forked from DGNum/gestioCOF
Création décorateur pour perm kfet.is_team
- Un accès sur une vue protégée nécessitant d'être de l'équipe envoie vers la page de connexion si l'utilisateur n'est pas connecté
This commit is contained in:
Aurélien Delobelle
parent
3444426114
commit
e927ad5801
6
kfet/decorators.py
Normal file
6
kfet/decorators.py
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
from django_cas_ng.decorators import user_passes_test
|
||||
|
||||
def kfet_is_team(user):
|
||||
return user.has_perm('kfet.is_team')
|
||||
|
||||
teamkfet_required = user_passes_test(lambda u: kfet_is_team(u))
|
||||
|
|
@ -11,15 +11,7 @@
|
|||
|
||||
{% block content %}
|
||||
|
||||
{% if post %}
|
||||
{% if success %}
|
||||
Nouveau compte créé : {{ trigramme }}
|
||||
{% else %}
|
||||
Echec de la création du compte
|
||||
{{ errors }}
|
||||
{% endif %}
|
||||
<hr>
|
||||
{% endif %}
|
||||
{% include 'kfet/base_messages.html' %}
|
||||
|
||||
<form action="{% url "kfet.account.create" %}" method="post">
|
||||
{{ account_trigramme_form }}
|
||||
|
|
|
|||
33
kfet/urls.py
33
kfet/urls.py
|
|
@ -2,6 +2,7 @@ from django.conf.urls import url
|
|||
from django.contrib.auth.decorators import permission_required
|
||||
from kfet import views
|
||||
from kfet import autocomplete
|
||||
from kfet.decorators import teamkfet_required
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^$', views.home,
|
||||
|
|
@ -61,34 +62,34 @@ urlpatterns = [
|
|||
|
||||
# Checkout - General
|
||||
url('^checkouts/$',
|
||||
permission_required('kfet.is_team')(views.CheckoutList.as_view()),
|
||||
teamkfet_required(views.CheckoutList.as_view()),
|
||||
name = 'kfet.checkout'),
|
||||
# Checkout - Create
|
||||
url('^checkouts/new$',
|
||||
permission_required('kfet.is_team')(views.CheckoutCreate.as_view()),
|
||||
teamkfet_required(views.CheckoutCreate.as_view()),
|
||||
name = 'kfet.checkout.create'),
|
||||
# Checkout - Read
|
||||
url('^checkouts/(?P<pk>\d+)$',
|
||||
permission_required('kfet.is_team')(views.CheckoutRead.as_view()),
|
||||
teamkfet_required(views.CheckoutRead.as_view()),
|
||||
name = 'kfet.checkout.read'),
|
||||
# Checkout - Update
|
||||
url('^checkouts/(?P<pk>\d+)/edit$',
|
||||
permission_required('kfet.is_team')(views.CheckoutUpdate.as_view()),
|
||||
teamkfet_required(views.CheckoutUpdate.as_view()),
|
||||
name = 'kfet.checkout.update'),
|
||||
|
||||
### Checkout Statements urls
|
||||
|
||||
# Checkout Statement - General
|
||||
url('^checkouts/statements/$',
|
||||
permission_required('kfet.is_team')(views.CheckoutStatementList.as_view()),
|
||||
teamkfet_required(views.CheckoutStatementList.as_view()),
|
||||
name = 'kfet.checkoutstatement'),
|
||||
# Checkout Statement - Create
|
||||
url('^checkouts/(?P<pk_checkout>\d+)/statements/add',
|
||||
permission_required('kfet.is_team')(views.CheckoutStatementCreate.as_view()),
|
||||
teamkfet_required(views.CheckoutStatementCreate.as_view()),
|
||||
name = 'kfet.checkoutstatement.create'),
|
||||
# Checkout Statement - Update
|
||||
url('^checkouts/(?P<pk_checkout>\d+)/statements/(?P<pk>\d+)/edit',
|
||||
permission_required('kfet.is_team')(views.CheckoutStatementUpdate.as_view()),
|
||||
teamkfet_required(views.CheckoutStatementUpdate.as_view()),
|
||||
name = 'kfet.checkoutstatement.update'),
|
||||
|
||||
# -----
|
||||
|
|
@ -97,19 +98,19 @@ urlpatterns = [
|
|||
|
||||
# Article - General
|
||||
url('^articles/$',
|
||||
permission_required('kfet.is_team')(views.ArticleList.as_view()),
|
||||
teamkfet_required(views.ArticleList.as_view()),
|
||||
name = 'kfet.article'),
|
||||
# Article - Create
|
||||
url('^articles/new$',
|
||||
permission_required('kfet.is_team')(views.ArticleCreate.as_view()),
|
||||
teamkfet_required(views.ArticleCreate.as_view()),
|
||||
name = 'kfet.article.create'),
|
||||
# Article - Read
|
||||
url('^articles/(?P<pk>\d+)$',
|
||||
permission_required('kfet.is_team')(views.ArticleRead.as_view()),
|
||||
teamkfet_required(views.ArticleRead.as_view()),
|
||||
name = 'kfet.article.read'),
|
||||
# Article - Update
|
||||
url('^articles/(?P<pk>\d+)/edit$',
|
||||
permission_required('kfet.is_team')(views.ArticleUpdate.as_view()),
|
||||
teamkfet_required(views.ArticleUpdate.as_view()),
|
||||
name = 'kfet.article.update'),
|
||||
|
||||
# -----
|
||||
|
|
@ -167,12 +168,12 @@ urlpatterns = [
|
|||
# -----
|
||||
|
||||
url(r'^inventaires/$',
|
||||
permission_required('kfet.is_team')(views.InventoryList.as_view()),
|
||||
teamkfet_required(views.InventoryList.as_view()),
|
||||
name = 'kfet.inventory'),
|
||||
url(r'^inventaires/new$', views.inventory_create,
|
||||
name = 'kfet.inventory.create'),
|
||||
url(r'^inventaires/(?P<pk>\d+)$',
|
||||
permission_required('kfet.is_team')(views.InventoryRead.as_view()),
|
||||
teamkfet_required(views.InventoryRead.as_view()),
|
||||
name = 'kfet.inventory.read'),
|
||||
|
||||
# -----
|
||||
|
|
@ -180,13 +181,13 @@ urlpatterns = [
|
|||
# -----
|
||||
|
||||
url(r'^orders/$',
|
||||
permission_required('kfet.is_team')(views.OrderList.as_view()),
|
||||
teamkfet_required(views.OrderList.as_view()),
|
||||
name = 'kfet.order'),
|
||||
url(r'^orders/(?P<pk>\d+)$',
|
||||
permission_required('kfet.is_team')(views.OrderRead.as_view()),
|
||||
teamkfet_required(views.OrderRead.as_view()),
|
||||
name = 'kfet.order.read'),
|
||||
url(r'^orders/suppliers/(?P<pk>\d+)/edit$',
|
||||
permission_required('kfet.is_team')(views.SupplierUpdate.as_view()),
|
||||
teamkfet_required(views.SupplierUpdate.as_view()),
|
||||
name = 'kfet.order.supplier.update'),
|
||||
url(r'^orders/suppliers/(?P<pk>\d+)/new-order$', views.order_create,
|
||||
name = 'kfet.order.new'),
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ from django.db.models.functions import Coalesce
|
|||
from django.utils import timezone
|
||||
from django.utils.crypto import get_random_string
|
||||
from gestioncof.models import CofProfile, Clipper
|
||||
from kfet.decorators import teamkfet_required
|
||||
from kfet.models import (Account, Checkout, Article, Settings, AccountNegative,
|
||||
CheckoutStatement, GenericTeamToken, Supplier, SupplierArticle, Inventory,
|
||||
InventoryArticle, Order, OrderArticle)
|
||||
|
|
@ -32,7 +33,7 @@ import statistics
|
|||
def home(request):
|
||||
return render(request, "kfet/base.html")
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def login_genericteam(request):
|
||||
profile, _ = CofProfile.objects.get_or_create(user=request.user)
|
||||
logout_cas = ''
|
||||
|
|
@ -59,13 +60,13 @@ def put_cleaned_data_in_dict(dict, form):
|
|||
# Account - General
|
||||
|
||||
@login_required
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def account(request):
|
||||
accounts = Account.objects.select_related('cofprofile__user').order_by('trigramme')
|
||||
return render(request, "kfet/account.html", { 'accounts' : accounts })
|
||||
|
||||
@login_required
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def account_is_validandfree_ajax(request):
|
||||
if not request.GET.get("trigramme", ''):
|
||||
raise Http404
|
||||
|
|
@ -76,7 +77,7 @@ def account_is_validandfree_ajax(request):
|
|||
# Account - Create
|
||||
|
||||
@login_required
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def account_create(request):
|
||||
|
||||
# A envoyer au template
|
||||
|
|
@ -134,7 +135,7 @@ def account_form_set_readonly_fields(user_form, cof_form):
|
|||
cof_form.fields['is_cof'].widget.attrs['disabled'] = True
|
||||
|
||||
@login_required
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def account_create_ajax(request, username=None, login_clipper=None):
|
||||
user = None
|
||||
if login_clipper:
|
||||
|
|
@ -664,7 +665,7 @@ class ArticleUpdate(SuccessMessageMixin, UpdateView):
|
|||
# K-Psul
|
||||
# -----
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def kpsul(request):
|
||||
data = {}
|
||||
data['operationgroup_form'] = KPsulOperationGroupForm()
|
||||
|
|
@ -674,7 +675,7 @@ def kpsul(request):
|
|||
data['operation_formset'] = operation_formset
|
||||
return render(request, 'kfet/kpsul.html', data)
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def kpsul_get_settings(request):
|
||||
addcost_for = Settings.ADDCOST_FOR()
|
||||
data = {
|
||||
|
|
@ -684,7 +685,7 @@ def kpsul_get_settings(request):
|
|||
}
|
||||
return JsonResponse(data)
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def account_read_json(request):
|
||||
trigramme = request.POST.get('trigramme', '')
|
||||
account = get_object_or_404(Account, trigramme=trigramme)
|
||||
|
|
@ -695,7 +696,7 @@ def account_read_json(request):
|
|||
'trigramme': account.trigramme }
|
||||
return JsonResponse(data)
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def kpsul_checkout_data(request):
|
||||
pk = request.POST.get('pk', 0)
|
||||
try:
|
||||
|
|
@ -722,7 +723,7 @@ def kpsul_checkout_data(request):
|
|||
raise http404
|
||||
return JsonResponse(data)
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def kpsul_update_addcost(request):
|
||||
addcost_form = AddcostForm(request.POST)
|
||||
|
||||
|
|
@ -762,7 +763,7 @@ def get_missing_perms(required_perms, user):
|
|||
.values_list('name', flat=True))
|
||||
return missing_perms
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def kpsul_perform_operations(request):
|
||||
# Initializing response data
|
||||
data = { 'operationgroup': 0, 'operations': [],
|
||||
|
|
@ -950,7 +951,7 @@ def kpsul_perform_operations(request):
|
|||
consumers.KPsul.group_send('kfet.kpsul', websocket_data)
|
||||
return JsonResponse(data)
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def kpsul_cancel_operations(request):
|
||||
# Pour la réponse
|
||||
data = { 'canceled': [], 'warnings': {}, 'errors': {}}
|
||||
|
|
@ -1188,7 +1189,7 @@ def history_json(request):
|
|||
opegroups_list.append(opegroup_dict)
|
||||
return JsonResponse({ 'opegroups': opegroups_list })
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def kpsul_articles_data(request):
|
||||
articles = (
|
||||
Article.objects
|
||||
|
|
@ -1196,7 +1197,7 @@ def kpsul_articles_data(request):
|
|||
.filter(is_sold=True))
|
||||
return JsonResponse({ 'articles': list(articles) })
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def history(request):
|
||||
data = {
|
||||
'filter_form': FilterHistoryForm(),
|
||||
|
|
@ -1239,7 +1240,7 @@ class SettingsUpdate(SuccessMessageMixin, UpdateView):
|
|||
# Transfer views
|
||||
# -----
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def transfers(request):
|
||||
transfergroups = (TransferGroup.objects
|
||||
.prefetch_related('transfers')
|
||||
|
|
@ -1248,13 +1249,13 @@ def transfers(request):
|
|||
'transfergroups': transfergroups,
|
||||
})
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def transfers_create(request):
|
||||
transfer_formset = TransferFormSet(queryset=Transfer.objects.none())
|
||||
return render(request, 'kfet/transfers_create.html',
|
||||
{ 'transfer_formset': transfer_formset })
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def perform_transfers(request):
|
||||
data = { 'errors': {}, 'transfers': [], 'transfergroup': 0 }
|
||||
|
||||
|
|
@ -1337,7 +1338,7 @@ class InventoryList(ListView):
|
|||
template_name = 'kfet/inventory.html'
|
||||
context_object_name = 'inventories'
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def inventory_create(request):
|
||||
|
||||
articles = (Article.objects
|
||||
|
|
@ -1428,7 +1429,7 @@ class OrderList(ListView):
|
|||
context['suppliers'] = Supplier.objects.order_by('name')
|
||||
return context
|
||||
|
||||
@permission_required('kfet.is_team')
|
||||
@teamkfet_required
|
||||
def order_create(request, pk):
|
||||
supplier = get_object_or_404(Supplier, pk=pk)
|
||||
|
||||
|
|
@ -1596,6 +1597,7 @@ class OrderRead(DetailView):
|
|||
context['mail'] = mail
|
||||
return context
|
||||
|
||||
@teamkfet_required
|
||||
def order_to_inventory(request, pk):
|
||||
order = get_object_or_404(Order, pk=pk)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue