ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-02-21 15:41:18 +00:00
Code Issues Releases Wiki Activity

Add some security

Browse Source
This commit is contained in:
thomasl 2025-02-13 00:39:05 +01:00
parent c841fb6068
commit 0ec771b5ee
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/member/forms.py
View File

@ -44,7 +44,7 @@ class ProfileForm(forms.ModelForm):
""" """
A form for the extras field provided by the :model:`member.Profile` model. A form for the extras field provided by the :model:`member.Profile` model.
""" """
# Remove widget=forms.HiddenInput() if you want to use report frequency.
report_frequency = forms.IntegerField(required=False, initial=0, label=_("Statement frequency (in days)")) report_frequency = forms.IntegerField(required=False, initial=0, label=_("Statement frequency (in days)"))
last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last statement date")) last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last statement date"))
@ -67,6 +67,14 @@ class ProfileForm(forms.ModelForm):
self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"}) self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"})
self.fields['promotion'].widget.attrs.update({"max": timezone.now().year}) self.fields['promotion'].widget.attrs.update({"max": timezone.now().year})
def clean(self):
"""Force the values of fields that the user does not have permission to modify.."""
cleaned_data = super().clean()
for field_name in self.fields.keys():
if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", self.instance):
cleaned_data[field_name] = getattr(self.instance, field_name) # Force the old value
return cleaned_data
@transaction.atomic @transaction.atomic
def save(self, commit=True): def save(self, commit=True):
if not self.instance.section or (("department" in self.changed_data if not self.instance.section or (("department" in self.changed_data