From fbafdb7134cb448342d6a3da7695970997ccb453 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Wed, 10 Feb 2021 21:32:44 +0100 Subject: [PATCH 01/16] Added kfet history date limit when not accessing own account --- gestioasso/settings/cof_prod.py | 4 ++++ kfet/views.py | 14 +++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/gestioasso/settings/cof_prod.py b/gestioasso/settings/cof_prod.py index d85e84c5..6121c98d 100644 --- a/gestioasso/settings/cof_prod.py +++ b/gestioasso/settings/cof_prod.py @@ -5,6 +5,7 @@ Surcharge les settings définis dans common.py """ import os +from datetime import timedelta from .common import * # NOQA from .common import ( @@ -202,3 +203,6 @@ MAIL_DATA = { "REPLYTO": "BdA-Revente ", }, } + +# Max lookback date into kfet history +KFET_HISTORY_DATE_LIMIT = timedelta(weeks=1) diff --git a/kfet/views.py b/kfet/views.py index c50fb33e..a971e155 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1,11 +1,12 @@ import heapq import statistics from collections import defaultdict -from datetime import timedelta +from datetime import datetime, timedelta from decimal import Decimal from typing import List from urllib.parse import urlencode +from django.conf import settings from django.contrib import messages from django.contrib.auth.decorators import login_required, permission_required from django.contrib.auth.mixins import PermissionRequiredMixin @@ -1468,6 +1469,9 @@ def history_json(request): .order_by("at") ) + # limite l'accès à l'historique plus vieux que settings.KFET_HISTORY_DATE_LIMIT + limit_date = True + # Application des filtres if start: opegroups = opegroups.filter(at__gte=start) @@ -1484,9 +1488,17 @@ def history_json(request): transfergroups = TransferGroup.objects.none() if account: opegroups = opegroups.filter(on_acc=account) + if account.cofprofile.user.id == request.user.id: + limit_date = False # pas de limite de date sur son propre historique # Un non-membre de l'équipe n'a que accès à son historique if not request.user.has_perm("kfet.is_team"): opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet) + limit_date = False # pas de limite de date sur son propre historique + if limit_date: + # limiter l'accès à l'historique ancien pour confidentialité + earliest_date = datetime.today() - settings.KFET_HISTORY_DATE_LIMIT + opegroups = opegroups.filter(at__gte=earliest_date) + transfergroups = transfergroups.filter(at__gte=earliest_date) # Construction de la réponse history_groups = [] From 559b36b6f080805abe437cb37aeb762884154ffd Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 10 Feb 2021 22:13:50 +0100 Subject: [PATCH 02/16] Limite le datepicker pour ne pas demander plus de temps que possible dans l'historique --- kfet/templates/kfet/history.html | 1 + kfet/views.py | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/kfet/templates/kfet/history.html b/kfet/templates/kfet/history.html index c3ebc8b0..91319012 100644 --- a/kfet/templates/kfet/history.html +++ b/kfet/templates/kfet/history.html @@ -62,6 +62,7 @@ $(document).ready(function() { format : 'YYYY-MM-DD HH:mm', stepping : 5, locale : 'fr', + minDate : '{{ week_ago }}', showTodayButton: true, widgetPositioning: { horizontal: "left", diff --git a/kfet/views.py b/kfet/views.py index a971e155..69b9395e 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1588,7 +1588,12 @@ def kpsul_articles_data(request): @teamkfet_required def history(request): - data = {"filter_form": FilterHistoryForm()} + week_ago = timezone.now() - settings.KFET_HISTORY_DATE_LIMIT + data = { + "filter_form": FilterHistoryForm(), + "week_ago": week_ago.strftime("%Y-%m-%d %H:%M"), + } + print(data["week_ago"]) return render(request, "kfet/history.html", data) From 9303772f9a4cf3cd6044ead6bc24c831c1efc382 