cst1/kpsul
1
0
Fork 0
forked from DGNum/gestioCOF
Code Pull requests Activity

Dodo/kfet history limit exceptions

Browse source
This commit is contained in:
Dorian Lesbre 2022-05-20 12:08:59 +02:00 committed by Tom Hubrecht
parent 1ad025e046
commit bfdb34aae7
4 changed files with 68 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -29,6 +29,7 @@ adhérents ni des cotisations.
### K-Fêt
- Ajoute une exception à la limite d'historique pour les comptes `LIQ` et `#13`
- Répare le problème des étiquettes LIQ/Comptes K-Fêt inversées dans les stats des articles K-Fêt
## Version 0.11 - 26/10/2021

7
gestioasso/settings/cof_prod.py
View file

@ -7,6 +7,8 @@ Surcharge les settings définis dans common.py
import os
from datetime import timedelta
from django.utils import timezone
from .common import * # NOQA
from .common import (
AUTHENTICATION_BACKENDS,
@ -224,3 +226,8 @@ KFET_HISTORY_DATE_LIMIT = timedelta(days=7)
# Limite plus longue pour les chefs/trez
# (qui ont la permission kfet.access_old_history)
KFET_HISTORY_LONG_DATE_LIMIT = timedelta(days=30)
# These accounts don't represent actual people and can be freely accessed
# Identification based on trigrammes
KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES = ["LIQ", "#13"]
KFET_HISTORY_NO_DATE_LIMIT = timezone.datetime(1794, 10, 30) # AKA the distant past

34
kfet/templates/kfet/history.html
View file

@ -57,12 +57,18 @@ $(document).ready(function() {
});
}
const history_limit = '{{ history_limit }}';
// trigrammes speciaux (LIQ, #13)
// Peuvent être consulté a une date plus vielle que history_limit
const history_no_limit_accounts = [{% for id in history_no_limit_account_ids %}'{{ id }}', {% endfor %}];
const history_no_limit = '{{ history_no_limit }}';
let defaults_datetimepicker = {
timeZone : 'Europe/Paris',
format : 'YYYY-MM-DD HH:mm',
stepping : 5,
locale : 'fr',
minDate : '{{ history_limit }}',
minDate : history_limit,
showTodayButton: true,
widgetPositioning: {
horizontal: "left",
@ -77,11 +83,29 @@ $(document).ready(function() {
defaultDate: moment(),
}));
$("#from_date").on("dp.change", function (e) {
$('#to_date').data("DateTimePicker").minDate(e.date);
$from_date.on("dp.change", function (e) {
$to_date.data("DateTimePicker").minDate(e.date);
});
$("#to_date").on("dp.change", function (e) {
$('#from_date').data("DateTimePicker").maxDate(e.date);
$to_date.on("dp.change", function (e) {
$from_date.data("DateTimePicker").maxDate(e.date);
});
$account.on("change", function (e) {
const selected_id = $account.val();
if (history_no_limit_accounts.includes(selected_id)) {
// it is a special account
// earlier history limit
$from_date.data("DateTimePicker").minDate(history_no_limit);
}
else {
// normal history limit + reset to date for good measure
if ($to_date.val() < history_limit) {
// setting a min date > max_date causes errors
$from_date.data("DateTimePicker").maxDate(history_limit);
$to_date.data("DateTimePicker").minDate(history_limit);
}
$from_date.data("DateTimePicker").minDate(history_limit);
}
});
$("#btn-fetch").on('click', function() {

41
kfet/views.py
View file

@ -3,7 +3,7 @@ import statistics
from collections import defaultdict
from datetime import datetime, timedelta
from decimal import Decimal
from typing import List
from typing import List, Tuple
from urllib.parse import urlencode
from django.conf import settings
@ -1429,16 +1429,23 @@ def cancel_operations(request):
return JsonResponse(data)
def get_history_limit(user) -> datetime:
"""returns the earliest date the given user can view history
according to his/her permissions"""
def get_history_limit(user) -> Tuple[datetime, datetime]:
"""returns a tuple of 2 dates
- the earliest date the given user can view history of any account
- the earliest date the given user can view history of special accounts
(LIQ and #13)"""
now = timezone.now()
if user.has_perm("kfet.access_old_history"):
return now - settings.KFET_HISTORY_LONG_DATE_LIMIT
return (
now - settings.KFET_HISTORY_LONG_DATE_LIMIT,
settings.KFET_HISTORY_NO_DATE_LIMIT,
)
if user.has_perm("kfet.is_team"):
return now - settings.KFET_HISTORY_LONG_DATE_LIMIT
limit = now - settings.KFET_HISTORY_DATE_LIMIT
return limit, limit
# should not happen - future earliest date
return now + timedelta(days=1)
future = now + timedelta(days=1)
return future, future
@login_required
@ -1527,7 +1534,12 @@ def history_json(request):
return JsonResponse({}, status=403)
if limit_date:
# limiter l'accès à l'historique ancien pour confidentialité
earliest_date = get_history_limit(request.user)
earliest_date, earliest_date_no_limit = get_history_limit(request.user)
if (
account
and account.trigramme in settings.KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES
):
earliest_date = earliest_date_no_limit
opegroups = opegroups.filter(at__gte=earliest_date)
transfergroups = transfergroups.filter(at__gte=earliest_date)
@ -1619,10 +1631,19 @@ def kpsul_articles_data(request):
@teamkfet_required
def history(request):
history_limit = get_history_limit(request.user)
# These limits are only useful for JS datepickers
# They don't enforce anything and can be bypassed
# Serious checks are done in history_json
history_limit, history_no_limit = get_history_limit(request.user)
history_no_limit_account_ids = Account.objects.filter(
trigramme__in=settings.KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES
).values_list("id", flat=True)
format_date = lambda date: date.strftime("%Y-%m-%d %H:%M")
data = {
"filter_form": FilterHistoryForm(),
"history_limit": history_limit.strftime("%Y-%m-%d %H:%M"),
"history_limit": format_date(history_limit),
"history_no_limit_account_ids": history_no_limit_account_ids,
"history_no_limit": format_date(history_no_limit),
}
return render(request, "kfet/history.html", data)