forked from DGNum/gestioCOF
Création décorateur pour perm kfet.is_team
- Un accès sur une vue protégée nécessitant d'être de l'équipe envoie vers la page de connexion si l'utilisateur n'est pas connecté
This commit is contained in:
Aurélien Delobelle
parent
3444426114
commit
e927ad5801
6
kfet/decorators.py
Normal file
6
kfet/decorators.py
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
from django_cas_ng.decorators import user_passes_test
|
||||||
|
|
||||||
|
def kfet_is_team(user):
|
||||||
|
return user.has_perm('kfet.is_team')
|
||||||
|
|
||||||
|
teamkfet_required = user_passes_test(lambda u: kfet_is_team(u))
|
||||||
|
|
@ -11,15 +11,7 @@
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
|
|
||||||
{% if post %}
|
{% include 'kfet/base_messages.html' %}
|
||||||
{% if success %}
|
|
||||||
Nouveau compte créé : {{ trigramme }}
|
|
||||||
{% else %}
|
|
||||||
Echec de la création du compte
|
|
||||||
{{ errors }}
|
|
||||||
{% endif %}
|
|
||||||
<hr>
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
<form action="{% url "kfet.account.create" %}" method="post">
|
<form action="{% url "kfet.account.create" %}" method="post">
|
||||||
{{ account_trigramme_form }}
|
{{ account_trigramme_form }}
|
||||||
|
|
|
||||||
33
kfet/urls.py
33
kfet/urls.py
|
|
@ -2,6 +2,7 @@ from django.conf.urls import url
|
||||||
from django.contrib.auth.decorators import permission_required
|
from django.contrib.auth.decorators import permission_required
|
||||||
from kfet import views
|
from kfet import views
|
||||||
from kfet import autocomplete
|
from kfet import autocomplete
|
||||||
|
from kfet.decorators import teamkfet_required
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
url(r'^$', views.home,
|
url(r'^$', views.home,
|
||||||
|
|
@ -61,34 +62,34 @@ urlpatterns = [
|
||||||
|
|
||||||
# Checkout - General
|
# Checkout - General
|
||||||
url('^checkouts/$',
|
url('^checkouts/$',
|
||||||
permission_required('kfet.is_team')(views.CheckoutList.as_view()),
|
teamkfet_required(views.CheckoutList.as_view()),
|
||||||
name = 'kfet.checkout'),
|
name = 'kfet.checkout'),
|
||||||
# Checkout - Create
|
# Checkout - Create
|
||||||
url('^checkouts/new$',
|
url('^checkouts/new$',
|
||||||
permission_required('kfet.is_team')(views.CheckoutCreate.as_view()),
|
teamkfet_required(views.CheckoutCreate.as_view()),
|
||||||
name = 'kfet.checkout.create'),
|
name = 'kfet.checkout.create'),
|
||||||
# Checkout - Read
|
# Checkout - Read
|
||||||
url('^checkouts/(?P<pk>\d+)$',
|
url('^checkouts/(?P<pk>\d+)$',
|
||||||
permission_required('kfet.is_team')(views.CheckoutRead.as_view()),
|
teamkfet_required(views.CheckoutRead.as_view()),
|
||||||
name = 'kfet.checkout.read'),
|
name = 'kfet.checkout.read'),
|
||||||
# Checkout - Update
|
# Checkout - Update
|
||||||
url('^checkouts/(?P<pk>\d+)/edit$',
|
url('^checkouts/(?P<pk>\d+)/edit$',
|
||||||
permission_required('kfet.is_team')(views.CheckoutUpdate.as_view()),
|
teamkfet_required(views.CheckoutUpdate.as_view()),
|
||||||
name = 'kfet.checkout.update'),
|
name = 'kfet.checkout.update'),
|
||||||
|
|
||||||
### Checkout Statements urls
|
### Checkout Statements urls
|
||||||
|
|
||||||
# Checkout Statement - General
|
# Checkout Statement - General
|
||||||
url('^checkouts/statements/$',
|
url('^checkouts/statements/$',
|
||||||
permission_required('kfet.is_team')(views.CheckoutStatementList.as_view()),
|
teamkfet_required(views.CheckoutStatementList.as_view()),
|
||||||
name = 'kfet.checkoutstatement'),
|