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Wed, 10 Feb 2021 22:19:52 +0100 Subject: [PATCH 03/16] Renamed week_ago => history_limit and removed print --- kfet/templates/kfet/history.html | 2 +- kfet/views.py | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/kfet/templates/kfet/history.html b/kfet/templates/kfet/history.html index 91319012..03f9bbdf 100644 --- a/kfet/templates/kfet/history.html +++ b/kfet/templates/kfet/history.html @@ -62,7 +62,7 @@ $(document).ready(function() { format : 'YYYY-MM-DD HH:mm', stepping : 5, locale : 'fr', - minDate : '{{ week_ago }}', + minDate : '{{ history_limit }}', showTodayButton: true, widgetPositioning: { horizontal: "left", diff --git a/kfet/views.py b/kfet/views.py index 69b9395e..7245f3bf 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1588,12 +1588,11 @@ def kpsul_articles_data(request): @teamkfet_required def history(request): - week_ago = timezone.now() - settings.KFET_HISTORY_DATE_LIMIT + history_limit = timezone.now() - settings.KFET_HISTORY_DATE_LIMIT data = { "filter_form": FilterHistoryForm(), - "week_ago": week_ago.strftime("%Y-%m-%d %H:%M"), + "history_limit": history_limit.strftime("%Y-%m-%d %H:%M"), } - print(data["week_ago"]) return render(request, "kfet/history.html", data) From 89fc309c01320c848ed93c25e2357683e3863679 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 10:18:47 +0100 Subject: [PATCH 04/16] Returned 403 on dubious history request --- kfet/views.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kfet/views.py b/kfet/views.py index 7245f3bf..efb0aed3 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1491,9 +1491,10 @@ def history_json(request): if account.cofprofile.user.id == request.user.id: limit_date = False # pas de limite de date sur son propre historique # Un non-membre de l'équipe n'a que accès à son historique - if not request.user.has_perm("kfet.is_team"): - opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet) - limit_date = False # pas de limite de date sur son propre historique + elif not request.user.has_perm("kfet.is_team"): + # un non membre de la kfet doit avoir le champ account + # pré-rempli, cette requête est douteuse + return JsonResponse({}, status=403) if limit_date: # limiter l'accès à l'historique ancien pour confidentialité earliest_date = datetime.today() - settings.KFET_HISTORY_DATE_LIMIT From b97bc8bfa8375e421daef8a9752c0b41d606b00c Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 10:26:05 +0100 Subject: [PATCH 05/16] Changed accoutn comparaison from id to equality --- kfet/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kfet/views.py b/kfet/views.py index efb0aed3..10576d39 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1488,7 +1488,7 @@ def history_json(request): transfergroups = TransferGroup.objects.none() if account: opegroups = opegroups.filter(on_acc=account) - if account.cofprofile.user.id == request.user.id: + if account == request.user.profile.account_kfet: limit_date = False # pas de limite de date sur son propre historique # Un non-membre de l'équipe n'a que accès à son historique elif not request.user.has_perm("kfet.is_team"): From fa8c57269cba5f68397c733960845383856eaef6 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 10:32:12 +0100 Subject: [PATCH 06/16] Added help_text to history form --- kfet/forms.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kfet/forms.py b/kfet/forms.py index bc98a8ce..6623ad0e 100644 --- a/kfet/forms.py +++ b/kfet/forms.py @@ -2,6 +2,7 @@ from datetime import timedelta from decimal import Decimal from django import forms +from django.conf import settings from django.contrib.auth.models import User from django.core import validators from django.core.exceptions import ValidationError @@ -484,7 +485,14 @@ class KFetConfigForm(ConfigForm): class FilterHistoryForm(forms.Form): - start = forms.DateTimeField(label=_("De"), widget=DateTimeWidget, required=False) + start = forms.DateTimeField( + label=_("De"), + widget=DateTimeWidget, + required=False, + help_text="L'historique est limité à {} jours".format( + settings.KFET_HISTORY_DATE_LIMIT.days + ), + ) end = forms.DateTimeField(label=_("À"), widget=DateTimeWidget, required=False) checkout = forms.ModelChoiceField( label=_("Caisse"), From 46242ad2c0dd2159667b31a902e2e438fd76cffb Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 10:48:24 +0100 Subject: [PATCH 07/16] Added separate permission for chef/trez --- gestioasso/settings/cof_prod.py | 2 ++ kfet/forms.py | 5 +++-- kfet/models.py | 1 + kfet/views.py | 11 +++++++++-- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/gestioasso/settings/cof_prod.py b/gestioasso/settings/cof_prod.py index 6121c98d..4089f8cf 100644 --- a/gestioasso/settings/cof_prod.py +++ b/gestioasso/settings/cof_prod.py @@ -206,3 +206,5 @@ MAIL_DATA = { # Max lookback date into kfet history KFET_HISTORY_DATE_LIMIT = timedelta(weeks=1) +# limite plus longue pour les chef/trez +KFET_HISTORY_LONG_DATE_LIMIT = timedelta(days=30) diff --git a/kfet/forms.py b/kfet/forms.py index 6623ad0e..f93ff068 100644 --- a/kfet/forms.py +++ b/kfet/forms.py @@ -489,8 +489,9 @@ class FilterHistoryForm(forms.Form): label=_("De"), widget=DateTimeWidget, required=False, - help_text="L'historique est limité à {} jours".format( - settings.KFET_HISTORY_DATE_LIMIT.days + help_text="Limité à {} jours ({} pour les chefs/trez)".format( + settings.KFET_HISTORY_DATE_LIMIT.days, + settings.KFET_HISTORY_LONG_DATE_LIMIT.days, ), ) end = forms.DateTimeField(label=_("À"), widget=DateTimeWidget, required=False) diff --git a/kfet/models.py b/kfet/models.py index 2eacf06f..622c0ac9 100644 --- a/kfet/models.py +++ b/kfet/models.py @@ -89,6 +89,7 @@ class Account(models.Model): ("can_force_close", "Fermer manuellement la K-Fêt"), ("see_config", "Voir la configuration K-Fêt"), ("change_config", "Modifier la configuration K-Fêt"), + ("access_old_history", "Peut accéder à l'historique plus ancien"), ) def __str__(self): diff --git a/kfet/views.py b/kfet/views.py index 10576d39..ca280728 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1411,6 +1411,13 @@ def cancel_operations(request): return JsonResponse(data) +def get_history_limit(user) -> timedelta: + """returns the earliest date the user can view history""" + if user.has_perm("access_old_history"): + return datetime.today() - settings.KFET_HISTORY_LONG_DATE_LIMIT + return datetime.today() - settings.KFET_HISTORY_DATE_LIMIT + + @login_required def history_json(request): # Récupération des paramètres @@ -1497,7 +1504,7 @@ def history_json(request): return JsonResponse({}, status=403) if limit_date: # limiter l'accès à l'historique ancien pour confidentialité - earliest_date = datetime.today() - settings.KFET_HISTORY_DATE_LIMIT + earliest_date = get_history_limit(request.user) opegroups = opegroups.filter(at__gte=earliest_date) transfergroups = transfergroups.filter(at__gte=earliest_date) @@ -1589,7 +1596,7 @@ def kpsul_articles_data(request): @teamkfet_required def history(request): - history_limit = timezone.now() - settings.KFET_HISTORY_DATE_LIMIT + history_limit = get_history_limit(request.user) data = { "filter_form": FilterHistoryForm(), "history_limit": history_limit.strftime("%Y-%m-%d %H:%M"), From beba3052dd01bddbed5cafd830145cbe48e41443 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 11:46:42 +0100 Subject: [PATCH 08/16] Switched from hardcoded settings to config --- gestioasso/settings/cof_prod.py | 5 ----- kfet/forms.py | 15 +++++++++++---- kfet/views.py | 4 ++-- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/gestioasso/settings/cof_prod.py b/gestioasso/settings/cof_prod.py index 4089f8cf..280dab3f 100644 --- a/gestioasso/settings/cof_prod.py +++ b/gestioasso/settings/cof_prod.py @@ -203,8 +203,3 @@ MAIL_DATA = { "REPLYTO": "BdA-Revente ", }, } - -# Max lookback date into kfet history -KFET_HISTORY_DATE_LIMIT = timedelta(weeks=1) -# limite plus longue pour les chef/trez -KFET_HISTORY_LONG_DATE_LIMIT = timedelta(days=30) diff --git a/kfet/forms.py b/kfet/forms.py index f93ff068..aba6d7c4 100644 --- a/kfet/forms.py +++ b/kfet/forms.py @@ -482,6 +482,16 @@ class KFetConfigForm(ConfigForm): label="Durée pour annuler une commande sans mot de passe", initial=timedelta(minutes=5), ) + kfet_history_limit = forms.DurationField( + label="Limite de confidentialité de l'historique", + initial=timedelta(days=7), + help_text="Les éléments plus vieux que cette durée seront masqués", + ) + kfet_history_long_limit = forms.DurationField( + label="Limite de confidentialité de l'historique pour chef/trez", + initial=timedelta(days=30), + help_text="Limite plus longue en cas de problème de compta", + ) class FilterHistoryForm(forms.Form): @@ -489,10 +499,7 @@ class FilterHistoryForm(forms.Form): label=_("De"), widget=DateTimeWidget, required=False, - help_text="Limité à {} jours ({} pour les chefs/trez)".format( - settings.KFET_HISTORY_DATE_LIMIT.days, - settings.KFET_HISTORY_LONG_DATE_LIMIT.days, - ), + help_text="Limité pour raisons de confidentialité", ) end = forms.DateTimeField(label=_("À"), widget=DateTimeWidget, required=False) checkout = forms.ModelChoiceField( diff --git a/kfet/views.py b/kfet/views.py index ca280728..859dc60d 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1414,8 +1414,8 @@ def cancel_operations(request): def get_history_limit(user) -> timedelta: """returns the earliest date the user can view history""" if user.has_perm("access_old_history"): - return datetime.today() - settings.KFET_HISTORY_LONG_DATE_LIMIT - return datetime.today() - settings.KFET_HISTORY_DATE_LIMIT + return datetime.today() - kfet_config.history_long_limit + return datetime.today() - kfet_config.history_limit @login_required From 884ec2535b0dfe5e1e4e6f65a5ed540bb684e6c2 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 11:51:48 +0100 Subject: [PATCH 09/16] Fixed stupid errors --- kfet/forms.py | 1 - kfet/views.py | 13 ++++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/kfet/forms.py b/kfet/forms.py index aba6d7c4..16b4963d 100644 --- a/kfet/forms.py +++ b/kfet/forms.py @@ -2,7 +2,6 @@ from datetime import timedelta from decimal import Decimal from django import forms -from django.conf import settings from django.contrib.auth.models import User from django.core import validators from django.core.exceptions import ValidationError diff --git a/kfet/views.py b/kfet/views.py index 859dc60d..e45c6508 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -6,7 +6,6 @@ from decimal import Decimal from typing import List from urllib.parse import urlencode -from django.conf import settings from django.contrib import messages from django.contrib.auth.decorators import login_required, permission_required from django.contrib.auth.mixins import PermissionRequiredMixin @@ -1411,11 +1410,15 @@ def cancel_operations(request): return JsonResponse(data) -def get_history_limit(user) -> timedelta: - """returns the earliest date the user can view history""" - if user.has_perm("access_old_history"): +def get_history_limit(user) -> datetime: + """returns the earliest date the given user can view history + according to his/her permissions""" + if user.has_perm("kfet.access_old_history"): return datetime.today() - kfet_config.history_long_limit - return datetime.today() - kfet_config.history_limit + if user.has_perm("kfet.is_team"): + return datetime.today() - kfet_config.history_limit + # should not happen - future earliest date + return datetime.today() + timedelta(days=1) @login_required From 4b95b65be2ad3d0c861f7f02f20e46166eb19c04 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 11:55:18 +0100 Subject: [PATCH 10/16] Removed unused import --- gestioasso/settings/cof_prod.py | 1 - 1 file changed, 1 deletion(-) diff --git a/gestioasso/settings/cof_prod.py b/gestioasso/settings/cof_prod.py index 280dab3f..d85e84c5 100644 --- a/gestioasso/settings/cof_prod.py +++ b/gestioasso/settings/cof_prod.py @@ -5,7 +5,6 @@ Surcharge les settings définis dans common.py """ import os -from datetime import timedelta from .common import * # NOQA from .common import ( From 9a635148bbaa448ddad346369fc169bb0647f357 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 12:13:23 +0100 Subject: [PATCH 11/16] Switched from datetime.today() to timezone.now() --- kfet/views.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kfet/views.py b/kfet/views.py index e45c6508..9bf85b66 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1413,12 +1413,13 @@ def cancel_operations(request): def get_history_limit(user) -> datetime: """returns the earliest date the given user can view history according to his/her permissions""" + now = timezone.now() if user.has_perm("kfet.access_old_history"): - return datetime.today() - kfet_config.history_long_limit + return now - kfet_config.history_long_limit if user.has_perm("kfet.is_team"): - return datetime.today() - kfet_config.history_limit + return now - kfet_config.history_limit # should not happen - future earliest date - return datetime.today() + timedelta(days=1) + return now + timedelta(days=1) @login_required From 30a39ef2f695616bddd5d6690e63fdb4d31b3ef8 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 12:16:43 +0100 Subject: [PATCH 12/16] Switch from account test to user test --- kfet/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kfet/views.py b/kfet/views.py index 9bf85b66..a354cd48 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -1499,7 +1499,7 @@ def history_json(request): transfergroups = TransferGroup.objects.none() if account: opegroups = opegroups.filter(on_acc=account) - if account == request.user.profile.account_kfet: + if account.user == request.user: limit_date = False # pas de limite de date sur son propre historique # Un non-membre de l'équipe n'a que accès à son historique elif not request.user.has_perm("kfet.is_team"): From a8de7e0ae00e06e35900f6ad7f7a0d8362c86a45 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 13:38:36 +0100 Subject: [PATCH 13/16] makemigrations --- kfet/migrations/0074_auto_20210219_1337.py | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 kfet/migrations/0074_auto_20210219_1337.py diff --git a/kfet/migrations/0074_auto_20210219_1337.py b/kfet/migrations/0074_auto_20210219_1337.py new file mode 100644 index 00000000..7b4127d8 --- /dev/null +++ b/kfet/migrations/0074_auto_20210219_1337.py @@ -0,0 +1,36 @@ +# Generated by Django 2.2.17 on 2021-02-19 12:37 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("kfet", "0073_2021"), + ] + + operations = [ + migrations.AlterModelOptions( + name="account", + options={ + "permissions": ( + ("is_team", "Is part of the team"), + ("manage_perms", "Gérer les permissions K-Fêt"), + ("manage_addcosts", "Gérer les majorations"), + ("edit_balance_account", "Modifier la balance d'un compte"), + ( + "change_account_password", + "Modifier le mot de passe d'une personne de l'équipe", + ), + ( + "special_add_account", + "Créer un compte avec une balance initiale", + ), + ("can_force_close", "Fermer manuellement la K-Fêt"), + ("see_config", "Voir la configuration K-Fêt"), + ("change_config", "Modifier la configuration K-Fêt"), + ("access_old_history", "Peut accéder à l'historique plus ancien"), + ) + }, + ), + ] From 1183e50f60054fe3bb5d2b51c86e9621f88bfbf6 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Fri, 19 Feb 2021 13:48:12 +0100 Subject: [PATCH 14/16] Fixed tests --- kfet/tests/test_views.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kfet/tests/test_views.py b/kfet/tests/test_views.py index 7d395e7e..eb8db1f4 100644 --- a/kfet/tests/test_views.py +++ b/kfet/tests/test_views.py @@ -4219,8 +4219,8 @@ class HistoryJSONViewTests(ViewTestCaseMixin, TestCase): url_name = "kfet.history.json" url_expected = "/k-fet/history.json" - auth_user = "user" - auth_forbidden = [None, "noaccount"] + auth_user = "team" + auth_forbidden = [None, "user", "noaccount"] def test_ok(self): r = self.client.post(self.url) @@ -4310,6 +4310,8 @@ class SettingsUpdateViewTests(ViewTestCaseMixin, TestCase): "kfet_overdraft_duration": "2 00:00:00", "kfet_overdraft_amount": "25", "kfet_cancel_duration": "00:20:00", + "kfet_history_limit": "5 00:00:00", + "kfet_history_long_limit": "60 00:00:00", } def get_users_extra(self): @@ -4331,6 +4333,8 @@ class SettingsUpdateViewTests(ViewTestCaseMixin, TestCase): "overdraft_duration": timedelta(days=2), "overdraft_amount": Decimal("25"), "cancel_duration": timedelta(minutes=20), + "history_limit": timedelta(days=5), + "history_long_limit": timedelta(days=60), } for key, expected in expected_config.items(): From cc7c4306f466a300010ad69426982e405192a8d8 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Sat, 20 Feb 2021 19:10:49 +0100 Subject: [PATCH 15/16] Added change description to CHANGELOG --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2573983..3bd71609 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,10 @@ adhérents ni des cotisations. ## Version ??? - dans un futur proche +### K-Fêt + +- L'accès à l'historique est maintenant limité à 7 jours pour raison de confidentialité. Les chefs/trez peuvent disposer d'une permission supplémentaire pour accèder à jusqu'à 30 jours en cas de problème de compta. L'accès à son historique personnel n'est pas limité. Les durées limites sont configurables depuis les paramètres K-Fêt. + ## Version 0.9 - 06/02/2020 ### COF / BdA From 23f7865140d4d3b79ed4f0e013b2f2155da38e08 Mon Sep 17 00:00:00 2001 From: Dorian Lesbre Date: Sat, 20 Feb 2021 20:59:54 +0100 Subject: [PATCH 16/16] Switch back from config to settings --- CHANGELOG.md | 2 +- gestioasso/settings/cof_prod.py | 13 +++++++++++++ kfet/forms.py | 16 +++++----------- kfet/tests/test_views.py | 4 ---- kfet/views.py | 5 +++-- 5 files changed, 22 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3bd71609..79eb297b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,7 +25,7 @@ adhérents ni des cotisations. ### K-Fêt -- L'accès à l'historique est maintenant limité à 7 jours pour raison de confidentialité. Les chefs/trez peuvent disposer d'une permission supplémentaire pour accèder à jusqu'à 30 jours en cas de problème de compta. L'accès à son historique personnel n'est pas limité. Les durées limites sont configurables depuis les paramètres K-Fêt. +- L'accès à l'historique est maintenant limité à 7 jours pour raison de confidentialité. Les chefs/trez peuvent disposer d'une permission supplémentaire pour accèder à jusqu'à 30 jours en cas de problème de compta. L'accès à son historique personnel n'est pas limité. Les durées sont configurables dans `settings/cof_prod.py`. ## Version 0.9 - 06/02/2020 diff --git a/gestioasso/settings/cof_prod.py b/gestioasso/settings/cof_prod.py index d85e84c5..3104e5b0 100644 --- a/gestioasso/settings/cof_prod.py +++ b/gestioasso/settings/cof_prod.py @@ -5,6 +5,7 @@ Surcharge les settings définis dans common.py """ import os +from datetime import timedelta from .common import * # NOQA from .common import ( @@ -202,3 +203,15 @@ MAIL_DATA = { "REPLYTO": "BdA-Revente ", }, } + +# --- +# kfet history limits +# --- + +# L'historique n'est accesible que d'aujourd'hui +# à aujourd'hui - KFET_HISTORY_DATE_LIMIT +KFET_HISTORY_DATE_LIMIT = timedelta(days=7) + +# Limite plus longue pour les chefs/trez +# (qui ont la permission kfet.access_old_history) +KFET_HISTORY_LONG_DATE_LIMIT = timedelta(days=30) diff --git a/kfet/forms.py b/kfet/forms.py index 16b4963d..f93ff068 100644 --- a/kfet/forms.py +++ b/kfet/forms.py @@ -2,6 +2,7 @@ from datetime import timedelta from decimal import Decimal from django import forms +from django.conf import settings from django.contrib.auth.models import User from django.core import validators from django.core.exceptions import ValidationError @@ -481,16 +482,6 @@ class KFetConfigForm(ConfigForm): label="Durée pour annuler une commande sans mot de passe", initial=timedelta(minutes=5), ) - kfet_history_limit = forms.DurationField( - label="Limite de confidentialité de l'historique", - initial=timedelta(days=7), - help_text="Les éléments plus vieux que cette durée seront masqués", - ) - kfet_history_long_limit = forms.DurationField( - label="Limite de confidentialité de l'historique pour chef/trez", - initial=timedelta(days=30), - help_text="Limite plus longue en cas de problème de compta", - ) class FilterHistoryForm(forms.Form): @@ -498,7 +489,10 @@ class FilterHistoryForm(forms.Form): label=_("De"), widget=DateTimeWidget, required=False, - help_text="Limité pour raisons de confidentialité", + help_text="Limité à {} jours ({} pour les chefs/trez)".format( + settings.KFET_HISTORY_DATE_LIMIT.days, + settings.KFET_HISTORY_LONG_DATE_LIMIT.days, + ), ) end = forms.DateTimeField(label=_("À"), widget=DateTimeWidget, required=False) checkout = forms.ModelChoiceField( diff --git a/kfet/tests/test_views.py b/kfet/tests/test_views.py index eb8db1f4..40b9ef77 100644 --- a/kfet/tests/test_views.py +++ b/kfet/tests/test_views.py @@ -4310,8 +4310,6 @@ class SettingsUpdateViewTests(ViewTestCaseMixin, TestCase): "kfet_overdraft_duration": "2 00:00:00", "kfet_overdraft_amount": "25", "kfet_cancel_duration": "00:20:00", - "kfet_history_limit": "5 00:00:00", - "kfet_history_long_limit": "60 00:00:00", } def get_users_extra(self): @@ -4333,8 +4331,6 @@ class SettingsUpdateViewTests(ViewTestCaseMixin, TestCase): "overdraft_duration": timedelta(days=2), "overdraft_amount": Decimal("25"), "cancel_duration": timedelta(minutes=20), - "history_limit": timedelta(days=5), - "history_long_limit": timedelta(days=60), } for key, expected in expected_config.items(): diff --git a/kfet/views.py b/kfet/views.py index a354cd48..0fe99ea4 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -6,6 +6,7 @@ from decimal import Decimal from typing import List from urllib.parse import urlencode +from django.conf import settings from django.contrib import messages from django.contrib.auth.decorators import login_required, permission_required from django.contrib.auth.mixins import PermissionRequiredMixin @@ -1415,9 +1416,9 @@ def get_history_limit(user) -> datetime: according to his/her permissions""" now = timezone.now() if user.has_perm("kfet.access_old_history"): - return now - kfet_config.history_long_limit + return now - settings.KFET_HISTORY_LONG_DATE_LIMIT if user.has_perm("kfet.is_team"): - return now - kfet_config.history_limit + return now - settings.KFET_HISTORY_LONG_DATE_LIMIT # should not happen - future earliest date return now + timedelta(days=1)