mirror of
				https://gitlab.crans.org/bde/nk20
				synced 2025-10-26 05:23:18 +01:00 
			
		
		
		
	Compare commits
	
		
			213 Commits
		
	
	
		
			8f895dc4d7
			...
			inclusive
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 5c77b6ebfa | |||
| 92610c5ffd | |||
| ddbdd5b5d0 | |||
| e3ee39ca81 | |||
| 0c1c845f72 | |||
| edcf42beb6 | |||
| 3306aed6dc | |||
| a69573ccdb | |||
| 5a77a66391 | |||
|  | 761fc170eb | ||
|  | ac23d7eb54 | ||
|  | 40e7415062 | ||
|  | 319405d2b1 | ||
|  | 633ab88b04 | ||
|  | e29b42eecc | ||
|  | dc69faaf1d | ||
|  | 442a5c5e36 | ||
|  | 7ab0fec3bc | ||
|  | bd4fb23351 | ||
|  | ee22e9b3b6 | ||
|  | 19ae616fb4 | ||
|  | b7657ec362 | ||
|  | 4d03d9460d | ||
| 3633f66a87 | |||
| d43fbe7ac6 | |||
|  | df5f9b5f1e | ||
| 4161248bff | |||
| 58136f3c48 | |||
| d9b4e0a9a9 | |||
| 8563a8d235 | |||
| 5f69232560 | |||
| d3273e9ee2 | |||
| 4e30f805a7 | |||
| 546e422e64 | |||
| 9048a416df | |||
| 8578bd743c | |||
| 45a10dad00 | |||
| 18a1282773 | |||
| 132afc3d15 | |||
| 6bf16a181a | |||
| e20df82346 | |||
| 1eb72044c2 | |||
| f88eae924c | |||
| 4b6e3ba546 | |||
| bf0fe3479f | |||
| 45ba4f9537 | |||
| b204805ce2 | |||
| 2f28e34cec | |||
| 9c8ea2cd41 | |||
| 41289857b2 | |||
| 28a8792c9f | |||
| 58cafad032 | |||
| 7848cd9cc2 | |||
| d18ccfac23 | |||
|  | e479e1e3a4 | ||
|  | 82b0c83b1f | ||
| 38ca414ef6 | |||
| fd811053c7 | |||
| 9d386d1ecf | |||
|  | 0bd447b608 | ||
|  | 3f3c93d928 | ||
|  | 340c90f5d3 | ||
| ca2b9f061c | |||
| a05dfcbf3d | |||
| ba3c0fb18d | |||
| ab69963ea1 | |||
| 654c01631a | |||
| d94cc2a7ad | |||
| 69bb38297f | |||
| 9628560d64 | |||
| df3bb71357 | |||
| 2a216fd994 | |||
| 8dd2619013 | |||
| 62431a4910 | |||
|  | 946bc1e497 | ||
| d4896bfd76 | |||
| 23f46cc598 | |||
| d1a9f21b56 | |||
| d809b2595a | |||
| 97803ac983 | |||
| b951c4aa05 | |||
| 69b3d2ac9c | |||
| f29054558a | |||
| 11dd8adbb7 | |||
| d437f2bdbd | |||
| ac8453b04c | |||
|  | 6b4d18f4b3 | ||
|  | 668cfa71a7 | ||
| 161db0b00b | |||
| 8638c16b34 | |||
| 9583cec3ff | |||
| 1ef25924a0 | |||
| e89383e3f4 | |||
| 79a116d9c6 | |||
| aa75ce5c7a | |||
| a3a9dfc812 | |||
| 76531595ad | |||
| a0b920ac94 | |||
| ab2e580e68 | |||
| 0234f19a33 | |||
| 1a4b7c83e8 | |||
| 4c17e2a92b | |||
| e68afc7d0a | |||
| c6e3b54f94 | |||
| 7e6a14296a | |||
| 780f78b385 | |||
| 4e3c32eb5e | |||
| ef118c2445 | |||
| 600ba15faa | |||
| 944bb127e2 | |||
| f6d042c998 | |||
| bb9a0a2593 | |||
| 61feac13c7 | |||
| 81e708a7e3 | |||
| 3532846c87 | |||
| 49551e88f8 | |||
| db936bf75a | |||
| 5828a20383 | |||
| cea3138daf | |||
| fb98d9cd8b | |||
| 0dd3da5c01 | |||
| af4be98b5b | |||
| be6059eba6 | |||
| 5793b83de7 | |||
| 2c02c747f4 | |||
| a78f3b7caa | |||
| 1ee40cb94e | |||
| bd035744a4 | |||
| 7edd622755 | |||
| 8fd5b6ee01 | |||
| 03411ac9bd | |||
| d965732b65 | |||
| 048266ed61 | |||
| b27341009e | |||
| da1e15c5e6 | |||
| 4b03a78ad6 | |||
| fb6e3c3de0 | |||
| 391f3bde8f | |||
| ad04e45992 | |||
| 4e1ba1447a | |||
| b646f549d6 | |||
| ba9ef0371a | |||
| 881cd88f48 | |||
| b4ed354b73 | |||
| e5051ab018 | |||
| bb69627ac5 | |||
| ffaa020310 | |||
| 6d2b7054e2 | |||
| d888d5863a | |||
| dbc7b3444b | |||
| f25eb1d2c5 | |||
| a2a749e1ca | |||
| 5bf6a5501d | |||
| 9523b5f05f | |||
| 5eb3ffca66 | |||
| 9930c48253 | |||
| d902e63a0c | |||
| 48b0bade51 | |||
| f75dbc4525 | |||
| fbf64db16e | |||
| a3fd8ba063 | |||
| 9b26207515 | |||
| 7ea36a5415 | |||
| 898f6d52bf | |||
| 8be16e7b58 | |||
| ea092803d7 | |||
| 5e9f36ef1a | |||
| b4d87bc6b5 | |||
| dd639d829e | |||
| 7b809ff3a6 | |||
| d36edfc063 | |||
| cf87da096f | |||
| e452b7acbf | |||
| 74ab4df9fe | |||
| 451851c955 | |||
| 789ca149af | |||
| 7d3f1930b8 | |||
| e8f4ca1e09 | |||
| 733f145be3 | |||
| 48c37353ea | |||
| 8056dc096d | |||
| 6d5b69cd26 | |||
| a7bdffd71a | |||
| 0887e4bbde | |||
| 199f4ca1f2 | |||
| 802a6c68cb | |||
| 41a0b3a1c1 | |||
| aa35724be2 | |||
| 9086d33158 | |||
| 43d214b982 | |||
| b93e4a8d11 | |||
| b9a9704061 | |||
| fee52f326a | |||
| 317966d5c1 | |||
| 9f0a22d3d1 | |||
| a5ecdd100c | |||
| f60691846b | |||
| d5ecb72a71 | |||
| 8cf9dfb9b9 | |||
| c3ab61bd04 | |||
| 0b4b6dcb3e | |||
| 0d5f6c0332 | |||
| 7b28938cde | |||
| 35ffb36fbd | |||
|  | 08ba0b263a | ||
|  | c4c4e9594f | ||
|  | 4166823d55 | ||
|  | dc0f3dbcef | ||
|  | 4583958f50 | ||
|  | b3abe9ab18 | ||
|  | 27f23b48b6 | ||
|  | 67e170d4a6 | ||
|  | bab394908d | 
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -47,6 +47,7 @@ backups/ | |||||||
| env/ | env/ | ||||||
| venv/ | venv/ | ||||||
| db.sqlite3 | db.sqlite3 | ||||||
|  | shell.nix | ||||||
|  |  | ||||||
| # ansibles customs host | # ansibles customs host | ||||||
| ansible/host_vars/*.yaml | ansible/host_vars/*.yaml | ||||||
|   | |||||||
| @@ -1,8 +1,8 @@ | |||||||
| # NoteKfet 2020 | # NoteKfet 2020 | ||||||
|  |  | ||||||
| [](https://www.gnu.org/licenses/gpl-3.0.txt) | [](https://www.gnu.org/licenses/gpl-3.0.txt) | ||||||
| [](https://gitlab.crans.org/bde/nk20/commits/master) | [](https://gitlab.crans.org/bde/nk20/commits/main) | ||||||
| [](https://gitlab.crans.org/bde/nk20/commits/master) | [](https://gitlab.crans.org/bde/nk20/commits/main) | ||||||
|  |  | ||||||
| ## Table des matières | ## Table des matières | ||||||
|  |  | ||||||
| @@ -55,7 +55,7 @@ Bien que cela permette de créer une instance sur toutes les distributions, | |||||||
|     (env)$ ./manage.py makemigrations |     (env)$ ./manage.py makemigrations | ||||||
|     (env)$ ./manage.py migrate |     (env)$ ./manage.py migrate | ||||||
|     (env)$ ./manage.py loaddata initial |     (env)$ ./manage.py loaddata initial | ||||||
|     (env)$ ./manage.py createsuperuser  # Création d'un utilisateur initial |     (env)$ ./manage.py createsuperuser  # Création d'un⋅e utilisateur⋅rice initial | ||||||
|     ``` |     ``` | ||||||
|  |  | ||||||
| 6.  Enjoy : | 6.  Enjoy : | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|       prompt: "Password of the database (leave it blank to skip database init)" |       prompt: "Password of the database (leave it blank to skip database init)" | ||||||
|       private: yes |       private: yes | ||||||
|   vars: |   vars: | ||||||
|     mirror: mirror.crans.org |     mirror: eclats.crans.org | ||||||
|   roles: |   roles: | ||||||
|     - 1-apt-basic |     - 1-apt-basic | ||||||
|     - 2-nk20 |     - 2-nk20 | ||||||
|   | |||||||
| @@ -1,6 +0,0 @@ | |||||||
| --- |  | ||||||
| note: |  | ||||||
|   server_name: note-beta.crans.org |  | ||||||
|   git_branch: beta |  | ||||||
|   cron_enabled: false |  | ||||||
|   email: notekfet2020@lists.crans.org |  | ||||||
| @@ -2,5 +2,6 @@ | |||||||
| note: | note: | ||||||
|   server_name: note-dev.crans.org |   server_name: note-dev.crans.org | ||||||
|   git_branch: beta |   git_branch: beta | ||||||
|  |   serve_static: false | ||||||
|   cron_enabled: false |   cron_enabled: false | ||||||
|   email: notekfet2020@lists.crans.org |   email: notekfet2020@lists.crans.org | ||||||
|   | |||||||
| @@ -1,6 +1,7 @@ | |||||||
| --- | --- | ||||||
| note: | note: | ||||||
|   server_name: note.crans.org |   server_name: note.crans.org | ||||||
|   git_branch: master |   git_branch: main | ||||||
|  |   serve_static: true | ||||||
|   cron_enabled: true |   cron_enabled: true | ||||||
|   email: notekfet2020@lists.crans.org |   email: notekfet2020@lists.crans.org | ||||||
|   | |||||||
| @@ -1,6 +1,5 @@ | |||||||
| [dev] | [dev] | ||||||
| bde-note-dev.adh.crans.org | bde-note-dev.adh.crans.org | ||||||
| bde-nk20-beta.adh.crans.org |  | ||||||
|  |  | ||||||
| [prod] | [prod] | ||||||
| bde-note.adh.crans.org | bde-note.adh.crans.org | ||||||
|   | |||||||
| @@ -1,14 +1,15 @@ | |||||||
| --- | --- | ||||||
| - name: Add buster-backports to apt sources | - name: Add buster-backports to apt sources if needed | ||||||
|   apt_repository: |   apt_repository: | ||||||
|     repo: deb http://{{ mirror }}/debian buster-backports main |     repo: deb http://{{ mirror }}/debian buster-backports main | ||||||
|     state: present |     state: present | ||||||
|   when: ansible_facts['distribution'] == "Debian" |   when: | ||||||
|  |     - ansible_distribution == "Debian" | ||||||
|  |     - ansible_distribution_major_version | int == 10 | ||||||
|  |  | ||||||
| - name: Install note_kfet APT dependencies | - name: Install note_kfet APT dependencies | ||||||
|   apt: |   apt: | ||||||
|     update_cache: true |     update_cache: true | ||||||
|     default_release: "{{ 'buster-backports' if ansible_facts['distribution'] == 'Debian' }}" |  | ||||||
|     install_recommends: false |     install_recommends: false | ||||||
|     name: |     name: | ||||||
|       # Common tools |       # Common tools | ||||||
|   | |||||||
| @@ -41,6 +41,7 @@ server { | |||||||
|     # max upload size |     # max upload size | ||||||
|     client_max_body_size 75M;   # adjust to taste |     client_max_body_size 75M;   # adjust to taste | ||||||
|  |  | ||||||
|  | {% if note.serve_static %} | ||||||
|     # Django media |     # Django media | ||||||
|     location /media  { |     location /media  { | ||||||
|         alias /var/www/note_kfet/media;  # your Django project's media files - amend as required |         alias /var/www/note_kfet/media;  # your Django project's media files - amend as required | ||||||
| @@ -50,6 +51,7 @@ server { | |||||||
|         alias /var/www/note_kfet/static; # your Django project's static files - amend as required |         alias /var/www/note_kfet/static; # your Django project's static files - amend as required | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  | {% endif %} | ||||||
|     location /doc { |     location /doc { | ||||||
|         alias /var/www/documentation;    # The documentation of the project |         alias /var/www/documentation;    # The documentation of the project | ||||||
|     } |     } | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| default_app_config = 'activity.apps.ActivityConfig' | default_app_config = 'activity.apps.ActivityConfig' | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.contrib import admin | from django.contrib import admin | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from rest_framework import serializers | from rest_framework import serializers | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet | from .views import ActivityTypeViewSet, ActivityViewSet, EntryViewSet, GuestViewSet | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from api.viewsets import ReadProtectedModelViewSet | from api.viewsets import ReadProtectedModelViewSet | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.apps import AppConfig | from django.apps import AppConfig | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from datetime import timedelta | from datetime import timedelta | ||||||
| @@ -11,7 +11,7 @@ from django.utils.translation import gettext_lazy as _ | |||||||
| from member.models import Club | from member.models import Club | ||||||
| from note.models import Note, NoteUser | from note.models import Note, NoteUser | ||||||
| from note_kfet.inputs import Autocomplete, DateTimePickerInput | from note_kfet.inputs import Autocomplete, DateTimePickerInput | ||||||
| from note_kfet.middlewares import get_current_authenticated_user | from note_kfet.middlewares import get_current_request | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
|  |  | ||||||
| from .models import Activity, Guest | from .models import Activity, Guest | ||||||
| @@ -24,9 +24,15 @@ class ActivityForm(forms.ModelForm): | |||||||
|         self.fields["attendees_club"].initial = Club.objects.get(name="Kfet") |         self.fields["attendees_club"].initial = Club.objects.get(name="Kfet") | ||||||
|         self.fields["attendees_club"].widget.attrs["placeholder"] = "Kfet" |         self.fields["attendees_club"].widget.attrs["placeholder"] = "Kfet" | ||||||
|         clubs = list(Club.objects.filter(PermissionBackend |         clubs = list(Club.objects.filter(PermissionBackend | ||||||
|                                          .filter_queryset(get_current_authenticated_user(), Club, "view")).all()) |                                          .filter_queryset(get_current_request(), Club, "view")).all()) | ||||||
|         shuffle(clubs) |         shuffle(clubs) | ||||||
|         self.fields["organizer"].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..." |         self.fields["organizer"].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ",…" | ||||||
|  |  | ||||||
|  |     def clean_organizer(self): | ||||||
|  |         organizer = self.cleaned_data['organizer'] | ||||||
|  |         if not organizer.note.is_active: | ||||||
|  |             self.add_error('organiser', _('The note of this club is inactive.')) | ||||||
|  |         return organizer | ||||||
|  |  | ||||||
|     def clean_date_end(self): |     def clean_date_end(self): | ||||||
|         date_end = self.cleaned_data["date_end"] |         date_end = self.cleaned_data["date_end"] | ||||||
| @@ -47,7 +53,7 @@ class ActivityForm(forms.ModelForm): | |||||||
|                 model=Note, |                 model=Note, | ||||||
|                 attrs={ |                 attrs={ | ||||||
|                     "api_url": "/api/note/note/", |                     "api_url": "/api/note/note/", | ||||||
|                     'placeholder': 'Note de l\'événement sur laquelle envoyer les crédits d\'invitation ...' |                     'placeholder': 'Note de l\'événement sur laquelle envoyer les crédits d\'invitation…' | ||||||
|                 }, |                 }, | ||||||
|             ), |             ), | ||||||
|             "attendees_club": Autocomplete( |             "attendees_club": Autocomplete( | ||||||
| @@ -109,7 +115,7 @@ class GuestForm(forms.ModelForm): | |||||||
|                     # We don't evaluate the content type at launch because the DB might be not initialized |                     # We don't evaluate the content type at launch because the DB might be not initialized | ||||||
|                     'api_url_suffix': |                     'api_url_suffix': | ||||||
|                         lambda: '&polymorphic_ctype=' + str(ContentType.objects.get_for_model(NoteUser).pk), |                         lambda: '&polymorphic_ctype=' + str(ContentType.objects.get_for_model(NoteUser).pk), | ||||||
|                     'placeholder': 'Note ...', |                     'placeholder': 'Note…', | ||||||
|                 }, |                 }, | ||||||
|             ), |             ), | ||||||
|         } |         } | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import os | import os | ||||||
| @@ -126,7 +126,7 @@ class Activity(models.Model): | |||||||
|     @transaction.atomic |     @transaction.atomic | ||||||
|     def save(self, *args, **kwargs): |     def save(self, *args, **kwargs): | ||||||
|         """ |         """ | ||||||
|         Update the activity wiki page each time the activity is updated (validation, change description, ...) |         Update the activity wiki page each time the activity is updated (validation, change description,…) | ||||||
|         """ |         """ | ||||||
|         if self.date_end < self.date_start: |         if self.date_end < self.date_start: | ||||||
|             raise ValidationError(_("The end date must be after the start date.")) |             raise ValidationError(_("The end date must be after the start date.")) | ||||||
|   | |||||||
| @@ -1,7 +1,9 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
| from django.utils.html import format_html | from django.utils.html import escape | ||||||
|  | from django.utils.safestring import mark_safe | ||||||
| from django.utils.translation import gettext_lazy as _ | from django.utils.translation import gettext_lazy as _ | ||||||
| import django_tables2 as tables | import django_tables2 as tables | ||||||
| from django_tables2 import A | from django_tables2 import A | ||||||
| @@ -52,8 +54,8 @@ class GuestTable(tables.Table): | |||||||
|     def render_entry(self, record): |     def render_entry(self, record): | ||||||
|         if record.has_entry: |         if record.has_entry: | ||||||
|             return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(record.entry.time, ))) |             return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(record.entry.time, ))) | ||||||
|         return format_html('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> ' |         return mark_safe('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> ' | ||||||
|                            '{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize())) |                          '{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize())) | ||||||
|  |  | ||||||
|  |  | ||||||
| def get_row_class(record): | def get_row_class(record): | ||||||
| @@ -91,7 +93,7 @@ class EntryTable(tables.Table): | |||||||
|         if hasattr(record, 'username'): |         if hasattr(record, 'username'): | ||||||
|             username = record.username |             username = record.username | ||||||
|             if username != value: |             if username != value: | ||||||
|                 return format_html(value + " <em>aka.</em> " + username) |                 return mark_safe(escape(value) + " <em>aka.</em> " + escape(username)) | ||||||
|         return value |         return value | ||||||
|  |  | ||||||
|     def render_balance(self, value): |     def render_balance(self, value): | ||||||
|   | |||||||
| @@ -37,7 +37,7 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
|     <button class="btn btn-light">{% trans "Return to activity page" %}</button> |     <button class="btn btn-light">{% trans "Return to activity page" %}</button> | ||||||
| </a> | </a> | ||||||
|  |  | ||||||
| <input id="alias" type="text" class="form-control" placeholder="Nom/note ..."> | <input id="alias" type="text" class="form-control" placeholder="Nom/note…"> | ||||||
|  |  | ||||||
| <hr> | <hr> | ||||||
|  |  | ||||||
| @@ -63,7 +63,12 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
|         refreshBalance(); |         refreshBalance(); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     alias_obj.keyup(reloadTable); |     alias_obj.keyup(function(event) { | ||||||
|  |         let code = event.originalEvent.keyCode | ||||||
|  |         if (65 <= code <= 122 || code === 13) { | ||||||
|  |             debounce(reloadTable)() | ||||||
|  |         } | ||||||
|  |     }); | ||||||
|  |  | ||||||
|     $(document).ready(init); |     $(document).ready(init); | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from datetime import timedelta | from datetime import timedelta | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.urls import path | from django.urls import path | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from hashlib import md5 | from hashlib import md5 | ||||||
| @@ -66,21 +66,19 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView | |||||||
|     ordering = ('-date_start',) |     ordering = ('-date_start',) | ||||||
|     extra_context = {"title": _("Activities")} |     extra_context = {"title": _("Activities")} | ||||||
|  |  | ||||||
|     def get_queryset(self): |     def get_queryset(self, **kwargs): | ||||||
|         return super().get_queryset().distinct() |         return super().get_queryset(**kwargs).distinct() | ||||||
|  |  | ||||||
|     def get_context_data(self, **kwargs): |     def get_context_data(self, **kwargs): | ||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|  |  | ||||||
|         upcoming_activities = Activity.objects.filter(date_end__gt=timezone.now()) |         upcoming_activities = Activity.objects.filter(date_end__gt=timezone.now()) | ||||||
|         context['upcoming'] = ActivityTable( |         context['upcoming'] = ActivityTable( | ||||||
|             data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")), |             data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")), | ||||||
|             prefix='upcoming-', |             prefix='upcoming-', | ||||||
|         ) |         ) | ||||||
|  |  | ||||||
|         started_activities = Activity.objects\ |         started_activities = self.get_queryset().filter(open=True, valid=True).distinct().all() | ||||||
|             .filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\ |  | ||||||
|             .filter(open=True, valid=True).all() |  | ||||||
|         context["started_activities"] = started_activities |         context["started_activities"] = started_activities | ||||||
|  |  | ||||||
|         return context |         return context | ||||||
| @@ -98,7 +96,7 @@ class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         context = super().get_context_data() |         context = super().get_context_data() | ||||||
|  |  | ||||||
|         table = GuestTable(data=Guest.objects.filter(activity=self.object) |         table = GuestTable(data=Guest.objects.filter(activity=self.object) | ||||||
|                            .filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view"))) |                            .filter(PermissionBackend.filter_queryset(self.request, Guest, "view"))) | ||||||
|         context["guests"] = table |         context["guests"] = table | ||||||
|  |  | ||||||
|         context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start) |         context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start) | ||||||
| @@ -144,15 +142,15 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|  |  | ||||||
|     def get_form(self, form_class=None): |     def get_form(self, form_class=None): | ||||||
|         form = super().get_form(form_class) |         form = super().get_form(form_class) | ||||||
|         form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\ |         form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\ | ||||||
|             .get(pk=self.kwargs["pk"]) |             .filter(pk=self.kwargs["pk"]).first() | ||||||
|         form.fields["inviter"].initial = self.request.user.note |         form.fields["inviter"].initial = self.request.user.note | ||||||
|         return form |         return form | ||||||
|  |  | ||||||
|     @transaction.atomic |     @transaction.atomic | ||||||
|     def form_valid(self, form): |     def form_valid(self, form): | ||||||
|         form.instance.activity = Activity.objects\ |         form.instance.activity = Activity.objects\ | ||||||
|             .filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")).get(pk=self.kwargs["pk"]) |             .filter(PermissionBackend.filter_queryset(self.request, Activity, "view")).get(pk=self.kwargs["pk"]) | ||||||
|         return super().form_valid(form) |         return super().form_valid(form) | ||||||
|  |  | ||||||
|     def get_success_url(self, **kwargs): |     def get_success_url(self, **kwargs): | ||||||
| @@ -170,10 +168,13 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): | |||||||
|         Don't display the entry interface if the user has no right to see it (no right to add an entry for itself), |         Don't display the entry interface if the user has no right to see it (no right to add an entry for itself), | ||||||
|         it is closed or doesn't manage entries. |         it is closed or doesn't manage entries. | ||||||
|         """ |         """ | ||||||
|  |         if not self.request.user.is_authenticated: | ||||||
|  |             return self.handle_no_permission() | ||||||
|  |  | ||||||
|         activity = Activity.objects.get(pk=self.kwargs["pk"]) |         activity = Activity.objects.get(pk=self.kwargs["pk"]) | ||||||
|  |  | ||||||
|         sample_entry = Entry(activity=activity, note=self.request.user.note) |         sample_entry = Entry(activity=activity, note=self.request.user.note) | ||||||
|         if not PermissionBackend.check_perm(self.request.user, "activity.add_entry", sample_entry): |         if not PermissionBackend.check_perm(self.request, "activity.add_entry", sample_entry): | ||||||
|             raise PermissionDenied(_("You are not allowed to display the entry interface for this activity.")) |             raise PermissionDenied(_("You are not allowed to display the entry interface for this activity.")) | ||||||
|  |  | ||||||
|         if not activity.activity_type.manage_entries: |         if not activity.activity_type.manage_entries: | ||||||
| @@ -191,8 +192,8 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): | |||||||
|         guest_qs = Guest.objects\ |         guest_qs = Guest.objects\ | ||||||
|             .annotate(balance=F("inviter__balance"), note_name=F("inviter__user__username"))\ |             .annotate(balance=F("inviter__balance"), note_name=F("inviter__user__username"))\ | ||||||
|             .filter(activity=activity)\ |             .filter(activity=activity)\ | ||||||
|             .filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view"))\ |             .filter(PermissionBackend.filter_queryset(self.request, Guest, "view"))\ | ||||||
|             .order_by('last_name', 'first_name').distinct() |             .order_by('last_name', 'first_name') | ||||||
|  |  | ||||||
|         if "search" in self.request.GET and self.request.GET["search"]: |         if "search" in self.request.GET and self.request.GET["search"]: | ||||||
