forked from DGNum/gestioCOF
Rework complet de account_update
This commit is contained in:
Ludovic Stephan
parent
aac94afcd0
commit
1450b65dcd
1 changed files with 70 additions and 85 deletions
135
kfet/views.py
135
kfet/views.py
|
|
@ -16,7 +16,12 @@ from django.core.exceptions import SuspiciousOperation
|
||||||
from django.db import transaction
|
from django.db import transaction
|
||||||
from django.db.models import Count, F, Max, OuterRef, Prefetch, Q, Subquery, Sum
|
from django.db.models import Count, F, Max, OuterRef, Prefetch, Q, Subquery, Sum
|
||||||
from django.forms import formset_factory
|
from django.forms import formset_factory
|
||||||
from django.http import Http404, HttpResponseBadRequest, JsonResponse
|
from django.http import (
|
||||||
|
Http404,
|
||||||
|
HttpResponseBadRequest,
|
||||||
|
HttpResponseForbidden,
|
||||||
|
JsonResponse,
|
||||||
|
)
|
||||||
from django.shortcuts import get_object_or_404, redirect, render
|
from django.shortcuts import get_object_or_404, redirect, render
|
||||||
from django.urls import reverse, reverse_lazy
|
from django.urls import reverse, reverse_lazy
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
|
@ -36,7 +41,6 @@ from kfet.forms import (
|
||||||
AccountNegativeForm,
|
AccountNegativeForm,
|
||||||
AccountNoTriForm,
|
AccountNoTriForm,
|
||||||
AccountPwdForm,
|
AccountPwdForm,
|
||||||
AccountRestrictForm,
|
|
||||||
AccountStatForm,
|
AccountStatForm,
|
||||||
AccountTriForm,
|
AccountTriForm,
|
||||||
AddcostForm,
|
AddcostForm,
|
||||||
|
|
@ -332,108 +336,88 @@ def account_read(request, trigramme):
|
||||||
# Account - Update
|
# Account - Update
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@teamkfet_required
|
||||||
@kfet_password_auth
|
@kfet_password_auth
|
||||||
def account_update(request, trigramme):
|
def account_update(request, trigramme):
|
||||||
account = get_object_or_404(Account, trigramme=trigramme)
|
account = get_object_or_404(Account, trigramme=trigramme)
|
||||||
|
|
||||||
# Checking permissions
|
# Checking permissions
|
||||||
if not account.editable or (
|
if not account.editable:
|
||||||
not request.user.has_perm("kfet.is_team") and request.user != account.user
|
# Plus de leak de trigramme !
|
||||||
):
|
return HttpResponseForbidden
|
||||||
raise Http404
|
|
||||||
|
|
||||||
user_info_form = UserInfoForm(instance=account.user)
|
user_info_form = UserInfoForm(instance=account.user)
|
||||||
|
|
||||||
if request.user.has_perm("kfet.is_team"):
|
|
||||||
group_form = UserGroupForm(instance=account.user)
|
group_form = UserGroupForm(instance=account.user)
|
||||||
account_form = AccountForm(instance=account)
|
account_form = AccountForm(instance=account)
|
||||||
pwd_form = AccountPwdForm()
|
pwd_form = AccountPwdForm()
|
||||||
if account.balance < 0 and not hasattr(account, "negative"):
|
|
||||||
AccountNegative.objects.create(account=account, start=timezone.now())
|
|
||||||
account.refresh_from_db()
|
|
||||||
if hasattr(account, "negative"):
|
if hasattr(account, "negative"):
|
||||||
negative_form = AccountNegativeForm(instance=account.negative)
|
negative_form = AccountNegativeForm(instance=account.negative)
|
||||||
else:
|
else:
|
||||||
negative_form = None
|
negative_form = None
|
||||||
else:
|
|
||||||
account_form = AccountRestrictForm(instance=account)
|
|
||||||
group_form = None
|
|
||||||
negative_form = None
|
|
||||||
pwd_form = None
|
|
||||||
|
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
# Update attempt
|
self_update = request.user == account.user
|
||||||
success = False
|
|
||||||
missing_perm = True
|
|
||||||
|
|
||||||
if request.user.has_perm("kfet.is_team"):
|
|
||||||
account_form = AccountForm(request.POST, instance=account)
|
account_form = AccountForm(request.POST, instance=account)
|
||||||
group_form = UserGroupForm(request.POST, instance=account.user)
|
group_form = UserGroupForm(request.POST, instance=account.user)
|
||||||
pwd_form = AccountPwdForm(request.POST)
|
pwd_form = AccountPwdForm(request.POST, account=account)
|
||||||
|
|
||||||
|
forms = []
|
||||||
|
warnings = []
|
||||||
|
|
||||||
|
if self_update or request.user.has_perm("kfet.change_account"):
|
||||||
|
forms.append(account_form)
|
||||||
|
elif account_form.has_changed():
|
||||||
|
warnings.append("compte")
|
||||||
|
|
||||||
|
if request.user.has_perm("kfet.manage_perms"):
|
||||||
|
forms.append(group_form)
|
||||||
|
elif group_form.has_changed():
|
||||||
|
warnings.append("statut d'équipe")
|
||||||
|
|
||||||
if hasattr(account, "negative"):
|
if hasattr(account, "negative"):
|
||||||
negative_form = AccountNegativeForm(
|
negative_form = AccountNegativeForm(request.POST, instance=account.negative)
|
||||||
request.POST, instance=account.negative
|
|
||||||
|
if request.user.has_perm("kfet.change_accountnegative"):
|
||||||
|
forms.append(negative_form)
|
||||||
|
elif negative_form.has_changed():
|
||||||
|
warnings.append("négatifs")
|
||||||
|
|
||||||
|
# Il ne faut pas valider `pwd_form` si elle est inchangée
|
||||||
|
if pwd_form.has_changed():
|
||||||
|
if self_update or request.user.has_perm("kfet.change_account_password"):
|
||||||
|
forms.append(pwd_form)
|
||||||
|
else:
|
||||||
|
warnings.append("mot de passe")
|
||||||
|
|
||||||
|
# Updating account info
|
||||||
|
if forms == []:
|
||||||
|
messages.error(
|
||||||
|
request, "Informations non mises à jour : permission refusée"
|
||||||
)
|
)
|
||||||
|
else:
|
||||||
|
if all(form.is_valid() for form in forms):
|
||||||
|
for form in forms:
|
||||||
|
form.save()
|
||||||
|
|
||||||
if request.user.has_perm("kfet.change_account") and account_form.is_valid():
|
if len(warnings):
|
||||||
missing_perm = False
|
messages.warning(
|
||||||
|
request,
|
||||||
# Updating
|
"Permissions insuffisantes pour modifier"
|
||||||
account_form.save()
|
" les informations suivantes : {}.".format(", ".join(warnings)),
|
||||||
|
)
|
||||||
# Checking perm to update password
|
if self_update:
|
||||||
if (
|
messages.success(request, "Vos informations ont été mises à jour !")
|
||||||
request.user.has_perm("kfet.change_account_password")
|
else:
|
||||||
and pwd_form.is_valid()
|
|
||||||
):
|
|
||||||
pwd = pwd_form.cleaned_data["pwd1"]
|
|
||||||
account.change_pwd(pwd)
|
|
||||||
account.save()
|
|
||||||
messages.success(request, "Mot de passe mis à jour")
|
|
||||||
|
|
||||||
# Checking perm to manage perms
|
|
||||||
if request.user.has_perm("kfet.manage_perms") and group_form.is_valid():
|
|
||||||
group_form.save()
|
|
||||||
|
|
||||||
if (
|
|
||||||
hasattr(account, "negative")
|
|
||||||
and request.user.has_perm("kfet.change_accountnegative")
|
|
||||||
and negative_form.is_valid()
|
|
||||||
):
|
|
||||||
negative_form.save()
|
|
||||||
|
|
||||||
success = True
|
|
||||||
messages.success(
|
messages.success(
|
||||||
request,
|
request,
|
||||||
"Informations du compte %s mises à jour" % account.trigramme,
|
"Informations du compte %s mises à jour" % account.trigramme,
|
||||||
)
|
)
|
||||||
|
|
||||||
# Modification de ses propres informations
|
|
||||||
if request.user == account.user:
|
|
||||||
missing_perm = False
|
|
||||||
account.refresh_from_db()
|
|
||||||
account_form = AccountRestrictForm(request.POST, instance=account)
|
|
||||||
pwd_form = AccountPwdForm(request.POST)
|
|
||||||
|
|
||||||
if account_form.is_valid():
|
|
||||||
account_form.save()
|
|
||||||
success = True
|
|
||||||
messages.success(request, "Vos informations ont été mises à jour")
|
|
||||||
|
|
||||||
if request.user.has_perm("kfet.is_team") and pwd_form.is_valid():
|
|
||||||
pwd = pwd_form.cleaned_data["pwd1"]
|
|
||||||
account.change_pwd(pwd)
|
|
||||||
account.save()
|
|
||||||
messages.success(request, "Votre mot de passe a été mis à jour")
|
|
||||||
|
|
||||||
if missing_perm:
|
|
||||||
messages.error(request, "Permission refusée")
|
|
||||||
if success:
|
|
||||||
return redirect("kfet.account.read", account.trigramme)
|
return redirect("kfet.account.read", account.trigramme)
|
||||||
else:
|
else:
|
||||||
messages.error(
|
messages.error(
|
||||||
request, "Informations non mises à jour. Corrigez les erreurs"
|
request, "Informations non mises à jour : corrigez les erreurs"
|
||||||
)
|
)
|
||||||
|
|
||||||
return render(
|
return render(
|
||||||
|
|
@ -449,7 +433,8 @@ def account_update(request, trigramme):
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
# Account - Delete
|
|
||||||
|
# Account - Delete
|
||||||
|
|
||||||
|
|
||||||
class AccountDelete(PermissionRequiredMixin, DeleteView):
|
class AccountDelete(PermissionRequiredMixin, DeleteView):
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue