Dodo/kfet history limit exceptions

This commit is contained in:
Dorian Lesbre 2022-05-20 12:08:59 +02:00 committed by Tom Hubrecht
parent 1ad025e046
commit bfdb34aae7
4 changed files with 68 additions and 15 deletions

View file

@ -29,6 +29,7 @@ adhérents ni des cotisations.
### K-Fêt ### K-Fêt
- Ajoute une exception à la limite d'historique pour les comptes `LIQ` et `#13`
- Répare le problème des étiquettes LIQ/Comptes K-Fêt inversées dans les stats des articles K-Fêt - Répare le problème des étiquettes LIQ/Comptes K-Fêt inversées dans les stats des articles K-Fêt
## Version 0.11 - 26/10/2021 ## Version 0.11 - 26/10/2021

View file

@ -7,6 +7,8 @@ Surcharge les settings définis dans common.py
import os import os
from datetime import timedelta from datetime import timedelta
from django.utils import timezone
from .common import * # NOQA from .common import * # NOQA
from .common import ( from .common import (
AUTHENTICATION_BACKENDS, AUTHENTICATION_BACKENDS,
@ -224,3 +226,8 @@ KFET_HISTORY_DATE_LIMIT = timedelta(days=7)
# Limite plus longue pour les chefs/trez # Limite plus longue pour les chefs/trez
# (qui ont la permission kfet.access_old_history) # (qui ont la permission kfet.access_old_history)
KFET_HISTORY_LONG_DATE_LIMIT = timedelta(days=30) KFET_HISTORY_LONG_DATE_LIMIT = timedelta(days=30)
# These accounts don't represent actual people and can be freely accessed
# Identification based on trigrammes
KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES = ["LIQ", "#13"]
KFET_HISTORY_NO_DATE_LIMIT = timezone.datetime(1794, 10, 30) # AKA the distant past

View file

@ -57,12 +57,18 @@ $(document).ready(function() {
}); });
} }
const history_limit = '{{ history_limit }}';
// trigrammes speciaux (LIQ, #13)
// Peuvent être consulté a une date plus vielle que history_limit
const history_no_limit_accounts = [{% for id in history_no_limit_account_ids %}'{{ id }}', {% endfor %}];
const history_no_limit = '{{ history_no_limit }}';
let defaults_datetimepicker = { let defaults_datetimepicker = {
timeZone : 'Europe/Paris', timeZone : 'Europe/Paris',
format : 'YYYY-MM-DD HH:mm', format : 'YYYY-MM-DD HH:mm',
stepping : 5, stepping : 5,
locale : 'fr', locale : 'fr',
minDate : '{{ history_limit }}', minDate : history_limit,
showTodayButton: true, showTodayButton: true,
widgetPositioning: { widgetPositioning: {
horizontal: "left", horizontal: "left",
@ -77,11 +83,29 @@ $(document).ready(function() {
defaultDate: moment(), defaultDate: moment(),
})); }));
$("#from_date").on("dp.change", function (e) { $from_date.on("dp.change", function (e) {
$('#to_date').data("DateTimePicker").minDate(e.date); $to_date.data("DateTimePicker").minDate(e.date);
}); });
$("#to_date").on("dp.change", function (e) { $to_date.on("dp.change", function (e) {
$('#from_date').data("DateTimePicker").maxDate(e.date); $from_date.data("DateTimePicker").maxDate(e.date);
});
$account.on("change", function (e) {
const selected_id = $account.val();
if (history_no_limit_accounts.includes(selected_id)) {
// it is a special account
// earlier history limit
$from_date.data("DateTimePicker").minDate(history_no_limit);
}
else {
// normal history limit + reset to date for good measure
if ($to_date.val() < history_limit) {
// setting a min date > max_date causes errors
$from_date.data("DateTimePicker").maxDate(history_limit);
$to_date.data("DateTimePicker").minDate(history_limit);
}
$from_date.data("DateTimePicker").minDate(history_limit);
}
}); });
$("#btn-fetch").on('click', function() { $("#btn-fetch").on('click', function() {

View file

@ -3,7 +3,7 @@ import statistics
from collections import defaultdict from collections import defaultdict
from datetime import datetime, timedelta from datetime import datetime, timedelta
from decimal import Decimal from decimal import Decimal
from typing import List from typing import List, Tuple
from urllib.parse import urlencode from urllib.parse import urlencode
from django.conf import settings from django.conf import settings
@ -1429,16 +1429,23 @@ def cancel_operations(request):
return JsonResponse(data) return JsonResponse(data)
def get_history_limit(user) -> datetime: def get_history_limit(user) -> Tuple[datetime, datetime]:
"""returns the earliest date the given user can view history """returns a tuple of 2 dates
according to his/her permissions""" - the earliest date the given user can view history of any account
- the earliest date the given user can view history of special accounts
(LIQ and #13)"""
now = timezone.now() now = timezone.now()
if user.has_perm("kfet.access_old_history"): if user.has_perm("kfet.access_old_history"):
return now - settings.KFET_HISTORY_LONG_DATE_LIMIT return (
now - settings.KFET_HISTORY_LONG_DATE_LIMIT,
settings.KFET_HISTORY_NO_DATE_LIMIT,
)
if user.has_perm("kfet.is_team"): if user.has_perm("kfet.is_team"):
return now - settings.KFET_HISTORY_LONG_DATE_LIMIT limit = now - settings.KFET_HISTORY_DATE_LIMIT
return limit, limit
# should not happen - future earliest date # should not happen - future earliest date
return now + timedelta(days=1) future = now + timedelta(days=1)
return future, future
@login_required @login_required
@ -1527,7 +1534,12 @@ def history_json(request):
return JsonResponse({}, status=403) return JsonResponse({}, status=403)
if limit_date: if limit_date:
# limiter l'accès à l'historique ancien pour confidentialité # limiter l'accès à l'historique ancien pour confidentialité
earliest_date = get_history_limit(request.user) earliest_date, earliest_date_no_limit = get_history_limit(request.user)
if (
account
and account.trigramme in settings.KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES
):
earliest_date = earliest_date_no_limit
opegroups = opegroups.filter(at__gte=earliest_date) opegroups = opegroups.filter(at__gte=earliest_date)
transfergroups = transfergroups.filter(at__gte=earliest_date) transfergroups = transfergroups.filter(at__gte=earliest_date)
@ -1619,10 +1631,19 @@ def kpsul_articles_data(request):
@teamkfet_required @teamkfet_required
def history(request): def history(request):
history_limit = get_history_limit(request.user) # These limits are only useful for JS datepickers
# They don't enforce anything and can be bypassed
# Serious checks are done in history_json
history_limit, history_no_limit = get_history_limit(request.user)
history_no_limit_account_ids = Account.objects.filter(
trigramme__in=settings.KFET_HISTORY_NO_DATE_LIMIT_TRIGRAMMES
).values_list("id", flat=True)
format_date = lambda date: date.strftime("%Y-%m-%d %H:%M")
data = { data = {
"filter_form": FilterHistoryForm(), "filter_form": FilterHistoryForm(),
"history_limit": history_limit.strftime("%Y-%m-%d %H:%M"), "history_limit": format_date(history_limit),
"history_no_limit_account_ids": history_no_limit_account_ids,
"history_no_limit": format_date(history_no_limit),
} }
return render(request, "kfet/history.html", data) return render(request, "kfet/history.html", data)