forked from DGNum/gestioCOF
Added kfet history date limit when not accessing own account
This commit is contained in:
Dorian Lesbre
parent
46ef12309a
commit
fbafdb7134
|
|
@ -5,6 +5,7 @@ Surcharge les settings définis dans common.py
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
from datetime import timedelta
|
||||||
|
|
||||||
from .common import * # NOQA
|
from .common import * # NOQA
|
||||||
from .common import (
|
from .common import (
|
||||||
|
|
@ -202,3 +203,6 @@ MAIL_DATA = {
|
||||||
"REPLYTO": "BdA-Revente <bda-revente@ens.fr>",
|
"REPLYTO": "BdA-Revente <bda-revente@ens.fr>",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Max lookback date into kfet history
|
||||||
|
KFET_HISTORY_DATE_LIMIT = timedelta(weeks=1)
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,12 @@
|
||||||
import heapq
|
import heapq
|
||||||
import statistics
|
import statistics
|
||||||
from collections import defaultdict
|
from collections import defaultdict
|
||||||
from datetime import timedelta
|
from datetime import datetime, timedelta
|
||||||
from decimal import Decimal
|
from decimal import Decimal
|
||||||
from typing import List
|
from typing import List
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.contrib.auth.decorators import login_required, permission_required
|
from django.contrib.auth.decorators import login_required, permission_required
|
||||||
from django.contrib.auth.mixins import PermissionRequiredMixin
|
from django.contrib.auth.mixins import PermissionRequiredMixin
|
||||||
|
|
@ -1468,6 +1469,9 @@ def history_json(request):
|
||||||
.order_by("at")
|
.order_by("at")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# limite l'accès à l'historique plus vieux que settings.KFET_HISTORY_DATE_LIMIT
|
||||||
|
limit_date = True
|
||||||
|
|
||||||
# Application des filtres
|
# Application des filtres
|
||||||
if start:
|
if start:
|
||||||
opegroups = opegroups.filter(at__gte=start)
|
opegroups = opegroups.filter(at__gte=start)
|
||||||
|
|
@ -1484,9 +1488,17 @@ def history_json(request):
|
||||||
transfergroups = TransferGroup.objects.none()
|
transfergroups = TransferGroup.objects.none()
|
||||||
if account:
|
if account:
|
||||||
opegroups = opegroups.filter(on_acc=account)
|
opegroups = opegroups.filter(on_acc=account)
|
||||||
|
if account.cofprofile.user.id == request.user.id:
|
||||||
|
limit_date = False # pas de limite de date sur son propre historique
|
||||||
# Un non-membre de l'équipe n'a que accès à son historique
|
# Un non-membre de l'équipe n'a que accès à son historique
|
||||||
if not request.user.has_perm("kfet.is_team"):
|
if not request.user.has_perm("kfet.is_team"):
|
||||||
opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet)
|
opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet)
|
||||||
|
limit_date = False # pas de limite de date sur son propre historique
|
||||||
|
if limit_date:
|
||||||
|
# limiter l'accès à l'historique ancien pour confidentialité
|
||||||
|
earliest_date = datetime.today() - settings.KFET_HISTORY_DATE_LIMIT
|
||||||
|
opegroups = opegroups.filter(at__gte=earliest_date)
|
||||||
|
transfergroups = transfergroups.filter(at__gte=earliest_date)
|
||||||
|
|
||||||
# Construction de la réponse
|
# Construction de la réponse
|
||||||
history_groups = []
|
history_groups = []
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue