Meilleure gestion des permissions dans l'admin

Seul les superusers ont le contrôle sur les groupes et permissions.

Un membre du burô est automatiquement ajouté au groupe COF, lui même
créé automatiquement s'il n'existe pas.
This commit is contained in:
Martin Pépin 2016-08-30 22:31:55 +02:00
parent 813cbe7b13
commit 9d5931fd6f

View file

@ -12,10 +12,11 @@ from gestioncof.models import SurveyQuestionAnswer, SurveyQuestion, \
from gestioncof.petits_cours_models import PetitCoursDemande, \ from gestioncof.petits_cours_models import PetitCoursDemande, \
PetitCoursSubject, PetitCoursAbility, PetitCoursAttribution, \ PetitCoursSubject, PetitCoursAbility, PetitCoursAttribution, \
PetitCoursAttributionCounter PetitCoursAttributionCounter
from django.contrib.auth.models import User from django.contrib.auth.models import User, Group, Permission
from django.contrib.auth.admin import UserAdmin from django.contrib.auth.admin import UserAdmin
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from django.utils.safestring import mark_safe from django.utils.safestring import mark_safe
from django.db.models import Q
import django.utils.six as six import django.utils.six as six
import autocomplete_light import autocomplete_light
@ -164,12 +165,6 @@ class UserProfileAdmin(UserAdmin):
is_cof.short_description = 'Membre du COF' is_cof.short_description = 'Membre du COF'
is_cof.boolean = True is_cof.boolean = True
fieldsets = [
(None, {'fields': ['username', 'password']}),
(_('Personal info'), {'fields': ['first_name', 'last_name', 'email']}),
(_('Groups'), {'fields': ['groups']})
]
list_display = ('profile_num',) + UserAdmin.list_display \ list_display = ('profile_num',) + UserAdmin.list_display \
+ ('profile_login_clipper', 'profile_phone', 'profile_occupation', + ('profile_login_clipper', 'profile_phone', 'profile_occupation',
'profile_mailing_cof', 'profile_mailing_bda', 'profile_mailing_cof', 'profile_mailing_bda',
@ -183,9 +178,38 @@ class UserProfileAdmin(UserAdmin):
CofProfileInline, CofProfileInline,
] ]
staff_fieldsets = [
(None, {'fields': ['username', 'password']}),
(_('Personal info'), {'fields': ['first_name', 'last_name', 'email']}),
]
def get_fieldsets(self, request, user=None):
if not request.user.is_superuser:
return self.staff_fieldsets
return super(UserProfileAdmin, self).get_fieldsets(request, user)
def save_model(self, request, user, form, change): def save_model(self, request, user, form, change):
cof_group, created = Group.objects.get_or_create(name='COF')
if created:
# Si le groupe COF n'était pas déjà dans la bdd
# On lui assigne les bonnes permissions
perms = Permission.objects.filter(
Q(content_type__app_label='gestioncof')
| Q(content_type__app_label='bda')
| (Q(content_type__app_label='auth')
& Q(content_type__model='user')))
cof_group.permissions = perms
# On y associe les membres du Burô
cof_group.user_set = User.objects.filter(profile__is_buro=True)
# Sauvegarde
cof_group.save()
# le Burô est staff et appartient au groupe COF
if user.profile.is_buro: if user.profile.is_buro:
user.is_staff = True user.is_staff = True
user.groups.add(cof_group)
else:
user.is_staff = False
user.groups.remove(cof_group)
user.save() user.save()