From 137dd655d13127f7e10a9eecd7878093ce573f67 Mon Sep 17 00:00:00 2001
From: Ludovic Stephan <ludovic.stephan@ens.fr>
Date: Wed, 11 Mar 2020 22:30:47 +0100
Subject: [PATCH] =?UTF-8?q?Harmonise=20les=20comptes=20non-lisibles=20ou?=
 =?UTF-8?q?=20=C3=A9ditables?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 kfet/forms.py  | 7 ++++++-
 kfet/models.py | 9 +++++++++
 kfet/views.py  | 6 +++++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/kfet/forms.py b/kfet/forms.py
index b6fad26f..9419d9f8 100644
--- a/kfet/forms.py
+++ b/kfet/forms.py
@@ -24,6 +24,8 @@ from kfet.models import (
     TransferGroup,
 )
 
+from . import KFET_DELETED_TRIGRAMME
+from .auth import KFET_GENERIC_TRIGRAMME
 from .auth.forms import UserGroupForm  # noqa
 
 # -----
@@ -324,7 +326,10 @@ class KPsulOperationGroupForm(forms.ModelForm):
         widget=forms.HiddenInput(),
     )
     on_acc = forms.ModelChoiceField(
-        queryset=Account.objects.exclude(trigramme="GNR"), widget=forms.HiddenInput()
+        queryset=Account.objects.exclude(
+            trigramme__in=[KFET_DELETED_TRIGRAMME, KFET_GENERIC_TRIGRAMME]
+        ),
+        widget=forms.HiddenInput(),
     )
 
     class Meta:
diff --git a/kfet/models.py b/kfet/models.py
index 814f857a..2eacf06f 100644
--- a/kfet/models.py
+++ b/kfet/models.py
@@ -150,6 +150,15 @@ class Account(models.Model):
     def readable(self):
         return self.trigramme not in [KFET_DELETED_TRIGRAMME, KFET_GENERIC_TRIGRAMME]
 
+    @property
+    def editable(self):
+        return self.trigramme not in [
+            KFET_DELETED_TRIGRAMME,
+            KFET_GENERIC_TRIGRAMME,
+            "LIQ",
+            "#13",
+        ]
+
     @property
     def is_team(self):
         return self.has_perm("kfet.is_team")
diff --git a/kfet/views.py b/kfet/views.py
index 655e856d..0b1c5f91 100644
--- a/kfet/views.py
+++ b/kfet/views.py
@@ -328,7 +328,9 @@ def account_update(request, trigramme):
     account = get_object_or_404(Account, trigramme=trigramme)
 
     # Checking permissions
-    if not request.user.has_perm("kfet.is_team") and request.user != account.user:
+    if not account.editable or (
+        not request.user.has_perm("kfet.is_team") and request.user != account.user
+    ):
         raise Http404
 
     user_info_form = UserInfoForm(instance=account.user)
@@ -911,6 +913,8 @@ def kpsul_get_settings(request):
 @teamkfet_required
 def account_read_json(request, trigramme):
     account = get_object_or_404(Account, trigramme=trigramme)
+    if not account.readable:
+        raise Http404
     data = {
         "id": account.pk,
         "name": account.name,