ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-06-21 09:58:23 +02:00
Code Issues Releases Wiki Activity

Merge branch 'main' into food_traceability

Browse Source
This commit is contained in:
quark
2024-08-27 17:00:11 +02:00
parent f2cb10b69f 24c4edf2e3
commit 2e71ce05a9
84 changed files with 1580 additions and 1168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apps/permission/api/views.py
View File

@ -1,9 +1,9 @@
# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later
from api.viewsets import ReadOnlyProtectedModelViewSet
from django_filters.rest_framework import DjangoFilterBackend
from rest_framework.filters import SearchFilter
from api.filters import RegexSafeSearchFilter
from api.viewsets import ReadOnlyProtectedModelViewSet
from .serializers import PermissionSerializer, RoleSerializer
from ..models import Permission, Role
@ -17,9 +17,9 @@ class PermissionViewSet(ReadOnlyProtectedModelViewSet):
"""
queryset = Permission.objects.order_by('id')
serializer_class = PermissionSerializer
filter_backends = [DjangoFilterBackend, SearchFilter]
filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
filterset_fields = ['model', 'type', 'query', 'mask', 'field', 'permanent', ]
search_fields = ['$model__name', '$query', '$description', ]
search_fields = ['$model__model', '$query', '$description', ]
class RoleViewSet(ReadOnlyProtectedModelViewSet):
@ -30,6 +30,6 @@ class RoleViewSet(ReadOnlyProtectedModelViewSet):
"""
queryset = Role.objects.order_by('id')
serializer_class = RoleSerializer
filter_backends = [DjangoFilterBackend, SearchFilter]
filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
filterset_fields = ['name', 'permissions', 'for_club', 'memberships__user', ]
search_fields = ['$name', '$for_club__name', ]

289
apps/permission/fixtures/initial.json
View File

@ -36,7 +36,7 @@
"mask": 1,
"field": "",
"permanent": true,
"description": "Voir son compte utilisateur"
"description": "Voir son compte utilisateur⋅rice"
}
},
{
@ -68,7 +68,7 @@
"mask": 1,
"field": "",
"permanent": true,
"description": "Voir sa propre note d'utilisateur"
"description": "Voir sa propre note d'utilisateur⋅rice"
}
},
{
@ -116,7 +116,7 @@
"mask": 1,
"field": "",
"permanent": false,
"description": "Voir les aliases des notes des clubs et des adhérents du club BDE"
"description": "Voir les alias des notes des clubs et des adhérent⋅es du club BDE"
}
},
{
@ -772,7 +772,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Voir les adhérents du club"
"description": "Voir les adhérent⋅es du club"
}
},
{
@ -788,7 +788,7 @@
"mask": 2,
"field": "",
"permanent": false,
"description": "Ajouter un membre à un club"
"description": "Ajouter un⋅e membre à un club"
}
},
{
@ -852,7 +852,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Modifier n'importe quel utilisateur"
"description": "Modifier n'importe quel⋅le utilisateur⋅rice"
}
},
{
@ -868,7 +868,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Ajouter un utilisateur"
"description": "Ajouter un⋅e utilisateur⋅rice"
}
},
{
@ -1284,7 +1284,7 @@
"mask": 2,
"field": "",
"permanent": false,
"description": "Inscrire un 1A au WEI"
"description": "Inscrire un⋅e 1A au WEI"
}
},
{
@ -1956,7 +1956,7 @@
"mask": 1,
"field": "",
"permanent": true,
"description": "Voir mes activitées passées, même après la fin de l'adhésion BDE"
"description": "Voir mes activités passées, même après la fin de l'adhésion BDE"
}
},
{
@ -2100,7 +2100,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Voir n'importe quel utilisateur"
"description": "Voir n'importe quel⋅le utilisateur⋅rice"
}
},
{
@ -2228,7 +2228,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Créer une note d'utilisateur"
"description": "Créer une note d'utilisateur⋅rice"
}
},
{
@ -2276,7 +2276,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Voir tous les adhérents de tous les clubs"
"description": "Voir toustes les adhérent⋅es de tous les clubs"
}
},
{
@ -2292,7 +2292,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Ajouter un membre à n'importe quel club"
"description": "Ajouter un⋅e membre à n'importe quel club"
}
},
{
@ -2372,7 +2372,7 @@
"mask": 1,
"field": "name",
"permanent": false,
"description": "Modifier le nom d'une activité non validée dont on est l'auteur"
"description": "Modifier le nom d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2388,7 +2388,7 @@
"mask": 1,
"field": "description",
"permanent": false,
"description": "Modifier la description d'une activité non validée dont on est l'auteur"
"description": "Modifier la description d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2404,7 +2404,7 @@
"mask": 1,
"field": "location",
"permanent": false,
"description": "Modifier le lieu d'une activité non validée dont on est l'auteur"
"description": "Modifier le lieu d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2420,7 +2420,7 @@
"mask": 1,
"field": "activity_type",
"permanent": false,
"description": "Modifier le type d'une activité non validée dont on est l'auteur"
"description": "Modifier le type d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2436,7 +2436,7 @@
"mask": 1,
"field": "organizer",
"permanent": false,
"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur"
"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2452,7 +2452,7 @@
"mask": 1,
"field": "attendees_club",
"permanent": false,
"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur"
"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2468,7 +2468,7 @@
"mask": 1,
"field": "date_start",
"permanent": false,
"description": "Modifier la date de début d'une activité non validée dont on est l'auteur"
"description": "Modifier la date de début d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2484,7 +2484,7 @@
"mask": 1,
"field": "date_end",
"permanent": false,
"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur"
"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur⋅rice"
}
},
{
@ -2756,7 +2756,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Modifier n'importe quel utilisateur non encore inscrit"
"description": "Modifier n'importe quel⋅le utilisateur⋅rice non encore inscrit⋅e"
}
},
{
@ -2788,7 +2788,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Voir tous les alias, y compris ceux des non adhérents"
"description": "Voir tous les alias, y compris ceux des non adhérent⋅es"
}
},
{
@ -2820,7 +2820,7 @@
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir n'importe quel utilisateur non encore inscrit"
"description": "Voir n'importe quel⋅le utilisateur⋅rice non encore inscrit⋅e"
}
},
{
@ -2847,12 +2847,12 @@
"auth",
"user"
],
"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent⋅e BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir n'importe quel utilisateur qui est adhérent BDE"
"description": "Voir n'importe quel⋅le utilisateur⋅rice qui est adhérent⋅e BDE"
}
},
{
@ -3044,7 +3044,7 @@
"mask": 3,
"field": "",
"permanent": false,
"description": "Voir toutes les amitiés, y compris celles des non adhérents"
"description": "Voir toutes les amitiés, y compris celles des non adhérent⋅es"
}
},
{
@ -3111,6 +3111,199 @@
"description": "Voir ceux nous ayant pour ami, pour toujours"
}
},
{
"model": "permission.permission",
"pk": 199,
"fields": {
"model": [
"activity",
"activity"
],
"query": "{\"opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"open\": true, \"activity_type__manage_entries\":true}",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir les activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
}
},
{
"model": "permission.permission",
"pk": 200,
"fields": {
"model": [
"activity",
"activity"
],
"query": "{\"opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"open\": true, \"activity_type__manage_entries\":true}",
"type": "change",
"mask": 2,
"field": "open",
"permanent": false,
"description": "Fermer les activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
}
},
{
"model": "permission.permission",
"pk": 201,
"fields": {
"model": [
"activity",
"entry"
],
"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]], \"activity__open\": true, \"activity__activity_type__manage_entries\":true}",
"type": "add",
"mask": 2,
"field": "",
"permanent": false,
"description": "Faire les entrées des activités ouvertes dont l'utilisateur⋅rice est ouvreur⋅se"
}
},
{
"model": "permission.permission",
"pk": 202,
"fields": {
"model": [
"activity",
"entry"
],
"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]]}",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir les entrées des activités dont l'utilisateur⋅rice est ouvreur⋅se"
}
},
{
"model": "permission.permission",
"pk": 203,
"fields": {
"model": [
"activity",
"guest"
],
"query": "{\"activity__opener__in\": [\"user\", \"note\", \"activity_responsible\", [\"all\"]]}",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir les invité⋅es des activités dont l'utilisateur⋅rice est ouvreur⋅se"
}
},
{
"model": "permission.permission",
"pk": 204,
"fields": {
"model": [
"activity",
"guesttransaction"
],
"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
"type": "add",
"mask": 2,
"field": "",
"permanent": false,
"description": "Créer une transaction d'invitation lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
}
},
{
"model": "permission.permission",
"pk": 205,
"fields": {
"model": [
"note",
"specialtransaction"
],
"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
"type": "add",
"mask": 2,
"field": "",
"permanent": false,
"description": "Créer un crédit ou un retrait quelconque lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
}
},
{
"model": "permission.permission",
"pk": 206,
"fields": {
"model": [
"note",
"notespecial"
],
"query": "[\"NOT\", {\"pk__isnull\": [\"user\", \"note\", \"activity_responsible\", [\"filter\", {\"activity__open\": true, \"activity__activity_type__manage_entries\":true}], [\"exists\"]]}]",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Afficher l'interface crédit/retrait lorsque l'utilisateur⋅rice est ouvreur⋅se d'une activité ouverte"
}
},
{
"model": "permission.permission",
"pk": 207,
"fields": {
"model": [
"activity",
"opener"
],
"query": "{}",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir les ouvreur⋅ses des activités"
}
},
{
"model": "permission.permission",
"pk": 208,
"fields": {
"model": [
"activity",
"opener"
],
"query": "{}",
"type": "add",
"mask": 2,
"field": "",
"permanent": false,
"description": "Ajouter des ouvreur⋅ses aux activités"
}
},
{
"model": "permission.permission",
"pk": 209,
"fields": {
"model": [
"activity",
"opener"
],
"query": "{}",
"type": "delete",
"mask": 2,
"field": "",
"permanent": false,
"description": "Supprimer des ouvreur⋅ses aux activités"
}
},
{
"model": "permission.permission",
"pk": 210,
"fields": {
"model": [
"activity",
"activity"
],
"query": "{}",
"type": "change",
"mask": 2,
"field": "opener",
"permanent": false,
"description": "Voir le tableau des ouvreur⋅ses"
}
},
{
"model": "permission.permission",
"pk": 211,
@ -3564,7 +3757,7 @@
"pk": 1,
"fields": {
"for_club": 1,
"name": "Adh\u00e9rent BDE",
"name": "Adh\u00e9rent\u22c5e BDE",
"permissions": [
1,
2,
@ -3596,11 +3789,19 @@
187,
188,
189,
190,
191,
195,
196,
198
190,
191,
195,
196,
198,
199,
200,
201,
202,
203,
204,
205,
206
]
}
},
@ -3609,7 +3810,7 @@
"pk": 2,
"fields": {
"for_club": 2,
"name": "Adh\u00e9rent Kfet",
"name": "Adh\u00e9rent\u22c5e Kfet",
"permissions": [
22,
36,
@ -3684,7 +3885,7 @@
"pk": 5,
"fields": {
"for_club": null,
"name": "Pr\u00e9sident\u00b7e de club",
"name": "Pr\u00e9sident\u22c5e de club",
"permissions": [
62,
142,
@ -3697,7 +3898,7 @@
"pk": 6,
"fields": {
"for_club": null,
"name": "Tr\u00e9sorier\u00b7\u00e8re de club",
"name": "Tr\u00e9sorièr\u22c5e de club",
"permissions": [
19,
20,
@ -3721,7 +3922,7 @@
"pk": 7,
"fields": {
"for_club": 1,
"name": "Pr\u00e9sident\u00b7e BDE",
"name": "Pr\u00e9sident\u22c5e BDE",
"permissions": [
24,
25,
@ -3750,7 +3951,7 @@
"pk": 8,
"fields": {
"for_club": 1,
"name": "Tr\u00e9sorier\u00b7\u00e8re BDE",
"name": "Tr\u00e9sorièr\u22c5e BDE",
"permissions": [
23,
24,
@ -3887,7 +4088,11 @@
46,
148,
149,
182
182,
207,
208,
209,
210
]
}
},
@ -3932,7 +4137,7 @@
"pk": 13,
"fields": {
"for_club": null,
"name": "Chef de bus",
"name": "Chef\u22c5fe de bus",
"permissions": [
22,
84,
@ -3951,7 +4156,7 @@
"pk": 14,
"fields": {
"for_club": null,
"name": "Chef d'\u00e9quipe",
"name": "Chef\u22c5fe d'\u00e9quipe",
"permissions": [
22,
84,
@ -4000,7 +4205,7 @@
"pk": 18,
"fields": {
"for_club": null,
"name": "Adhérent WEI",
"name": "Adhérent\u22c5e WEI",
"permissions": [
77,
114

2
apps/permission/scopes.py
View File

@ -35,6 +35,8 @@ class PermissionScopes(BaseScopes):
class PermissionOAuth2Validator(OAuth2Validator):
oidc_claim_scope = None # fix breaking change of django-oauth-toolkit 2.0.0
def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
"""
User can request as many scope as he wants, including invalid scopes,

4
apps/permission/tables.py
View File

@ -36,8 +36,8 @@ class RightsTable(tables.Table):
def render_roles(self, record):
# If the user has the right to manage the roles, display the link to manage them
roles = record.roles.filter((~(Q(name="Adhérent BDE")
| Q(name="Adhérent Kfet")
roles = record.roles.filter((~(Q(name="Adhérent⋅e BDE")
| Q(name="Adhérent⋅e Kfet")
| Q(name="Membre de club")
| Q(name="Bureau de club"))
& Q(weirole__isnull=True))).all()

4
apps/permission/tests/test_oauth2.py
View File

@ -58,7 +58,7 @@ class OAuth2TestCase(TestCase):
# Create membership to validate permissions
NoteUser.objects.create(user=self.user)
membership = Membership.objects.create(user=self.user, club_id=bde.pk)
membership.roles.add(Role.objects.get(name="Adhérent BDE"))
membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
membership.save()
# User is now a member and can now see its own user detail
@ -85,7 +85,7 @@ class OAuth2TestCase(TestCase):
bde = Club.objects.get(name="BDE")
NoteUser.objects.create(user=self.user)
membership = Membership.objects.create(user=self.user, club_id=bde.pk)
membership.roles.add(Role.objects.get(name="Adhérent BDE"))
membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
membership.save()
resp = self.client.get(reverse('permission:scopes'))

46
apps/permission/views.py
View File

@ -12,6 +12,7 @@ from django.forms import HiddenInput
from django.http import Http404
from django.utils.translation import gettext_lazy as _
from django.views.generic import UpdateView, TemplateView, CreateView
from django_tables2 import MultiTableMixin
from member.models import Membership
from .backends import PermissionBackend
@ -35,11 +36,9 @@ class ProtectQuerysetMixin:
try:
return super().get_object(queryset)
except Http404 as e:
try:
super().get_object(self.get_queryset(filter_permissions=False))
raise PermissionDenied()
except Http404:
if self.get_queryset(filter_permissions=False).count() == self.get_queryset().count():
raise e
raise PermissionDenied()
def get_form(self, form_class=None):
form = super().get_form(form_class)
@ -107,10 +106,31 @@ class ProtectedCreateView(LoginRequiredMixin, CreateView):
return super().dispatch(request, *args, **kwargs)
class RightsView(TemplateView):
class RightsView(MultiTableMixin, TemplateView):
template_name = "permission/all_rights.html"
extra_context = {"title": _("Rights")}
tables = [
lambda data: RightsTable(data, prefix="clubs-"),
lambda data: SuperuserTable(data, prefix="superusers-"),
]
def get_tables_data(self):
special_memberships = Membership.objects.filter(
date_start__lte=date.today(),
date_end__gte=date.today(),
).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent⋅e BDE")
| Q(name="Adhérent⋅e Kfet")
| Q(name="Membre de club")
| Q(name="Bureau de club"))
& Q(weirole__isnull=True))))\
.order_by("club__name", "user__last_name")\
.distinct().all()
return [
special_memberships,
User.objects.filter(is_superuser=True).order_by("last_name"),
]
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
@ -128,19 +148,9 @@ class RightsView(TemplateView):
role.clubs = [membership.club for membership in active_memberships if role in membership.roles.all()]
if self.request.user.is_authenticated:
special_memberships = Membership.objects.filter(
date_start__lte=date.today(),
date_end__gte=date.today(),
).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent BDE")
| Q(name="Adhérent Kfet")
| Q(name="Membre de club")
| Q(name="Bureau de club"))
& Q(weirole__isnull=True))))\
.order_by("club__name", "user__last_name")\
.distinct().all()
context["special_memberships_table"] = RightsTable(special_memberships, prefix="clubs-")
context["superusers"] = SuperuserTable(User.objects.filter(is_superuser=True).order_by("last_name").all(),
prefix="superusers-")
tables = context["tables"]
for name, table in zip(["special_memberships_table", "superusers"], tables):
context[name] = table
return context