name = 'kfet.checkoutstatement'),
|
||||||
# Checkout Statement - Create
|
# Checkout Statement - Create
|
||||||
url('^checkouts/(?P<pk_checkout>\d+)/statements/add',
|
url('^checkouts/(?P<pk_checkout>\d+)/statements/add',
|
||||||
permission_required('kfet.is_team')(views.CheckoutStatementCreate.as_view()),
|
teamkfet_required(views.CheckoutStatementCreate.as_view()),
|
||||||
name = 'kfet.checkoutstatement.create'),
|
name = 'kfet.checkoutstatement.create'),
|
||||||
# Checkout Statement - Update
|
# Checkout Statement - Update
|
||||||
url('^checkouts/(?P<pk_checkout>\d+)/statements/(?P<pk>\d+)/edit',
|
url('^checkouts/(?P<pk_checkout>\d+)/statements/(?P<pk>\d+)/edit',
|
||||||
permission_required('kfet.is_team')(views.CheckoutStatementUpdate.as_view()),
|
teamkfet_required(views.CheckoutStatementUpdate.as_view()),
|
||||||
name = 'kfet.checkoutstatement.update'),
|
name = 'kfet.checkoutstatement.update'),
|
||||||
|
|
||||||
# -----
|
# -----
|
||||||
|
|
@ -97,19 +98,19 @@ urlpatterns = [
|
||||||
|
|
||||||
# Article - General
|
# Article - General
|
||||||
url('^articles/$',
|
url('^articles/$',
|
||||||
permission_required('kfet.is_team')(views.ArticleList.as_view()),
|
teamkfet_required(views.ArticleList.as_view()),
|
||||||
name = 'kfet.article'),
|
name = 'kfet.article'),
|
||||||
# Article - Create
|
# Article - Create
|
||||||
url('^articles/new$',
|
url('^articles/new$',
|
||||||
permission_required('kfet.is_team')(views.ArticleCreate.as_view()),
|
teamkfet_required(views.ArticleCreate.as_view()),
|
||||||
name = 'kfet.article.create'),
|
name = 'kfet.article.create'),
|
||||||
# Article - Read
|
# Article - Read
|
||||||
url('^articles/(?P<pk>\d+)$',
|
url('^articles/(?P<pk>\d+)$',
|
||||||
permission_required('kfet.is_team')(views.ArticleRead.as_view()),
|
teamkfet_required(views.ArticleRead.as_view()),
|
||||||
name = 'kfet.article.read'),
|
name = 'kfet.article.read'),
|
||||||
# Article - Update
|
# Article - Update
|
||||||
url('^articles/(?P<pk>\d+)/edit$',
|
url('^articles/(?P<pk>\d+)/edit$',
|
||||||
permission_required('kfet.is_team')(views.ArticleUpdate.as_view()),
|
teamkfet_required(views.ArticleUpdate.as_view()),
|
||||||
name = 'kfet.article.update'),
|
name = 'kfet.article.update'),
|
||||||
|
|
||||||
# -----
|
# -----
|
||||||
|
|
@ -167,12 +168,12 @@ urlpatterns = [
|
||||||
# -----
|
# -----
|
||||||
|
|
||||||
url(r'^inventaires/$',
|
url(r'^inventaires/$',
|
||||||
permission_required('kfet.is_team')(views.InventoryList.as_view()),
|
teamkfet_required(views.InventoryList.as_view()),
|
||||||
name = 'kfet.inventory'),
|
name = 'kfet.inventory'),
|
||||||
url(r'^inventaires/new$', views.inventory_create,
|
url(r'^inventaires/new$', views.inventory_create,
|
||||||
name = 'kfet.inventory.create'),
|
name = 'kfet.inventory.create'),
|
||||||
url(r'^inventaires/(?P<pk>\d+)$',
|
url(r'^inventaires/(?P<pk>\d+)$',
|
||||||
permission_required('kfet.is_team')(views.InventoryRead.as_view()),
|
teamkfet_required(views.InventoryRead.as_view()),
|
||||||
name = 'kfet.inventory.read'),
|
name = 'kfet.inventory.read'),
|
||||||
|
|
||||||
# -----
|
# -----
|
||||||
|
|
@ -180,13 +181,13 @@ urlpatterns = [
|
||||||
# -----
|
# -----
|
||||||
|
|
||||||
url(r'^orders/$',
|
url(r'^orders/$',
|
||||||
permission_required('kfet.is_team')(views.OrderList.as_view()),
|
teamkfet_required(views.OrderList.as_view()),
|
||||||
name = 'kfet.order'),
|
name = 'kfet.order'),
|
||||||
url(r'^orders/(?P<pk>\d+)$',
|
url(r'^orders/(?P<pk>\d+)$',
|
||||||
permission_required('kfet.is_team')(views.OrderRead.as_view()),
|
teamkfet_required(views.OrderRead.as_view()),
|
||||||
name = 'kfet.order.read'),
|
name = 'kfet.order.read'),
|
||||||
url(r'^orders/suppliers/(?P<pk>\d+)/edit$',
|
url(r'^orders/suppliers/(?P<pk>\d+)/edit$',
|
||||||
permission_required('kfet.is_team')(views.SupplierUpdate.as_view()),
|
teamkfet_required(views.SupplierUpdate.as_view()),
|
||||||
name = 'kfet.order.supplier.update'),
|
name = 'kfet.order.supplier.update'),
|
||||||
url(r'^orders/suppliers/(?P<pk>\d+)/new-order$', views.order_create,
|
url(r'^orders/suppliers/(?P<pk>\d+)/new-order$', views.order_create,
|
||||||
name = 'kfet.order.new'),
|
name = 'kfet.order.new'),
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ from django.db.models.functions import Coalesce
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.utils.crypto import get_random_string
|
from django.utils.crypto import get_random_string
|
||||||
from gestioncof.models import CofProfile, Clipper
|
from gestioncof.models import CofProfile, Clipper
|
||||||
|
from kfet.decorators import teamkfet_required
|
||||||
from kfet.models import (Account, Checkout, Article, Settings, AccountNegative,
|
from kfet.models import (Account, Checkout, Article, Settings, AccountNegative,
|
||||||
CheckoutStatement, GenericTeamToken, Supplier, SupplierArticle, Inventory,
|
CheckoutStatement, GenericTeamToken, Supplier, SupplierArticle, Inventory,
|
||||||
InventoryArticle, Order, OrderArticle)
|
InventoryArticle, Order, OrderArticle)
|
||||||
|
|
@ -32,7 +33,7 @@ import statistics
|
||||||
def home(request):
|
def home(request):
|
||||||
return render(request, "kfet/base.html")
|
return render(request, "kfet/base.html")
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def login_genericteam(request):
|
def login_genericteam(request):
|
||||||
profile, _ = CofProfile.objects.get_or_create(user=request.user)
|
profile, _ = CofProfile.objects.get_or_create(user=request.user)
|
||||||
logout_cas = ''
|
logout_cas = ''
|
||||||
|
|
@ -59,13 +60,13 @@ def put_cleaned_data_in_dict(dict, form):
|
||||||
# Account - General
|
# Account - General
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def account(request):
|
def account(request):
|
||||||
accounts = Account.objects.select_related('cofprofile__user').order_by('trigramme')
|
accounts = Account.objects.select_related('cofprofile__user').order_by('trigramme')
|
||||||
return render(request, "kfet/account.html", { 'accounts' : accounts })
|
return render(request, "kfet/account.html", { 'accounts' : accounts })
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def account_is_validandfree_ajax(request):
|
def account_is_validandfree_ajax(request):
|
||||||
if not request.GET.get("trigramme", ''):
|
if not request.GET.get("trigramme", ''):
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
@ -76,7 +77,7 @@ def account_is_validandfree_ajax(request):
|
||||||
# Account - Create
|
# Account - Create
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def account_create(request):
|
def account_create(request):
|
||||||
|
|
||||||
# A envoyer au template
|
# A envoyer au template
|
||||||
|
|
@ -134,7 +135,7 @@ def account_form_set_readonly_fields(user_form, cof_form):
|
||||||
cof_form.fields['is_cof'].widget.attrs['disabled'] = True
|
cof_form.fields['is_cof'].widget.attrs['disabled'] = True
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def account_create_ajax(request, username=None, login_clipper=None):
