forked from DGNum/gestioCOF
Rework complet de account_update
This commit is contained in:
Ludovic Stephan
parent
aac94afcd0
commit
1450b65dcd
1 changed files with 70 additions and 85 deletions
135
kfet/views.py
135
kfet/views.py
|
|
@ -16,7 +16,12 @@ from django.core.exceptions import SuspiciousOperation
|
|||
from django.db import transaction
|
||||
from django.db.models import Count, F, Max, OuterRef, Prefetch, Q, Subquery, Sum
|
||||
from django.forms import formset_factory
|
||||
from django.http import Http404, HttpResponseBadRequest, JsonResponse
|
||||
from django.http import (
|
||||
Http404,
|
||||
HttpResponseBadRequest,
|
||||
HttpResponseForbidden,
|
||||
JsonResponse,
|
||||
)
|
||||
from django.shortcuts import get_object_or_404, redirect, render
|
||||
from django.urls import reverse, reverse_lazy
|
||||
from django.utils import timezone
|
||||
|
|
@ -36,7 +41,6 @@ from kfet.forms import (
|
|||
AccountNegativeForm,
|
||||
AccountNoTriForm,
|
||||
AccountPwdForm,
|
||||
AccountRestrictForm,
|
||||
AccountStatForm,
|
||||
AccountTriForm,
|
||||
AddcostForm,
|
||||
|
|
@ -332,108 +336,88 @@ def account_read(request, trigramme):
|
|||
# Account - Update
|
||||
|
||||
|
||||
@login_required
|
||||
@teamkfet_required
|
||||
@kfet_password_auth
|
||||
def account_update(request, trigramme):
|
||||
account = get_object_or_404(Account, trigramme=trigramme)
|
||||
|
||||
# Checking permissions
|
||||
if not account.editable or (
|
||||
not request.user.has_perm("kfet.is_team") and request.user != account.user
|
||||
):
|
||||
raise Http404
|
||||
if not account.editable:
|
||||
# Plus de leak de trigramme !
|
||||
return HttpResponseForbidden
|
||||
|
||||
user_info_form = UserInfoForm(instance=account.user)
|
||||
|
||||
if request.user.has_perm("kfet.is_team"):
|
||||
group_form = UserGroupForm(instance=account.user)
|
||||
account_form = AccountForm(instance=account)
|
||||
pwd_form = AccountPwdForm()
|
||||
if account.balance < 0 and not hasattr(account, "negative"):
|
||||
AccountNegative.objects.create(account=account, start=timezone.now())
|
||||
account.refresh_from_db()
|
||||
if hasattr(account, "negative"):
|
||||
negative_form = AccountNegativeForm(instance=account.negative)
|
||||
else:
|
||||
negative_form = None
|
||||
else:
|
||||
account_form = AccountRestrictForm(instance=account)
|
||||
group_form = None
|
||||
negative_form = None
|
||||
pwd_form = None
|
||||
|
||||
if request.method == "POST":
|
||||
# Update attempt
|
||||
success = False
|
||||
missing_perm = True
|
||||
|
||||
if request.user.has_perm("kfet.is_team"):
|
||||
self_update = request.user == account.user
|
||||
account_form = AccountForm(request.POST, instance=account)
|
||||
group_form = UserGroupForm(request.POST, instance=account.user)
|
||||
pwd_form = AccountPwdForm(request.POST)
|
||||
pwd_form = AccountPwdForm(request.POST, account=account)
|
||||
|
||||
forms = []
|
||||
warnings = []
|
||||
|
||||
if self_update or request.user.has_perm("kfet.change_account"):
|
||||
forms.append(account_form)
|
||||
elif account_form.has_changed():
|
||||
warnings.append("compte")
|
||||
|
||||
if request.user.has_perm("kfet.manage_perms"):
|
||||
forms.append(group_form)
|
||||
elif group_form.has_changed():
|
||||
warnings.append("statut d'équipe")
|
||||
|
||||
if hasattr(account, "negative"):
|
||||
negative_form = AccountNegativeForm(
|
||||
request.POST, instance=account.negative
|
||||
negative_form = AccountNegativeForm(request.POST, instance=account.negative)
|
||||
|
||||
if request.user.has_perm("kfet.change_accountnegative"):
|
||||
forms.append(negative_form)
|
||||
elif negative_form.has_changed():
|
||||
warnings.append("négatifs")
|
||||
|
||||
# Il ne faut pas valider `pwd_form` si elle est inchangée
|
||||
if pwd_form.has_changed():
|
||||
if self_update or request.user.has_perm("kfet.change_account_password"):
|
||||
forms.append(pwd_form)
|
||||
else:
|
||||
warnings.append("mot de passe")
|
||||
|
||||
# Updating account info
|
||||
if forms == []:
|
||||
messages.error(
|
||||
request, "Informations non mises à jour : permission refusée"
|
||||
)
|
||||
else:
|
||||
if all(form.is_valid() for form in forms):
|
||||
for form in forms:
|
||||
form.save()
|
||||
|
||||
if request.user.has_perm("kfet.change_account") and account_form.is_valid():
|
||||
missing_perm = False
|
||||
|
||||
# Updating
|
||||
account_form.save()
|
||||
|
||||
# Checking perm to update password
|
||||
if (
|
||||
request.user.has_perm("kfet.change_account_password")
|
||||
and pwd_form.is_valid()
|
||||
):
|
||||
pwd = pwd_form.cleaned_data["pwd1"]
|
||||
account.change_pwd(pwd)
|
||||
account.save()
|
||||
messages.success(request, "Mot de passe mis à jour")
|
||||
|
||||
# Checking perm to manage perms
|
||||
if request.user.has_perm("kfet.manage_perms") and group_form.is_valid():
|
||||
group_form.save()
|
||||
|
||||
if (
|
||||
hasattr(account, "negative")
|
||||
and request.user.has_perm("kfet.change_accountnegative")
|
||||
and negative_form.is_valid()
|
||||
):
|
||||
negative_form.save()
|
||||
|
||||
success = True
|
||||
if len(warnings):
|
||||
messages.warning(
|
||||
request,
|
||||
"Permissions insuffisantes pour modifier"
|
||||
" les informations suivantes : {}.".format(", ".join(warnings)),
|
||||
)
|
||||
if self_update:
|
||||
messages.success(request, "Vos informations ont été mises à jour !")
|
||||
else:
|
||||
messages.success(
|
||||
request,
|
||||
"Informations du compte %s mises à jour" % account.trigramme,
|
||||
)
|
||||
|
||||
# Modification de ses propres informations
|
||||
if request.user == account.user:
|
||||
missing_perm = False
|
||||
account.refresh_from_db()
|
||||
account_form = AccountRestrictForm(request.POST, instance=account)
|
||||
pwd_form = AccountPwdForm(request.POST)
|
||||
|
||||
if account_form.is_valid():
|
||||
account_form.save()
|
||||
success = True
|
||||
messages.success(request, "Vos informations ont été mises à jour")
|
||||
|
||||
if request.user.has_perm("kfet.is_team") and pwd_form.is_valid():
|
||||
pwd = pwd_form.cleaned_data["pwd1"]
|
||||
account.change_pwd(pwd)
|
||||
account.save()
|
||||
messages.success(request, "Votre mot de passe a été mis à jour")
|
||||
|
||||
if missing_perm:
|
||||
messages.error(request, "Permission refusée")
|
||||
if success:
|
||||
return redirect("kfet.account.read", account.trigramme)
|
||||
else:
|
||||
messages.error(
|
||||
request, "Informations non mises à jour. Corrigez les erreurs"
|
||||
request, "Informations non mises à jour : corrigez les erreurs"
|
||||
)
|
||||
|
||||
return render(
|
||||
|
|
@ -449,7 +433,8 @@ def account_update(request, trigramme):
|
|||
},
|
||||
)
|
||||
|
||||
# Account - Delete
|
||||
|
||||
# Account - Delete
|
||||
|
||||
|
||||
class AccountDelete(PermissionRequiredMixin, DeleteView):
|
||||
|
|
|
|||
Loading…
Reference in a new issue