
||||
# limiter l'accès à l'historique ancien pour confidentialité
|
||||
earliest_date = datetime.today() - settings.KFET_HISTORY_DATE_LIMIT
|
||||
opegroups = opegroups.filter(at__gte=earliest_date)
|
||||
transfergroups = transfergroups.filter(at__gte=earliest_date)
|
||||
|
||||
# Construction de la réponse
|
||||
history_groups = []
|
||||
|
|
|
|||
Loading…
Reference in a new issue