|
def account_create_ajax(request, username=None, login_clipper=None):
|
||||||
user = None
|
user = None
|
||||||
if login_clipper:
|
if login_clipper:
|
||||||
|
|
@ -664,7 +665,7 @@ class ArticleUpdate(SuccessMessageMixin, UpdateView):
|
||||||
# K-Psul
|
# K-Psul
|
||||||
# -----
|
# -----
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def kpsul(request):
|
def kpsul(request):
|
||||||
data = {}
|
data = {}
|
||||||
data['operationgroup_form'] = KPsulOperationGroupForm()
|
data['operationgroup_form'] = KPsulOperationGroupForm()
|
||||||
|
|
@ -674,7 +675,7 @@ def kpsul(request):
|
||||||
data['operation_formset'] = operation_formset
|
data['operation_formset'] = operation_formset
|
||||||
return render(request, 'kfet/kpsul.html', data)
|
return render(request, 'kfet/kpsul.html', data)
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def kpsul_get_settings(request):
|
def kpsul_get_settings(request):
|
||||||
addcost_for = Settings.ADDCOST_FOR()
|
addcost_for = Settings.ADDCOST_FOR()
|
||||||
data = {
|
data = {
|
||||||
|
|
@ -684,7 +685,7 @@ def kpsul_get_settings(request):
|
||||||
}
|
}
|
||||||
return JsonResponse(data)
|
return JsonResponse(data)
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def account_read_json(request):
|
def account_read_json(request):
|
||||||
trigramme = request.POST.get('trigramme', '')
|
trigramme = request.POST.get('trigramme', '')
|
||||||
account = get_object_or_404(Account, trigramme=trigramme)
|
account = get_object_or_404(Account, trigramme=trigramme)
|
||||||
|
|
@ -695,7 +696,7 @@ def account_read_json(request):
|
||||||
'trigramme': account.trigramme }
|
'trigramme': account.trigramme }
|
||||||
return JsonResponse(data)
|
return JsonResponse(data)
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def kpsul_checkout_data(request):
|
def kpsul_checkout_data(request):
|
||||||
pk = request.POST.get('pk', 0)
|
pk = request.POST.get('pk', 0)
|
||||||
try:
|
try:
|
||||||
|
|
@ -722,7 +723,7 @@ def kpsul_checkout_data(request):
|
||||||
raise http404
|
raise http404
|
||||||
return JsonResponse(data)
|
return JsonResponse(data)
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def kpsul_update_addcost(request):
|
def kpsul_update_addcost(request):
|
||||||
addcost_form = AddcostForm(request.POST)
|
addcost_form = AddcostForm(request.POST)
|
||||||
|
|
||||||
|
|
@ -762,7 +763,7 @@ def get_missing_perms(required_perms, user):
|
||||||
.values_list('name', flat=True))
|
.values_list('name', flat=True))
|
||||||
return missing_perms
|
return missing_perms
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def kpsul_perform_operations(request):
|
def kpsul_perform_operations(request):
|
||||||
# Initializing response data
|
# Initializing response data
|
||||||
data = { 'operationgroup': 0, 'operations': [],
|
data = { 'operationgroup': 0, 'operations': [],
|
||||||
|
|
@ -950,7 +951,7 @@ def kpsul_perform_operations(request):
|
||||||
consumers.KPsul.group_send('kfet.kpsul', websocket_data)
|
consumers.KPsul.group_send('kfet.kpsul', websocket_data)
|
||||||
return JsonResponse(data)
|
return JsonResponse(data)
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def kpsul_cancel_operations(request):
|
def kpsul_cancel_operations(request):
|
||||||
# Pour la réponse
|
# Pour la réponse
|
||||||
data = { 'canceled': [], 'warnings': {}, 'errors': {}}
|
data = { 'canceled': [], 'warnings': {}, 'errors': {}}
|
||||||
|
|
@ -1188,7 +1189,7 @@ def history_json(request):
|
||||||
opegroups_list.append(opegroup_dict)
|
opegroups_list.append(opegroup_dict)
|
||||||
return JsonResponse({ 'opegroups': opegroups_list })
|
return JsonResponse({ 'opegroups': opegroups_list })
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def kpsul_articles_data(request):
|
def kpsul_articles_data(request):
|
||||||
articles = (
|
articles = (
|
||||||
Article.objects
|
Article.objects
|
||||||
|
|
@ -1196,7 +1197,7 @@ def kpsul_articles_data(request):
|
||||||
.filter(is_sold=True))
|
.filter(is_sold=True))
|
||||||
return JsonResponse({ 'articles': list(articles) })
|
return JsonResponse({ 'articles': list(articles) })
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def history(request):
|
def history(request):
|
||||||
data = {
|
data = {
|
||||||
'filter_form': FilterHistoryForm(),
|
'filter_form': FilterHistoryForm(),
|
||||||
|
|
@ -1239,7 +1240,7 @@ class SettingsUpdate(SuccessMessageMixin, UpdateView):
|
||||||
# Transfer views
|
# Transfer views
|
||||||
# -----
|
# -----
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def transfers(request):
|
def transfers(request):
|
||||||
transfergroups = (TransferGroup.objects
|
transfergroups = (TransferGroup.objects
|
||||||
.prefetch_related('transfers')
|
.prefetch_related('transfers')
|
||||||
|
|
@ -1248,13 +1249,13 @@ def transfers(request):
|
||||||
'transfergroups': transfergroups,
|
'transfergroups': transfergroups,
|
||||||
})
|
})
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def transfers_create(request):
|
def transfers_create(request):
|
||||||
transfer_formset = TransferFormSet(queryset=Transfer.objects.none())
|
transfer_formset = TransferFormSet(queryset=Transfer.objects.none())
|
||||||
return render(request, 'kfet/transfers_create.html',
|
return render(request, 'kfet/transfers_create.html',
|
||||||
{ 'transfer_formset': transfer_formset })
|
{ 'transfer_formset': transfer_formset })
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def perform_transfers(request):
|
def perform_transfers(request):
|
||||||
data = { 'errors': {}, 'transfers': [], 'transfergroup': 0 }
|
data = { 'errors': {}, 'transfers': [], 'transfergroup': 0 }
|
||||||
|
|
||||||
|
|
@ -1337,7 +1338,7 @@ class InventoryList(ListView):
|
||||||
template_name = 'kfet/inventory.html'
|
template_name = 'kfet/inventory.html'
|
||||||
context_object_name = 'inventories'
|
context_object_name = 'inventories'
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def inventory_create(request):
|
def inventory_create(request):
|
||||||
|
|
||||||
articles = (Article.objects
|
articles = (Article.objects
|
||||||
|
|
@ -1428,7 +1429,7 @@ class OrderList(ListView):
|
||||||
context['suppliers'] = Supplier.objects.order_by('name')
|
context['suppliers'] = Supplier.objects.order_by('name')
|
||||||
return context
|
return context
|
||||||
|
|
||||||
@permission_required('kfet.is_team')
|
@teamkfet_required
|
||||||
def order_create(request, pk):
|
def order_create(request, pk):
|
||||||
supplier = get_object_or_404(Supplier, pk=pk)
|
supplier = get_object_or_404(Supplier, pk=pk)
|
||||||
|
|
||||||
|
|
@ -1596,6 +1597,7 @@ class OrderRead(DetailView):
|
||||||
context['mail'] = mail
|
context['mail'] = mail
|
||||||
return context
|
return context
|
||||||
|
|
||||||
|
@teamkfet_required
|
||||||
def order_to_inventory(request, pk):
|
def order_to_inventory(request, pk):
|
||||||
order = get_object_or_404(Order, pk=pk)
|
order = get_object_or_404(Order, pk=pk)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue