Merge branch 'Aufinal/editable_accounts' into 'master'

Harmonise les comptes non-lisibles ou éditables Closes #234 See merge request klub-dev-ens/gestioCOF!412
2020-05-07 18:07:07 +02:00 · 2020-05-07 18:07:07 +02:00 · 3b2251a1d6
commit 3b2251a1d6
parent 64ceb813c6 137dd655d1
3 changed files with 20 additions and 2 deletions
--- a/kfet/forms.py
+++ b/kfet/forms.py
@ -24,6 +24,8 @@ from kfet.models import (
    TransferGroup,
 )

+from . import KFET_DELETED_TRIGRAMME
+from .auth import KFET_GENERIC_TRIGRAMME
 from .auth.forms import UserGroupForm  # noqa

 # -----
@ -324,7 +326,10 @@ class KPsulOperationGroupForm(forms.ModelForm):
        widget=forms.HiddenInput(),
    )
    on_acc = forms.ModelChoiceField(
-        queryset=Account.objects.exclude(trigramme="GNR"), widget=forms.HiddenInput()
+        queryset=Account.objects.exclude(
+            trigramme__in=[KFET_DELETED_TRIGRAMME, KFET_GENERIC_TRIGRAMME]
+        ),
+        widget=forms.HiddenInput(),
    )

    class Meta:
--- a/kfet/models.py
+++ b/kfet/models.py
@ -150,6 +150,15 @@ class Account(models.Model):
    def readable(self):
        return self.trigramme not in [KFET_DELETED_TRIGRAMME, KFET_GENERIC_TRIGRAMME]

+    @property
+    def editable(self):
+        return self.trigramme not in [
+            KFET_DELETED_TRIGRAMME,
+            KFET_GENERIC_TRIGRAMME,
+            "LIQ",
+            "#13",
+        ]
+
    @property
    def is_team(self):
        return self.has_perm("kfet.is_team")
--- a/kfet/views.py
+++ b/kfet/views.py
@ -328,7 +328,9 @@ def account_update(request, trigramme):
    account = get_object_or_404(Account, trigramme=trigramme)

    # Checking permissions
-    if not request.user.has_perm("kfet.is_team") and request.user != account.user:
+    if not account.editable or (
+        not request.user.has_perm("kfet.is_team") and request.user != account.user
+    ):
        raise Http404

    user_info_form = UserInfoForm(instance=account.user)
@ -911,6 +913,8 @@ def kpsul_get_settings(request):
@teamkfet_required
 def account_read_json(request, trigramme):
    account = get_object_or_404(Account, trigramme=trigramme)
+    if not account.readable:
+        raise Http404
    data = {
        "id": account.pk,
        "name": account.name,