From a60df91b04eca66f11d6d613773c5dbe01dffb89 Mon Sep 17 00:00:00 2001 From: Ludovic Stephan Date: Thu, 21 Nov 2019 01:18:38 +0100 Subject: [PATCH] Add decorator to needed views --- kfet/templates/kfet/account_group_form.html | 3 --- kfet/views.py | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/kfet/templates/kfet/account_group_form.html b/kfet/templates/kfet/account_group_form.html index 90e3aa36..a6faf8c5 100644 --- a/kfet/templates/kfet/account_group_form.html +++ b/kfet/templates/kfet/account_group_form.html @@ -30,9 +30,6 @@ {% include "kfet/form_field_snippet.html" with field=form.permissions %} - {% if not perms.kfet.manage_perms %} - {% include "kfet/form_authentication_snippet.html" %} - {% endif %} {% include "kfet/form_submit_snippet.html" with value="Enregistrer" %} diff --git a/kfet/views.py b/kfet/views.py index 4160d1de..c5d5082b 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -24,6 +24,7 @@ from django.views.generic.edit import CreateView, DeleteView, UpdateView from gestioncof.models import CofProfile from kfet import KFET_DELETED_TRIGRAMME, consumers +from kfet.auth.decorators import kfet_password_auth from kfet.config import kfet_config from kfet.decorators import teamkfet_required from kfet.forms import ( @@ -119,6 +120,7 @@ def account_is_validandfree_ajax(request): @login_required @teamkfet_required +@kfet_password_auth def account_create(request): # Enregistrement @@ -320,6 +322,7 @@ def account_read(request, trigramme): @login_required +@kfet_password_auth def account_update(request, trigramme): account = get_object_or_404(Account, trigramme=trigramme) @@ -518,6 +521,7 @@ class CheckoutList(ListView): # Checkout - Create +@method_decorator(kfet_password_auth, name="dispatch") class CheckoutCreate(SuccessMessageMixin, CreateView): model = Checkout template_name = "kfet/checkout_create.html" @@ -629,6 +633,7 @@ def getAmountBalance(data): ) +@method_decorator(kfet_password_auth, name="dispatch") class CheckoutStatementCreate(SuccessMessageMixin, CreateView): model = CheckoutStatement template_name = "kfet/checkoutstatement_create.html" @@ -665,6 +670,7 @@ class CheckoutStatementCreate(SuccessMessageMixin, CreateView): return super().form_valid(form) +@method_decorator(kfet_password_auth, name="dispatch") class CheckoutStatementUpdate(SuccessMessageMixin, UpdateView): model = CheckoutStatement template_name = "kfet/checkoutstatement_update.html" @@ -705,6 +711,7 @@ class CategoryList(ListView): # Category - Update +@method_decorator(kfet_password_auth, name="dispatch") class CategoryUpdate(SuccessMessageMixin, UpdateView): model = ArticleCategory template_name = "kfet/category_update.html" @@ -959,6 +966,7 @@ def kpsul_checkout_data(request): @teamkfet_required +@kfet_password_auth def kpsul_update_addcost(request): addcost_form = AddcostForm(request.POST) @@ -996,6 +1004,7 @@ def get_missing_perms(required_perms, user): @teamkfet_required +@kfet_password_auth def kpsul_perform_operations(request): # Initializing response data data = {"operationgroup": 0, "operations": [], "warnings": {}, "errors": {}} @@ -1187,6 +1196,7 @@ def kpsul_perform_operations(request): @teamkfet_required +@kfet_password_auth def kpsul_cancel_operations(request): # Pour la réponse data = {"canceled": [], "warnings": {}, "errors": {}} @@ -1545,6 +1555,7 @@ def transfers_create(request): @teamkfet_required +@kfet_password_auth def perform_transfers(request): data = {"errors": {}, "transfers": [], "transfergroup": 0} @@ -1626,6 +1637,7 @@ def perform_transfers(request): @teamkfet_required +@kfet_password_auth def cancel_transfers(request): # Pour la réponse data = {"canceled": [], "warnings": {}, "errors": {}} @@ -1739,6 +1751,7 @@ class InventoryList(ListView): @teamkfet_required +@kfet_password_auth def inventory_create(request): articles = Article.objects.select_related("category").order_by( @@ -1833,6 +1846,7 @@ class OrderList(ListView): @teamkfet_required +@kfet_password_auth def order_create(request, pk): supplier = get_object_or_404(Supplier, pk=pk) @@ -1985,6 +1999,7 @@ class OrderRead(DetailView): @teamkfet_required +@kfet_password_auth def order_to_inventory(request, pk): order = get_object_or_404(Order, pk=pk) @@ -2092,6 +2107,7 @@ def order_to_inventory(request, pk): ) +@method_decorator(kfet_password_auth, name="dispatch") class SupplierUpdate(SuccessMessageMixin, UpdateView): model = Supplier template_name = "kfet/supplier_form.html"