|             pattern = self.request.GET["search"] |             pattern = self.request.GET["search"] | ||||||
| @@ -206,7 +207,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): | |||||||
|             ) |             ) | ||||||
|         else: |         else: | ||||||
|             guest_qs = guest_qs.none() |             guest_qs = guest_qs.none() | ||||||
|         return guest_qs |         return guest_qs.distinct() | ||||||
|  |  | ||||||
|     def get_invited_note(self, activity): |     def get_invited_note(self, activity): | ||||||
|         """ |         """ | ||||||
| @@ -230,7 +231,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): | |||||||
|         ) |         ) | ||||||
|  |  | ||||||
|         # Filter with permission backend |         # Filter with permission backend | ||||||
|         note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view")) |         note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")) | ||||||
|  |  | ||||||
|         if "search" in self.request.GET and self.request.GET["search"]: |         if "search" in self.request.GET and self.request.GET["search"]: | ||||||
|             pattern = self.request.GET["search"] |             pattern = self.request.GET["search"] | ||||||
| @@ -256,7 +257,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): | |||||||
|         """ |         """ | ||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|  |  | ||||||
|         activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\ |         activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\ | ||||||
|             .distinct().get(pk=self.kwargs["pk"]) |             .distinct().get(pk=self.kwargs["pk"]) | ||||||
|         context["activity"] = activity |         context["activity"] = activity | ||||||
|  |  | ||||||
| @@ -281,9 +282,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): | |||||||
|         context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk |         context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk | ||||||
|  |  | ||||||
|         activities_open = Activity.objects.filter(open=True).filter( |         activities_open = Activity.objects.filter(open=True).filter( | ||||||
|             PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all() |             PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all() | ||||||
|         context["activities_open"] = [a for a in activities_open |         context["activities_open"] = [a for a in activities_open | ||||||
|                                       if PermissionBackend.check_perm(self.request.user, |                                       if PermissionBackend.check_perm(self.request, | ||||||
|                                                                       "activity.add_entry", |                                                                       "activity.add_entry", | ||||||
|                                                                       Entry(activity=a, note=self.request.user.note,))] |                                                                       Entry(activity=a, note=self.request.user.note,))] | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| default_app_config = 'api.apps.APIConfig' | default_app_config = 'api.apps.APIConfig' | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.apps import AppConfig | from django.apps import AppConfig | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -7,8 +7,11 @@ from django.contrib.auth.models import User | |||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
| from rest_framework import serializers | from rest_framework import serializers | ||||||
| from member.api.serializers import ProfileSerializer, MembershipSerializer | from member.api.serializers import ProfileSerializer, MembershipSerializer | ||||||
|  | from member.models import Membership | ||||||
| from note.api.serializers import NoteSerializer | from note.api.serializers import NoteSerializer | ||||||
| from note.models import Alias | from note.models import Alias | ||||||
|  | from note_kfet.middlewares import get_current_request | ||||||
|  | from permission.backends import PermissionBackend | ||||||
|  |  | ||||||
|  |  | ||||||
| class UserSerializer(serializers.ModelSerializer): | class UserSerializer(serializers.ModelSerializer): | ||||||
| @@ -45,18 +48,30 @@ class OAuthSerializer(serializers.ModelSerializer): | |||||||
|     """ |     """ | ||||||
|     normalized_name = serializers.SerializerMethodField() |     normalized_name = serializers.SerializerMethodField() | ||||||
|  |  | ||||||
|     profile = ProfileSerializer() |     profile = serializers.SerializerMethodField() | ||||||
|  |  | ||||||
|     note = NoteSerializer() |     note = serializers.SerializerMethodField() | ||||||
|  |  | ||||||
|     memberships = serializers.SerializerMethodField() |     memberships = serializers.SerializerMethodField() | ||||||
|  |  | ||||||
|     def get_normalized_name(self, obj): |     def get_normalized_name(self, obj): | ||||||
|         return Alias.normalize(obj.username) |         return Alias.normalize(obj.username) | ||||||
|  |  | ||||||
|  |     def get_profile(self, obj): | ||||||
|  |         # Display the profile of the user only if we have rights to see it. | ||||||
|  |         return ProfileSerializer().to_representation(obj.profile) \ | ||||||
|  |             if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None | ||||||
|  |  | ||||||
|  |     def get_note(self, obj): | ||||||
|  |         # Display the note of the user only if we have rights to see it. | ||||||
|  |         return NoteSerializer().to_representation(obj.note) \ | ||||||
|  |             if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None | ||||||
|  |  | ||||||
|     def get_memberships(self, obj): |     def get_memberships(self, obj): | ||||||
|  |         # Display only memberships that we are allowed to see. | ||||||
|         return serializers.ListSerializer(child=MembershipSerializer()).to_representation( |         return serializers.ListSerializer(child=MembershipSerializer()).to_representation( | ||||||
|             obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now())) |             obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now()) | ||||||
|  |                            .filter(PermissionBackend.filter_queryset(get_current_request(), Membership, 'view'))) | ||||||
|  |  | ||||||
|     class Meta: |     class Meta: | ||||||
|         model = User |         model = User | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import json | import json | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.contrib.contenttypes.models import ContentType | from django.contrib.contenttypes.models import ContentType | ||||||
| @@ -9,7 +9,6 @@ from django.contrib.auth.models import User | |||||||
| from rest_framework.filters import SearchFilter | from rest_framework.filters import SearchFilter | ||||||
| from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet | from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
| from note_kfet.middlewares import get_current_session |  | ||||||
| from note.models import Alias | from note.models import Alias | ||||||
|  |  | ||||||
| from .serializers import UserSerializer, ContentTypeSerializer | from .serializers import UserSerializer, ContentTypeSerializer | ||||||
| @@ -25,9 +24,7 @@ class ReadProtectedModelViewSet(ModelViewSet): | |||||||
|         self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class() |         self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class() | ||||||
|  |  | ||||||
|     def get_queryset(self): |     def get_queryset(self): | ||||||
|         user = self.request.user |         return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct() | ||||||
|         get_current_session().setdefault("permission_mask", 42) |  | ||||||
|         return self.queryset.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct() |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet): | class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet): | ||||||
| @@ -40,9 +37,7 @@ class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet): | |||||||
|         self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class() |         self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class() | ||||||
|  |  | ||||||
|     def get_queryset(self): |     def get_queryset(self): | ||||||
|         user = self.request.user |         return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct() | ||||||
|         get_current_session().setdefault("permission_mask", 42) |  | ||||||
|         return self.queryset.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct() |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class UserViewSet(ReadProtectedModelViewSet): | class UserViewSet(ReadProtectedModelViewSet): | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| default_app_config = 'logs.apps.LogsConfig' | default_app_config = 'logs.apps.LogsConfig' | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from rest_framework import serializers | from rest_framework import serializers | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from .views import ChangelogViewSet | from .views import ChangelogViewSet | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django_filters.rest_framework import DjangoFilterBackend | from django_filters.rest_framework import DjangoFilterBackend | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.apps import AppConfig | from django.apps import AppConfig | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
|   | |||||||
| @@ -1,11 +1,11 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.contrib.contenttypes.models import ContentType | from django.contrib.contenttypes.models import ContentType | ||||||
| from rest_framework.renderers import JSONRenderer | from rest_framework.renderers import JSONRenderer | ||||||
| from rest_framework.serializers import ModelSerializer | from rest_framework.serializers import ModelSerializer | ||||||
| from note.models import NoteUser, Alias | from note.models import NoteUser, Alias | ||||||
| from note_kfet.middlewares import get_current_authenticated_user, get_current_ip | from note_kfet.middlewares import get_current_request | ||||||
|  |  | ||||||
| from .models import Changelog | from .models import Changelog | ||||||
|  |  | ||||||
| @@ -56,13 +56,13 @@ def save_object(sender, instance, **kwargs): | |||||||
|     # noinspection PyProtectedMember |     # noinspection PyProtectedMember | ||||||
|     previous = instance._previous |     previous = instance._previous | ||||||
|  |  | ||||||
|     # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP |     # Si un⋅e utilisateur⋅rice est connecté⋅e, on récupère l'utilisateur⋅rice courant⋅e ainsi que son adresse IP | ||||||
|     user, ip = get_current_authenticated_user(), get_current_ip() |     request = get_current_request() | ||||||
|  |  | ||||||
|     if user is None: |     if request is None: | ||||||
|         # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py` |         # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py` | ||||||
|         # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée |         # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée | ||||||
|         # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info |         # IMPORTANT : l'utilisateur⋅rice dans la VM doit être un des alias note du respo info | ||||||
|         ip = "127.0.0.1" |         ip = "127.0.0.1" | ||||||
|         username = Alias.normalize(getpass.getuser()) |         username = Alias.normalize(getpass.getuser()) | ||||||
|         note = NoteUser.objects.filter(alias__normalized_name=username) |         note = NoteUser.objects.filter(alias__normalized_name=username) | ||||||
| @@ -71,9 +71,23 @@ def save_object(sender, instance, **kwargs): | |||||||
|         # else: |         # else: | ||||||
|         if note.exists(): |         if note.exists(): | ||||||
|             user = note.get().user |             user = note.get().user | ||||||
|  |         else: | ||||||
|  |             user = None | ||||||
|  |     else: | ||||||
|  |         user = request.user | ||||||
|  |         if 'HTTP_X_REAL_IP' in request.META: | ||||||
|  |             ip = request.META.get('HTTP_X_REAL_IP') | ||||||
|  |         elif 'HTTP_X_FORWARDED_FOR' in request.META: | ||||||
|  |             ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0] | ||||||
|  |         else: | ||||||
|  |             ip = request.META.get('REMOTE_ADDR') | ||||||
|  |  | ||||||
|  |         if not user.is_authenticated: | ||||||
|  |             # For registration and OAuth2 purposes | ||||||
|  |             user = None | ||||||
|  |  | ||||||
|     # noinspection PyProtectedMember |     # noinspection PyProtectedMember | ||||||
|     if user is not None and instance._meta.label_lower == "auth.user" and previous: |     if request is not None and instance._meta.label_lower == "auth.user" and previous: | ||||||
|         # On n'enregistre pas les connexions |         # On n'enregistre pas les connexions | ||||||
|         if instance.last_login != previous.last_login: |         if instance.last_login != previous.last_login: | ||||||
|             return |             return | ||||||
| @@ -120,13 +134,13 @@ def delete_object(sender, instance, **kwargs): | |||||||
|     if instance._meta.label_lower in EXCLUDED or hasattr(instance, "_no_signal"): |     if instance._meta.label_lower in EXCLUDED or hasattr(instance, "_no_signal"): | ||||||
|         return |         return | ||||||
|  |  | ||||||
|     # Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP |     # Si un⋅e utilisateur⋅rice est connecté⋅e, on récupère l'utilisateur⋅rice courant⋅e ainsi que son adresse IP | ||||||
|     user, ip = get_current_authenticated_user(), get_current_ip() |     request = get_current_request() | ||||||
|  |  | ||||||
|     if user is None: |     if request is None: | ||||||
|         # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py` |         # Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py` | ||||||
|         # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée |         # On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée | ||||||
|         # IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info |         # IMPORTANT : l'utilisateur⋅rice dans la VM doit être un des alias note du respo info | ||||||
|         ip = "127.0.0.1" |         ip = "127.0.0.1" | ||||||
|         username = Alias.normalize(getpass.getuser()) |         username = Alias.normalize(getpass.getuser()) | ||||||
|         note = NoteUser.objects.filter(alias__normalized_name=username) |         note = NoteUser.objects.filter(alias__normalized_name=username) | ||||||
| @@ -135,6 +149,20 @@ def delete_object(sender, instance, **kwargs): | |||||||
|         # else: |         # else: | ||||||
|         if note.exists(): |         if note.exists(): | ||||||
|             user = note.get().user |             user = note.get().user | ||||||
|  |         else: | ||||||
|  |             user = None | ||||||
|  |     else: | ||||||
|  |         user = request.user | ||||||
|  |         if 'HTTP_X_REAL_IP' in request.META: | ||||||
|  |             ip = request.META.get('HTTP_X_REAL_IP') | ||||||
|  |         elif 'HTTP_X_FORWARDED_FOR' in request.META: | ||||||
|  |             ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0] | ||||||
|  |         else: | ||||||
|  |             ip = request.META.get('REMOTE_ADDR') | ||||||
|  |  | ||||||
|  |         if not user.is_authenticated: | ||||||
|  |             # For registration and OAuth2 purposes | ||||||
|  |             user = None | ||||||
|  |  | ||||||
|     # On crée notre propre sérialiseur JSON pour pouvoir sauvegarder les modèles |     # On crée notre propre sérialiseur JSON pour pouvoir sauvegarder les modèles | ||||||
|     class CustomSerializer(ModelSerializer): |     class CustomSerializer(ModelSerializer): | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| default_app_config = 'member.apps.MemberConfig' | default_app_config = 'member.apps.MemberConfig' | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.contrib import admin | from django.contrib import admin | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from rest_framework import serializers | from rest_framework import serializers | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from .views import ProfileViewSet, ClubViewSet, MembershipViewSet | from .views import ProfileViewSet, ClubViewSet, MembershipViewSet | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django_filters.rest_framework import DjangoFilterBackend | from django_filters.rest_framework import DjangoFilterBackend | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.apps import AppConfig | from django.apps import AppConfig | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import io | import io | ||||||
| @@ -200,9 +200,9 @@ class MembershipForm(forms.ModelForm): | |||||||
|     class Meta: |     class Meta: | ||||||
|         model = Membership |         model = Membership | ||||||
|         fields = ('user', 'date_start') |         fields = ('user', 'date_start') | ||||||
|         # Le champ d'utilisateur est remplacé par un champ d'auto-complétion. |         # Le champ d'utilisateur⋅rice est remplacé par un champ d'auto-complétion. | ||||||
|         # Quand des lettres sont tapées, une requête est envoyée sur l'API d'auto-complétion |         # Quand des lettres sont tapées, une requête est envoyée sur l'API d'auto-complétion | ||||||
|         # et récupère les noms d'utilisateur valides |         # et récupère les noms d'utilisateur⋅rices valides | ||||||
|         widgets = { |         widgets = { | ||||||
|             'user': |             'user': | ||||||
|                 Autocomplete( |                 Autocomplete( | ||||||
| @@ -210,7 +210,7 @@ class MembershipForm(forms.ModelForm): | |||||||
|                     attrs={ |                     attrs={ | ||||||
|                         'api_url': '/api/user/', |                         'api_url': '/api/user/', | ||||||
|                         'name_field': 'username', |                         'name_field': 'username', | ||||||
|                         'placeholder': 'Nom ...', |                         'placeholder': 'Nom…', | ||||||
|                     }, |                     }, | ||||||
|                 ), |                 ), | ||||||
|             'date_start': DatePickerInput(), |             'date_start': DatePickerInput(), | ||||||
| @@ -227,7 +227,7 @@ class MembershipRolesForm(forms.ModelForm): | |||||||
|             attrs={ |             attrs={ | ||||||
|                 'api_url': '/api/user/', |                 'api_url': '/api/user/', | ||||||
|                 'name_field': 'username', |                 'name_field': 'username', | ||||||
|                 'placeholder': 'Nom ...', |                 'placeholder': 'Nom…', | ||||||
|             }, |             }, | ||||||
|         ), |         ), | ||||||
|     ) |     ) | ||||||
|   | |||||||
| @@ -1,12 +1,14 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import hashlib | import hashlib | ||||||
|  | from collections import OrderedDict | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.contrib.auth.hashers import PBKDF2PasswordHasher | from django.contrib.auth.hashers import PBKDF2PasswordHasher, mask_hash | ||||||
| from django.utils.crypto import constant_time_compare | from django.utils.crypto import constant_time_compare | ||||||
| from note_kfet.middlewares import get_current_authenticated_user, get_current_session | from django.utils.translation import gettext_lazy as _ | ||||||
|  | from note_kfet.middlewares import get_current_request | ||||||
|  |  | ||||||
|  |  | ||||||
| class CustomNK15Hasher(PBKDF2PasswordHasher): | class CustomNK15Hasher(PBKDF2PasswordHasher): | ||||||
| @@ -24,16 +26,22 @@ class CustomNK15Hasher(PBKDF2PasswordHasher): | |||||||
|  |  | ||||||
|     def must_update(self, encoded): |     def must_update(self, encoded): | ||||||
|         if settings.DEBUG: |         if settings.DEBUG: | ||||||
|             current_user = get_current_authenticated_user() |             # Small hack to let superusers to impersonate people. | ||||||
|  |             # Don't change their password. | ||||||
|  |             request = get_current_request() | ||||||
|  |             current_user = request.user | ||||||
|             if current_user is not None and current_user.is_superuser: |             if current_user is not None and current_user.is_superuser: | ||||||
|                 return False |                 return False | ||||||
|         return True |         return True | ||||||
|  |  | ||||||
|     def verify(self, password, encoded): |     def verify(self, password, encoded): | ||||||
|         if settings.DEBUG: |         if settings.DEBUG: | ||||||
|             current_user = get_current_authenticated_user() |             # Small hack to let superusers to impersonate people. | ||||||
|  |             # If a superuser is already connected, let him/her log in as another person. | ||||||
|  |             request = get_current_request() | ||||||
|  |             current_user = request.user | ||||||
|             if current_user is not None and current_user.is_superuser\ |             if current_user is not None and current_user.is_superuser\ | ||||||
|                     and get_current_session().get("permission_mask", -1) >= 42: |                     and request.session.get("permission_mask", -1) >= 42: | ||||||
|                 return True |                 return True | ||||||
|  |  | ||||||
|         if '|' in encoded: |         if '|' in encoded: | ||||||
| @@ -41,6 +49,18 @@ class CustomNK15Hasher(PBKDF2PasswordHasher): | |||||||
|             return constant_time_compare(hashlib.sha256((salt + password).encode("utf-8")).hexdigest(), db_hashed_pass) |             return constant_time_compare(hashlib.sha256((salt + password).encode("utf-8")).hexdigest(), db_hashed_pass) | ||||||
|         return super().verify(password, encoded) |         return super().verify(password, encoded) | ||||||
|  |  | ||||||
|  |     def safe_summary(self, encoded): | ||||||
|  |         # Displayed information in Django Admin. | ||||||
|  |         if '|' in encoded: | ||||||
|  |             salt, db_hashed_pass = encoded.split('$')[2].split('|') | ||||||
|  |             return OrderedDict([ | ||||||
|  |                 (_('algorithm'), 'custom_nk15'), | ||||||
|  |                 (_('iterations'), '1'), | ||||||
|  |                 (_('salt'), mask_hash(salt)), | ||||||
|  |                 (_('hash'), mask_hash(db_hashed_pass)), | ||||||
|  |             ]) | ||||||
|  |         return super().safe_summary(encoded) | ||||||
|  |  | ||||||
|  |  | ||||||
| class DebugSuperuserBackdoor(PBKDF2PasswordHasher): | class DebugSuperuserBackdoor(PBKDF2PasswordHasher): | ||||||
|     """ |     """ | ||||||
| @@ -51,8 +71,11 @@ class DebugSuperuserBackdoor(PBKDF2PasswordHasher): | |||||||
|  |  | ||||||
|     def verify(self, password, encoded): |     def verify(self, password, encoded): | ||||||
|         if settings.DEBUG: |         if settings.DEBUG: | ||||||
|             current_user = get_current_authenticated_user() |             # Small hack to let superusers to impersonate people. | ||||||
|  |             # If a superuser is already connected, let him/her log in as another person. | ||||||
|  |             request = get_current_request() | ||||||
|  |             current_user = request.user | ||||||
|             if current_user is not None and current_user.is_superuser\ |             if current_user is not None and current_user.is_superuser\ | ||||||
|                     and get_current_session().get("permission_mask", -1) >= 42: |                     and request.session.get("permission_mask", -1) >= 42: | ||||||
|                 return True |                 return True | ||||||
|         return super().verify(password, encoded) |         return super().verify(password, encoded) | ||||||
|   | |||||||
| @@ -19,8 +19,8 @@ def create_bde_and_kfet(apps, schema_editor): | |||||||
|         membership_fee_paid=500, |         membership_fee_paid=500, | ||||||
|         membership_fee_unpaid=500, |         membership_fee_unpaid=500, | ||||||
|         membership_duration=396, |         membership_duration=396, | ||||||
|         membership_start="2020-08-01", |         membership_start="2021-08-01", | ||||||
|         membership_end="2021-09-30", |         membership_end="2022-09-30", | ||||||
|     ) |     ) | ||||||
|     Club.objects.get_or_create( |     Club.objects.get_or_create( | ||||||
|         id=2, |         id=2, | ||||||
| @@ -31,8 +31,8 @@ def create_bde_and_kfet(apps, schema_editor): | |||||||
|         membership_fee_paid=3500, |         membership_fee_paid=3500, | ||||||
|         membership_fee_unpaid=3500, |         membership_fee_unpaid=3500, | ||||||
|         membership_duration=396, |         membership_duration=396, | ||||||
|         membership_start="2020-08-01", |         membership_start="2021-08-01", | ||||||
|         membership_end="2021-09-30", |         membership_end="2022-09-30", | ||||||
|     ) |     ) | ||||||
|  |  | ||||||
|     NoteClub.objects.get_or_create( |     NoteClub.objects.get_or_create( | ||||||
|   | |||||||
							
								
								
									
										18
									
								
								apps/member/migrations/0008_auto_20211005_1544.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								apps/member/migrations/0008_auto_20211005_1544.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | |||||||
|  | # Generated by Django 2.2.24 on 2021-10-05 13:44 | ||||||
|  |  | ||||||
|  | from django.db import migrations, models | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class Migration(migrations.Migration): | ||||||
|  |  | ||||||
|  |     dependencies = [ | ||||||
|  |         ('member', '0007_auto_20210313_1235'), | ||||||
|  |     ] | ||||||
|  |  | ||||||
|  |     operations = [ | ||||||
|  |         migrations.AlterField( | ||||||
|  |             model_name='profile', | ||||||
|  |             name='department', | ||||||
|  |             field=models.CharField(choices=[('A0', 'Informatics (A0)'), ('A1', 'Mathematics (A1)'), ('A2', 'Physics (A2)'), ("A'2", "Applied physics (A'2)"), ("A''2", "Chemistry (A''2)"), ('A3', 'Biology (A3)'), ('B1234', 'SAPHIRE (B1234)'), ('B1', 'Mechanics (B1)'), ('B2', 'Civil engineering (B2)'), ('B3', 'Mechanical engineering (B3)'), ('B4', 'EEA (B4)'), ('C', 'Design (C)'), ('D2', 'Economy-management (D2)'), ('D3', 'Social sciences (D3)'), ('E', 'English (E)'), ('EXT', 'External (EXT)')], max_length=8, verbose_name='department'), | ||||||
|  |         ), | ||||||
|  |     ] | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import datetime | import datetime | ||||||
| @@ -57,7 +57,7 @@ class Profile(models.Model): | |||||||
|             ('A1', _("Mathematics (A1)")), |             ('A1', _("Mathematics (A1)")), | ||||||
|             ('A2', _("Physics (A2)")), |             ('A2', _("Physics (A2)")), | ||||||
|             ("A'2", _("Applied physics (A'2)")), |             ("A'2", _("Applied physics (A'2)")), | ||||||
|             ('A''2', _("Chemistry (A''2)")), |             ("A''2", _("Chemistry (A''2)")), | ||||||
|             ('A3', _("Biology (A3)")), |             ('A3', _("Biology (A3)")), | ||||||
|             ('B1234', _("SAPHIRE (B1234)")), |             ('B1234', _("SAPHIRE (B1234)")), | ||||||
|             ('B1', _("Mechanics (B1)")), |             ('B1', _("Mechanics (B1)")), | ||||||
| @@ -74,7 +74,7 @@ class Profile(models.Model): | |||||||
|  |  | ||||||
|     promotion = models.PositiveSmallIntegerField( |     promotion = models.PositiveSmallIntegerField( | ||||||
|         null=True, |         null=True, | ||||||
|         default=datetime.date.today().year, |         default=datetime.date.today().year if datetime.date.today().month >= 8 else datetime.date.today().year - 1, | ||||||
|         verbose_name=_("promotion"), |         verbose_name=_("promotion"), | ||||||
|         help_text=_("Year of entry to the school (None if not ENS student)"), |         help_text=_("Year of entry to the school (None if not ENS student)"), | ||||||
|     ) |     ) | ||||||
| @@ -258,16 +258,18 @@ class Club(models.Model): | |||||||
|         This function is called each time the club detail view is displayed. |         This function is called each time the club detail view is displayed. | ||||||
|         Update the year of the membership dates. |         Update the year of the membership dates. | ||||||
|         """ |         """ | ||||||
|         if not self.membership_start: |         if not self.membership_start or not self.membership_end: | ||||||
|             return |             return | ||||||
|  |  | ||||||
|         today = datetime.date.today() |         today = datetime.date.today() | ||||||
|  |  | ||||||
|         if (today - self.membership_start).days >= 365: |         if (today - self.membership_start).days >= 365: | ||||||
|             self.membership_start = datetime.date(self.membership_start.year + 1, |             if self.membership_start: | ||||||
|                                                   self.membership_start.month, self.membership_start.day) |                 self.membership_start = datetime.date(self.membership_start.year + 1, | ||||||
|             self.membership_end = datetime.date(self.membership_end.year + 1, |                                                       self.membership_start.month, self.membership_start.day) | ||||||
|                                                 self.membership_end.month, self.membership_end.day) |             if self.membership_end: | ||||||
|  |                 self.membership_end = datetime.date(self.membership_end.year + 1, | ||||||
|  |                                                     self.membership_end.month, self.membership_end.day) | ||||||
|             self._force_save = True |             self._force_save = True | ||||||
|             self.save(force_update=True) |             self.save(force_update=True) | ||||||
|  |  | ||||||
| @@ -400,10 +402,10 @@ class Membership(models.Model): | |||||||
|  |  | ||||||
|             if self.club.parent_club.name == "BDE": |             if self.club.parent_club.name == "BDE": | ||||||
|                 parent_membership.roles.set( |                 parent_membership.roles.set( | ||||||
|                     Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all()) |                     Role.objects.filter(Q(name="Adhérent⋅e BDE") | Q(name="Membre de club")).all()) | ||||||
|             elif self.club.parent_club.name == "Kfet": |             elif self.club.parent_club.name == "Kfet": | ||||||
|                 parent_membership.roles.set( |                 parent_membership.roles.set( | ||||||
|                     Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all()) |                     Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all()) | ||||||
|             else: |             else: | ||||||
|                 parent_membership.roles.set(Role.objects.filter(name="Membre de club").all()) |                 parent_membership.roles.set(Role.objects.filter(name="Membre de club").all()) | ||||||
|             parent_membership.save() |             parent_membership.save() | ||||||
| @@ -413,6 +415,12 @@ class Membership(models.Model): | |||||||
|         """ |         """ | ||||||
|         Calculate fee and end date before saving the membership and creating the transaction if needed. |         Calculate fee and end date before saving the membership and creating the transaction if needed. | ||||||
|         """ |         """ | ||||||
|  |         # Ensure that club membership dates are valid | ||||||
|  |         old_membership_start = self.club.membership_start | ||||||
|  |         self.club.update_membership_dates() | ||||||
|  |         if self.club.membership_start != old_membership_start: | ||||||
|  |             self.club.save() | ||||||
|  |  | ||||||
|         created = not self.pk |         created = not self.pk | ||||||
|         if not created: |         if not created: | ||||||
|             for role in self.roles.all(): |             for role in self.roles.all(): | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										53
									
								
								apps/member/static/member/js/trust.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										53
									
								
								apps/member/static/member/js/trust.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,53 @@ | |||||||
|  | /** | ||||||
|  |  * On form submit, create a new friendship | ||||||
|  |  */ | ||||||
|  | function create_trust (e) { | ||||||
|  |   // Do not submit HTML form | ||||||
|  |   e.preventDefault() | ||||||
|  |  | ||||||
|  |   // Get data and send to API | ||||||
|  |   const formData = new FormData(e.target) | ||||||
|  |   $.getJSON('/api/note/alias/'+formData.get('trusted') + '/', | ||||||
|  |     function (trusted_alias) { | ||||||
|  |       if ((trusted_alias.note == formData.get('trusting'))) | ||||||
|  |       { | ||||||
|  |          addMsg(gettext("You can't add yourself as a friend"), "danger") | ||||||
|  |          return | ||||||
|  |       } | ||||||
|  |       $.post('/api/note/trust/', { | ||||||
|  |         csrfmiddlewaretoken: formData.get('csrfmiddlewaretoken'), | ||||||
|  |         trusting: formData.get('trusting'), | ||||||
|  |         trusted: trusted_alias.note | ||||||
|  |       }).done(function () { | ||||||
|  |         // Reload table | ||||||
|  |         $('#trust_table').load(location.pathname + ' #trust_table') | ||||||
|  |         addMsg(gettext('Friendship successfully added'), 'success') | ||||||
|  |       }).fail(function (xhr, _textStatus, _error) { | ||||||
|  |         errMsg(xhr.responseJSON) | ||||||
|  |       }) | ||||||
|  |     }).fail(function (xhr, _textStatus, _error) { | ||||||
|  |         errMsg(xhr.responseJSON) | ||||||
|  |     }) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * On click of "delete", delete the alias | ||||||
|  |  * @param button_id:Integer Alias id to remove | ||||||
|  |  */ | ||||||
|  | function delete_button (button_id) { | ||||||
|  |   $.ajax({ | ||||||
|  |     url: '/api/note/trust/' + button_id + '/', | ||||||
|  |     method: 'DELETE', | ||||||
|  |     headers: { 'X-CSRFTOKEN': CSRF_TOKEN } | ||||||
|  |   }).done(function () { | ||||||
|  |     addMsg(gettext('Friendship successfully deleted'), 'success') | ||||||
|  |     $('#trust_table').load(location.pathname + ' #trust_table') | ||||||
|  |   }).fail(function (xhr, _textStatus, _error) { | ||||||
|  |     errMsg(xhr.responseJSON) | ||||||
|  |   }) | ||||||
|  | } | ||||||
|  |  | ||||||
|  | $(document).ready(function () { | ||||||
|  |   // Attach event | ||||||
|  |   document.getElementById('form_trust').addEventListener('submit', create_trust) | ||||||
|  | }) | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from datetime import date | from datetime import date | ||||||
| @@ -9,7 +9,7 @@ from django.utils.translation import gettext_lazy as _ | |||||||
| from django.urls import reverse_lazy | from django.urls import reverse_lazy | ||||||
| from django.utils.html import format_html | from django.utils.html import format_html | ||||||
| from note.templatetags.pretty_money import pretty_money | from note.templatetags.pretty_money import pretty_money | ||||||
| from note_kfet.middlewares import get_current_authenticated_user | from note_kfet.middlewares import get_current_request | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
|  |  | ||||||
| from .models import Club, Membership | from .models import Club, Membership | ||||||
| @@ -31,7 +31,8 @@ class ClubTable(tables.Table): | |||||||
|         row_attrs = { |         row_attrs = { | ||||||
|             'class': 'table-row', |             'class': 'table-row', | ||||||
|             'id': lambda record: "row-" + str(record.pk), |             'id': lambda record: "row-" + str(record.pk), | ||||||
|             'data-href': lambda record: record.pk |             'data-href': lambda record: record.pk, | ||||||
|  |             'style': 'cursor:pointer', | ||||||
|         } |         } | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -51,19 +52,19 @@ class UserTable(tables.Table): | |||||||
|     def render_email(self, record, value): |     def render_email(self, record, value): | ||||||
|         # Replace the email by a dash if the user can't see the profile detail |         # Replace the email by a dash if the user can't see the profile detail | ||||||
|         # Replace also the URL |         # Replace also the URL | ||||||
|         if not PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile): |         if not PermissionBackend.check_perm(get_current_request(), "member.view_profile", record.profile): | ||||||
|             value = "—" |             value = "—" | ||||||
|             record.email = value |             record.email = value | ||||||
|         return value |         return value | ||||||
|  |  | ||||||
|     def render_section(self, record, value): |     def render_section(self, record, value): | ||||||
|         return value \ |         return value \ | ||||||
|             if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile) \ |             if PermissionBackend.check_perm(get_current_request(), "member.view_profile", record.profile) \ | ||||||
|             else "—" |             else "—" | ||||||
|  |  | ||||||
|     def render_balance(self, record, value): |     def render_balance(self, record, value): | ||||||
|         return pretty_money(value)\ |         return pretty_money(value)\ | ||||||
|             if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", record.note) else "—" |             if PermissionBackend.check_perm(get_current_request(), "note.view_note", record.note) else "—" | ||||||
|  |  | ||||||
|     class Meta: |     class Meta: | ||||||
|         attrs = { |         attrs = { | ||||||
| @@ -74,7 +75,8 @@ class UserTable(tables.Table): | |||||||
|         model = User |         model = User | ||||||
|         row_attrs = { |         row_attrs = { | ||||||
|             'class': 'table-row', |             'class': 'table-row', | ||||||
|             'data-href': lambda record: record.pk |             'data-href': lambda record: record.pk, | ||||||
|  |             'style': 'cursor:pointer', | ||||||
|         } |         } | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -93,7 +95,7 @@ class MembershipTable(tables.Table): | |||||||
|     def render_user(self, value): |     def render_user(self, value): | ||||||
|         # If the user has the right, link the displayed user with the page of its detail. |         # If the user has the right, link the displayed user with the page of its detail. | ||||||
|         s = value.username |         s = value.username | ||||||
|         if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value): |         if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value): | ||||||
|             s = format_html("<a href={url}>{name}</a>", |             s = format_html("<a href={url}>{name}</a>", | ||||||
|                             url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s) |                             url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s) | ||||||
|  |  | ||||||
| @@ -102,7 +104,7 @@ class MembershipTable(tables.Table): | |||||||
|     def render_club(self, value): |     def render_club(self, value): | ||||||
|         # If the user has the right, link the displayed club with the page of its detail. |         # If the user has the right, link the displayed club with the page of its detail. | ||||||
|         s = value.name |         s = value.name | ||||||
|         if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_club", value): |         if PermissionBackend.check_perm(get_current_request(), "member.view_club", value): | ||||||
|             s = format_html("<a href={url}>{name}</a>", |             s = format_html("<a href={url}>{name}</a>", | ||||||
|                             url=reverse_lazy('member:club_detail', kwargs={"pk": value.pk}), name=s) |                             url=reverse_lazy('member:club_detail', kwargs={"pk": value.pk}), name=s) | ||||||
|  |  | ||||||
| @@ -118,7 +120,7 @@ class MembershipTable(tables.Table): | |||||||
|                     club=record.club, |                     club=record.club, | ||||||
|                     user=record.user, |                     user=record.user, | ||||||
|                     date_start__gte=record.club.membership_start, |                     date_start__gte=record.club.membership_start, | ||||||
|                     date_end__lte=record.club.membership_end, |                     date_end__lte=record.club.membership_end or date(9999, 12, 31), | ||||||
|             ).exists():  # If the renew is not yet performed |             ).exists():  # If the renew is not yet performed | ||||||
|                 empty_membership = Membership( |                 empty_membership = Membership( | ||||||
|                     club=record.club, |                     club=record.club, | ||||||
| @@ -127,7 +129,7 @@ class MembershipTable(tables.Table): | |||||||
|                     date_end=date.today(), |                     date_end=date.today(), | ||||||
|                     fee=0, |                     fee=0, | ||||||
|                 ) |                 ) | ||||||
|                 if PermissionBackend.check_perm(get_current_authenticated_user(), |                 if PermissionBackend.check_perm(get_current_request(), | ||||||
|                                                 "member.add_membership", empty_membership):  # If the user has right |                                                 "member.add_membership", empty_membership):  # If the user has right | ||||||
|                     renew_url = reverse_lazy('member:club_renew_membership', |                     renew_url = reverse_lazy('member:club_renew_membership', | ||||||
|                                              kwargs={"pk": record.pk}) |                                              kwargs={"pk": record.pk}) | ||||||
| @@ -142,7 +144,7 @@ class MembershipTable(tables.Table): | |||||||
|         # If the user has the right to manage the roles, display the link to manage them |         # If the user has the right to manage the roles, display the link to manage them | ||||||
|         roles = record.roles.all() |         roles = record.roles.all() | ||||||
|         s = ", ".join(str(role) for role in roles) |         s = ", ".join(str(role) for role in roles) | ||||||
|         if PermissionBackend.check_perm(get_current_authenticated_user(), "member.change_membership_roles", record): |         if PermissionBackend.check_perm(get_current_request(), "member.change_membership_roles", record): | ||||||
|             s = format_html("<a href='" + str(reverse_lazy("member:club_manage_roles", kwargs={"pk": record.pk})) |             s = format_html("<a href='" + str(reverse_lazy("member:club_manage_roles", kwargs={"pk": record.pk})) | ||||||
|                             + "'>" + s + "</a>") |                             + "'>" + s + "</a>") | ||||||
|         return s |         return s | ||||||
| @@ -165,7 +167,7 @@ class ClubManagerTable(tables.Table): | |||||||
|     def render_user(self, value): |     def render_user(self, value): | ||||||
|         # If the user has the right, link the displayed user with the page of its detail. |         # If the user has the right, link the displayed user with the page of its detail. | ||||||
|         s = value.username |         s = value.username | ||||||
|         if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value): |         if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value): | ||||||
|             s = format_html("<a href={url}>{name}</a>", |             s = format_html("<a href={url}>{name}</a>", | ||||||
|                             url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s) |                             url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -25,6 +25,14 @@ | |||||||
|         </a> |         </a> | ||||||
|     </dd> |     </dd> | ||||||
|  |  | ||||||
|  |     <dt class="col-xl-6">{% trans 'friendships'|capfirst %}</dt> | ||||||
|  |     <dd class="col-xl-6"> | ||||||
|  |         <a class="badge badge-secondary" href="{% url 'member:user_trust' user_object.pk %}"> | ||||||
|  |             <i class="fa fa-edit"></i> | ||||||
|  |             {% trans 'Manage friendships' %} ({{ user_object.note.trusting.all|length }}) | ||||||
|  |         </a> | ||||||
|  |     </dd> | ||||||
|  |  | ||||||
|     {% if "member.view_profile"|has_perm:user_object.profile %} |     {% if "member.view_profile"|has_perm:user_object.profile %} | ||||||
|         <dt class="col-xl-6">{% trans 'section'|capfirst %}</dt> |         <dt class="col-xl-6">{% trans 'section'|capfirst %}</dt> | ||||||
|         <dd class="col-xl-6">{{ user_object.profile.section }}</dd> |         <dd class="col-xl-6">{{ user_object.profile.section }}</dd> | ||||||
| @@ -39,13 +47,13 @@ | |||||||
|         <dt class="col-xl-6">{% trans 'address'|capfirst %}</dt> |         <dt class="col-xl-6">{% trans 'address'|capfirst %}</dt> | ||||||
|         <dd class="col-xl-6">{{ user_object.profile.address }}</dd> |         <dd class="col-xl-6">{{ user_object.profile.address }}</dd> | ||||||
|  |  | ||||||
|         {% if user_object.note and "note.view_note"|has_perm:user_object.note %} |  | ||||||
|         <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt> |  | ||||||
|         <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd> |  | ||||||
|  |  | ||||||
|         <dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt> |         <dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt> | ||||||
|         <dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd> |         <dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd> | ||||||
|         {% endif %} |     {% endif %} | ||||||
|  |  | ||||||
|  |     {% if user_object.note and "note.view_note"|has_perm:user_object.note %} | ||||||
|  |         <dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt> | ||||||
|  |         <dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd> | ||||||
|     {% endif %} |     {% endif %} | ||||||
| </dl> | </dl> | ||||||
|  |  | ||||||
|   | |||||||
| @@ -5,32 +5,98 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
| {% load i18n %} | {% load i18n %} | ||||||
|  |  | ||||||
| {% block content %} | {% block content %} | ||||||
| <div class="alert alert-info"> | <div class="row mt-4"> | ||||||
|     <h4>À quoi sert un jeton d'authentification ?</h4> |     <div class="col-xl-6"> | ||||||
|  |         <div class="card"> | ||||||
|  |             <div class="card-header text-center"> | ||||||
|  |                 <h3>{% trans "Token authentication" %}</h3> | ||||||
|  |             </div> | ||||||
|  |             <div class="card-body"> | ||||||
|  |                 <div class="alert alert-info"> | ||||||
|  |                     <h4>À quoi sert un jeton d'authentification ?</h4> | ||||||
|  |  | ||||||
|     Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.<br /> |                     Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a> via votre propre compte | ||||||
|     Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code> |                     depuis un client externe.<br /> | ||||||
|     pour pouvoir vous identifier.<br /><br /> |                     Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code> | ||||||
|  |                     pour pouvoir vous identifier.<br /><br /> | ||||||
|  |  | ||||||
|     Une documentation de l'API arrivera ultérieurement. |                     La documentation de l'API est disponible ici : | ||||||
|  |                     <a href="/doc/api/">{{ request.scheme }}://{{ request.get_host }}/doc/api/</a>. | ||||||
|  |                 </div> | ||||||
|  |  | ||||||
|  |                 <div class="alert alert-info"> | ||||||
|  |                     <strong>{%trans  'Token' %} :</strong> | ||||||
|  |                     {% if 'show' in request.GET %} | ||||||
|  |                     {{ token.key }} (<a href="?">cacher</a>) | ||||||
|  |                     {% else %} | ||||||
|  |                     <em>caché</em> (<a href="?show">montrer</a>) | ||||||
|  |                     {% endif %} | ||||||
|  |                     <br /> | ||||||
|  |                     <strong>{%trans  'Created' %} :</strong> {{ token.created }} | ||||||
|  |                 </div> | ||||||
|  |  | ||||||
|  |                 <div class="alert alert-warning"> | ||||||
|  |                     <strong>{% trans "Warning" %} :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton ! | ||||||
|  |                 </div> | ||||||
|  |             </div> | ||||||
|  |             <div class="card-footer text-center"> | ||||||
|  |                 <a href="?regenerate"> | ||||||
|  |                     <button class="btn btn-primary">{% trans 'Regenerate token' %}</button> | ||||||
|  |                 </a> | ||||||
|  |             </div> | ||||||
|  |         </div> | ||||||
|  |     </div> | ||||||
|  |  | ||||||
|  |     <div class="col-xl-6"> | ||||||
|  |         <div class="card"> | ||||||
|  |             <div class="card-header text-center"> | ||||||
|  |                 <h3>{% trans "OAuth2 authentication" %}</h3> | ||||||
|  |             </div> | ||||||
|  |             <div class="card-header"> | ||||||
|  |                 <div class="alert alert-info"> | ||||||
|  |                     <p> | ||||||
|  |                         La Note Kfet implémente également le protocole <a href="https://oauth.net/2/">OAuth2</a>, afin de | ||||||
|  |                         permettre à des applications tierces d'interagir avec la Note en récoltant des informations | ||||||
|  |                         (de connexion par exemple) voir en permettant des modifications à distance, par exemple lorsqu'il | ||||||
|  |                         s'agit d'avoir un site marchand sur lequel faire des transactions via la Note Kfet. | ||||||
|  |                     </p> | ||||||
|  |  | ||||||
|  |                     <p> | ||||||
|  |                         L'usage de ce protocole est recommandé pour tout usage non personnel, car permet de mieux cibler | ||||||
|  |                         les droits dont on a besoin, en restreignant leur usage par jeton généré. | ||||||
|  |                     </p> | ||||||
|  |  | ||||||
|  |                     <p> | ||||||
|  |                         La documentation vis-à-vis de l'usage de ce protocole est disponible ici : | ||||||
|  |                         <a href="/doc/external_services/oauth2/">{{ request.scheme }}://{{ request.get_host }}/doc/external_services/oauth2/</a>. | ||||||
|  |                     </p> | ||||||
|  |                 </div> | ||||||
|  |  | ||||||
|  |                 Liste des URL à communiquer à votre application : | ||||||
|  |  | ||||||
|  |                 <ul> | ||||||
|  |                     <li> | ||||||
|  |                         {% trans "Authorization:" %} | ||||||
|  |                         <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}</a> | ||||||
|  |                     </li> | ||||||
|  |                     <li> | ||||||
|  |                         {% trans "Token:" %} | ||||||
|  |                         <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:token' %}</a> | ||||||
|  |                     </li> | ||||||
|  |                     <li> | ||||||
|  |                         {% trans "Revoke Token:" %} | ||||||
|  |                         <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:revoke-token' %}</a> | ||||||
|  |                     </li> | ||||||
|  |                     <li> | ||||||
|  |                         {% trans "Introspect Token:" %} | ||||||
|  |                         <a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:introspect' %}</a> | ||||||
|  |                     </li> | ||||||
|  |                 </ul> | ||||||
|  |             </div> | ||||||
|  |             <div class="card-footer text-center"> | ||||||
|  |                 <a class="btn btn-primary" href="{% url 'oauth2_provider:list' %}">{% trans "Show my applications" %}</a> | ||||||
|  |             </div> | ||||||
|  |         </div> | ||||||
|  |     </div> | ||||||
| </div> | </div> | ||||||
|  |  | ||||||
| <div class="alert alert-info"> |  | ||||||
|     <strong>{%trans  'Token' %} :</strong> |  | ||||||
|     {% if 'show' in request.GET %} |  | ||||||
|     {{ token.key }} (<a href="?">cacher</a>) |  | ||||||
|     {% else %} |  | ||||||
|     <em>caché</em> (<a href="?show">montrer</a>) |  | ||||||
|     {% endif %} |  | ||||||
|     <br /> |  | ||||||
|     <strong>{%trans  'Created' %} :</strong> {{ token.created }} |  | ||||||
| </div> |  | ||||||
|  |  | ||||||
| <div class="alert alert-warning"> |  | ||||||
|     <strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton ! |  | ||||||
| </div> |  | ||||||
|  |  | ||||||
| <a href="?regenerate"> |  | ||||||
|     <button class="btn btn-primary">{% trans 'Regenerate token' %}</button> |  | ||||||
| </a> |  | ||||||
| {% endblock %} | {% endblock %} | ||||||
							
								
								
									
										41
									
								
								apps/member/templates/member/profile_trust.html
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								apps/member/templates/member/profile_trust.html
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,41 @@ | |||||||
|  | {% extends "member/base.html" %} | ||||||
|  | {% comment %} | ||||||
|  | SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  | {% endcomment %} | ||||||
|  | {% load static django_tables2 i18n %} | ||||||
|  |  | ||||||
|  | {% block profile_content %} | ||||||
|  | <div class="card bg-light mb-3"> | ||||||
|  |     <h3 class="card-header text-center"> | ||||||
|  |         {% trans "Note friendships" %} | ||||||
|  |     </h3> | ||||||
|  |     <div class="card-body"> | ||||||
|  |         {% if can_create %} | ||||||
|  |             <form class="input-group" method="POST" id="form_trust"> | ||||||
|  |                 {% csrf_token %} | ||||||
|  |                 <input type="hidden" name="trusting" value="{{ object.note.pk }}"> | ||||||
|  |                 {%include "autocomplete_model.html" %} | ||||||
|  |                 <div class="input-group-append"> | ||||||
|  |                     <input type="submit" class="btn btn-success" value="{% trans "Add" %}"> | ||||||
|  |                 </div> | ||||||
|  |             </form> | ||||||
|  |         {% endif %} | ||||||
|  |     </div> | ||||||
|  |     {% render_table trusting %} | ||||||
|  | </div> | ||||||
|  |  | ||||||
|  | <div class="alert alert-warning card"> | ||||||
|  |     {% blocktrans trimmed %} | ||||||
|  |         Adding someone as a friend enables them to initiate transactions coming | ||||||
|  |         from your account (while keeping your balance positive). This is | ||||||
|  |         designed to simplify using note kfet transfers to transfer money between | ||||||
|  |         users. The intent is that one person can make all transfers for a group of | ||||||
|  |         friends without needing additional rights among them. | ||||||
|  |     {% endblocktrans %} | ||||||
|  | </div> | ||||||
|  | {% endblock %} | ||||||
|  |  | ||||||
|  | {% block extrajavascript %} | ||||||
|  | <script src="{% static "member/js/trust.js" %}"></script> | ||||||
|  | <script src="{% static "js/autocomplete_model.js" %}"></script> | ||||||
|  | {% endblock%} | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from datetime import date | from datetime import date | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.contrib.auth.models import User | from django.contrib.auth.models import User | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import hashlib | import hashlib | ||||||
| @@ -291,7 +291,7 @@ class TestMemberships(TestCase): | |||||||
|  |  | ||||||
|         response = self.client.post(reverse("member:club_manage_roles", args=(self.membership.pk,)), data=dict( |         response = self.client.post(reverse("member:club_manage_roles", args=(self.membership.pk,)), data=dict( | ||||||
|             roles=[role.id for role in Role.objects.filter( |             roles=[role.id for role in Role.objects.filter( | ||||||
|                 Q(name="Membre de club") | Q(name="Trésorier·ère de club") | Q(name="Bureau de club")).all()], |                 Q(name="Membre de club") | Q(name="Trésorièr⋅e de club") | Q(name="Bureau de club")).all()], | ||||||
|         )) |         )) | ||||||
|         self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200) |         self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200) | ||||||
|         self.membership.refresh_from_db() |         self.membership.refresh_from_db() | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.urls import path | from django.urls import path | ||||||
| @@ -23,5 +23,6 @@ urlpatterns = [ | |||||||
|     path('user/<int:pk>/update/', views.UserUpdateView.as_view(), name="user_update_profile"), |     path('user/<int:pk>/update/', views.UserUpdateView.as_view(), name="user_update_profile"), | ||||||
|     path('user/<int:pk>/update_pic/', views.ProfilePictureUpdateView.as_view(), name="user_update_pic"), |     path('user/<int:pk>/update_pic/', views.ProfilePictureUpdateView.as_view(), name="user_update_pic"), | ||||||
|     path('user/<int:pk>/aliases/', views.ProfileAliasView.as_view(), name="user_alias"), |     path('user/<int:pk>/aliases/', views.ProfileAliasView.as_view(), name="user_alias"), | ||||||
|  |     path('user/<int:pk>/trust', views.ProfileTrustView.as_view(), name="user_trust"), | ||||||
|     path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'), |     path('manage-auth-token/', views.ManageAuthTokens.as_view(), name='auth_token'), | ||||||
| ] | ] | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from datetime import timedelta, date | from datetime import timedelta, date | ||||||
| @@ -8,6 +8,7 @@ from django.contrib.auth import logout | |||||||
| from django.contrib.auth.mixins import LoginRequiredMixin | from django.contrib.auth.mixins import LoginRequiredMixin | ||||||
| from django.contrib.auth.models import User | from django.contrib.auth.models import User | ||||||
| from django.contrib.auth.views import LoginView | from django.contrib.auth.views import LoginView | ||||||
|  | from django.contrib.contenttypes.models import ContentType | ||||||
| from django.db import transaction | from django.db import transaction | ||||||
| from django.db.models import Q, F | from django.db.models import Q, F | ||||||
| from django.shortcuts import redirect | from django.shortcuts import redirect | ||||||
| @@ -18,10 +19,10 @@ from django.views.generic import DetailView, UpdateView, TemplateView | |||||||
| from django.views.generic.edit import FormMixin | from django.views.generic.edit import FormMixin | ||||||
| from django_tables2.views import SingleTableView | from django_tables2.views import SingleTableView | ||||||
| from rest_framework.authtoken.models import Token | from rest_framework.authtoken.models import Token | ||||||
| from note.models import Alias, NoteUser | from note.models import Alias, NoteClub, NoteUser, Trust | ||||||
| from note.models.transactions import Transaction, SpecialTransaction | from note.models.transactions import Transaction, SpecialTransaction | ||||||
| from note.tables import HistoryTable, AliasTable | from note.tables import HistoryTable, AliasTable, TrustTable | ||||||
| from note_kfet.middlewares import _set_current_user_and_ip | from note_kfet.middlewares import _set_current_request | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
| from permission.models import Role | from permission.models import Role | ||||||
| from permission.views import ProtectQuerysetMixin, ProtectedCreateView | from permission.views import ProtectQuerysetMixin, ProtectedCreateView | ||||||
| @@ -41,7 +42,8 @@ class CustomLoginView(LoginView): | |||||||
|     @transaction.atomic |     @transaction.atomic | ||||||
|     def form_valid(self, form): |     def form_valid(self, form): | ||||||
|         logout(self.request) |         logout(self.request) | ||||||
|         _set_current_user_and_ip(form.get_user(), self.request.session, None) |         self.request.user = form.get_user() | ||||||
|  |         _set_current_request(self.request) | ||||||
|         self.request.session['permission_mask'] = form.cleaned_data['permission_mask'].rank |         self.request.session['permission_mask'] = form.cleaned_data['permission_mask'].rank | ||||||
|         return super().form_valid(form) |         return super().form_valid(form) | ||||||
|  |  | ||||||
| @@ -70,7 +72,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): | |||||||
|         form.fields['email'].required = True |         form.fields['email'].required = True | ||||||
|         form.fields['email'].help_text = _("This address must be valid.") |         form.fields['email'].help_text = _("This address must be valid.") | ||||||
|  |  | ||||||
|         if PermissionBackend.check_perm(self.request.user, "member.change_profile", context['user_object'].profile): |         if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): | ||||||
|             context['profile_form'] = self.profile_form(instance=context['user_object'].profile, |             context['profile_form'] = self.profile_form(instance=context['user_object'].profile, | ||||||
|                                                         data=self.request.POST if self.request.POST else None) |                                                         data=self.request.POST if self.request.POST else None) | ||||||
|             if not self.object.profile.report_frequency: |             if not self.object.profile.report_frequency: | ||||||
| @@ -153,13 +155,13 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         history_list = \ |         history_list = \ | ||||||
|             Transaction.objects.all().filter(Q(source=user.note) | Q(destination=user.note))\ |             Transaction.objects.all().filter(Q(source=user.note) | Q(destination=user.note))\ | ||||||
|             .order_by("-created_at")\ |             .order_by("-created_at")\ | ||||||
|             .filter(PermissionBackend.filter_queryset(self.request.user, Transaction, "view")) |             .filter(PermissionBackend.filter_queryset(self.request, Transaction, "view")) | ||||||
|         history_table = HistoryTable(history_list, prefix='transaction-') |         history_table = HistoryTable(history_list, prefix='transaction-') | ||||||
|         history_table.paginate(per_page=20, page=self.request.GET.get("transaction-page", 1)) |         history_table.paginate(per_page=20, page=self.request.GET.get("transaction-page", 1)) | ||||||
|         context['history_list'] = history_table |         context['history_list'] = history_table | ||||||
|  |  | ||||||
|         club_list = Membership.objects.filter(user=user, date_end__gte=date.today() - timedelta(days=15))\ |         club_list = Membership.objects.filter(user=user, date_end__gte=date.today() - timedelta(days=15))\ | ||||||
|             .filter(PermissionBackend.filter_queryset(self.request.user, Membership, "view"))\ |             .filter(PermissionBackend.filter_queryset(self.request, Membership, "view"))\ | ||||||
|             .order_by("club__name", "-date_start") |             .order_by("club__name", "-date_start") | ||||||
|         # Display only the most recent membership |         # Display only the most recent membership | ||||||
|         club_list = club_list.distinct("club__name")\ |         club_list = club_list.distinct("club__name")\ | ||||||
| @@ -173,24 +175,23 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|             modified_note = NoteUser.objects.get(pk=user.note.pk) |             modified_note = NoteUser.objects.get(pk=user.note.pk) | ||||||
|             # Don't log these tests |             # Don't log these tests | ||||||
|             modified_note._no_signal = True |             modified_note._no_signal = True | ||||||
|             modified_note.is_active = True |             modified_note.is_active = False | ||||||
|             modified_note.inactivity_reason = 'manual' |             modified_note.inactivity_reason = 'manual' | ||||||
|             context["can_lock_note"] = user.note.is_active and PermissionBackend\ |             context["can_lock_note"] = user.note.is_active and PermissionBackend\ | ||||||
|                                            .check_perm(self.request.user, "note.change_noteuser_is_active", |                                            .check_perm(self.request, "note.change_noteuser_is_active", modified_note) | ||||||
|                                                        modified_note) |  | ||||||
|             old_note = NoteUser.objects.select_for_update().get(pk=user.note.pk) |             old_note = NoteUser.objects.select_for_update().get(pk=user.note.pk) | ||||||
|             modified_note.inactivity_reason = 'forced' |             modified_note.inactivity_reason = 'forced' | ||||||
|             modified_note._force_save = True |             modified_note._force_save = True | ||||||
|             modified_note.save() |             modified_note.save() | ||||||
|             context["can_force_lock"] = user.note.is_active and PermissionBackend\ |             context["can_force_lock"] = user.note.is_active and PermissionBackend\ | ||||||
|                 .check_perm(self.request.user, "note.change_note_is_active", modified_note) |                 .check_perm(self.request, "note.change_noteuser_is_active", modified_note) | ||||||
|             old_note._force_save = True |             old_note._force_save = True | ||||||
|             old_note._no_signal = True |             old_note._no_signal = True | ||||||
|             old_note.save() |             old_note.save() | ||||||
|             modified_note.refresh_from_db() |             modified_note.refresh_from_db() | ||||||
|             modified_note.is_active = True |             modified_note.is_active = True | ||||||
|             context["can_unlock_note"] = not user.note.is_active and PermissionBackend\ |             context["can_unlock_note"] = not user.note.is_active and PermissionBackend\ | ||||||
|                 .check_perm(self.request.user, "note.change_note_is_active", modified_note) |                 .check_perm(self.request, "note.change_noteuser_is_active", modified_note) | ||||||
|  |  | ||||||
|         return context |         return context | ||||||
|  |  | ||||||
| @@ -237,12 +238,45 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): | |||||||
|  |  | ||||||
|     def get_context_data(self, **kwargs): |     def get_context_data(self, **kwargs): | ||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|         pre_registered_users = User.objects.filter(PermissionBackend.filter_queryset(self.request.user, User, "view"))\ |         pre_registered_users = User.objects.filter(PermissionBackend.filter_queryset(self.request, User, "view"))\ | ||||||
|             .filter(profile__registration_valid=False) |             .filter(profile__registration_valid=False) | ||||||
|         context["can_manage_registrations"] = pre_registered_users.exists() |         context["can_manage_registrations"] = pre_registered_users.exists() | ||||||
|         return context |         return context | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class ProfileTrustView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | ||||||
|  |     """ | ||||||
|  |     View and manage user trust relationships | ||||||
|  |     """ | ||||||
|  |     model = User | ||||||
|  |     template_name = 'member/profile_trust.html' | ||||||
|  |     context_object_name = 'user_object' | ||||||
|  |     extra_context = {"title": _("Note friendships")} | ||||||
|  |  | ||||||
|  |     def get_context_data(self, **kwargs): | ||||||
|  |         context = super().get_context_data(**kwargs) | ||||||
|  |         note = context['object'].note | ||||||
|  |         context["trusting"] = TrustTable( | ||||||
|  |             note.trusting.filter(PermissionBackend.filter_queryset(self.request, Trust, "view")).distinct().all()) | ||||||
|  |         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_trust", Trust( | ||||||
|  |             trusting=context["object"].note, | ||||||
|  |             trusted=context["object"].note | ||||||
|  |         )) | ||||||
|  |         context["widget"] = { | ||||||
|  |             "name": "trusted", | ||||||
|  |             "attrs": { | ||||||
|  |                 "model_pk": ContentType.objects.get_for_model(Alias).pk, | ||||||
|  |                 "class": "autocomplete form-control", | ||||||
|  |                 "id": "trusted", | ||||||
|  |                 "resetable": True, | ||||||
|  |                 "api_url": "/api/note/alias/?note__polymorphic_ctype__model=noteuser", | ||||||
|  |                 "name_field": "name", | ||||||
|  |                 "placeholder": "" | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |         return context | ||||||
|  |  | ||||||
|  |  | ||||||
| class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | ||||||
|     """ |     """ | ||||||
|     View and manage user aliases. |     View and manage user aliases. | ||||||
| @@ -256,8 +290,9 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|         note = context['object'].note |         note = context['object'].note | ||||||
|         context["aliases"] = AliasTable( |         context["aliases"] = AliasTable( | ||||||
|             note.alias.filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all()) |             note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct() | ||||||
|         context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias( |             .order_by('normalized_name').all()) | ||||||
|  |         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias( | ||||||
|             note=context["object"].note, |             note=context["object"].note, | ||||||
|             name="", |             name="", | ||||||
|             normalized_name="", |             normalized_name="", | ||||||
| @@ -382,7 +417,7 @@ class ClubListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): | |||||||
|  |  | ||||||
|     def get_context_data(self, **kwargs): |     def get_context_data(self, **kwargs): | ||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|         context["can_add_club"] = PermissionBackend.check_perm(self.request.user, "member.add_club", Club( |         context["can_add_club"] = PermissionBackend.check_perm(self.request, "member.add_club", Club( | ||||||
|             name="", |             name="", | ||||||
|             email="club@example.com", |             email="club@example.com", | ||||||
|         )) |         )) | ||||||
| @@ -403,9 +438,12 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         """ |         """ | ||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|  |  | ||||||
|         club = context["club"] |         club = self.object | ||||||
|         if PermissionBackend.check_perm(self.request.user, "member.change_club_membership_start", club): |         context["note"] = club.note | ||||||
|  |  | ||||||
|  |         if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club): | ||||||
|             club.update_membership_dates() |             club.update_membership_dates() | ||||||
|  |  | ||||||
|         # managers list |         # managers list | ||||||
|         managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club", |         managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club", | ||||||
|                                              date_start__lte=date.today(), date_end__gte=date.today())\ |                                              date_start__lte=date.today(), date_end__gte=date.today())\ | ||||||
| @@ -413,7 +451,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         context["managers"] = ClubManagerTable(data=managers, prefix="managers-") |         context["managers"] = ClubManagerTable(data=managers, prefix="managers-") | ||||||
|         # transaction history |         # transaction history | ||||||
|         club_transactions = Transaction.objects.all().filter(Q(source=club.note) | Q(destination=club.note))\ |         club_transactions = Transaction.objects.all().filter(Q(source=club.note) | Q(destination=club.note))\ | ||||||
|             .filter(PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))\ |             .filter(PermissionBackend.filter_queryset(self.request, Transaction, "view"))\ | ||||||
|             .order_by('-created_at') |             .order_by('-created_at') | ||||||
|         history_table = HistoryTable(club_transactions, prefix="history-") |         history_table = HistoryTable(club_transactions, prefix="history-") | ||||||
|         history_table.paginate(per_page=20, page=self.request.GET.get('history-page', 1)) |         history_table.paginate(per_page=20, page=self.request.GET.get('history-page', 1)) | ||||||
| @@ -422,7 +460,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         club_member = Membership.objects.filter( |         club_member = Membership.objects.filter( | ||||||
|             club=club, |             club=club, | ||||||
|             date_end__gte=date.today() - timedelta(days=15), |             date_end__gte=date.today() - timedelta(days=15), | ||||||
|         ).filter(PermissionBackend.filter_queryset(self.request.user, Membership, "view"))\ |         ).filter(PermissionBackend.filter_queryset(self.request, Membership, "view"))\ | ||||||
|             .order_by("user__username", "-date_start") |             .order_by("user__username", "-date_start") | ||||||
|         # Display only the most recent membership |         # Display only the most recent membership | ||||||
|         club_member = club_member.distinct("user__username")\ |         club_member = club_member.distinct("user__username")\ | ||||||
| @@ -443,6 +481,29 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         context["can_add_members"] = PermissionBackend()\ |         context["can_add_members"] = PermissionBackend()\ | ||||||
|             .has_perm(self.request.user, "member.add_membership", empty_membership) |             .has_perm(self.request.user, "member.add_membership", empty_membership) | ||||||
|  |  | ||||||
|  |         # Check permissions to see if the authenticated user can lock/unlock the note | ||||||
|  |         with transaction.atomic(): | ||||||
|  |             modified_note = NoteClub.objects.get(pk=club.note.pk) | ||||||
|  |             # Don't log these tests | ||||||
|  |             modified_note._no_signal = True | ||||||
|  |             modified_note.is_active = False | ||||||
|  |             modified_note.inactivity_reason = 'manual' | ||||||
|  |             context["can_lock_note"] = club.note.is_active and PermissionBackend \ | ||||||
|  |                 .check_perm(self.request, "note.change_noteclub_is_active", modified_note) | ||||||
|  |             old_note = NoteClub.objects.select_for_update().get(pk=club.note.pk) | ||||||
|  |             modified_note.inactivity_reason = 'forced' | ||||||
|  |             modified_note._force_save = True | ||||||
|  |             modified_note.save() | ||||||
|  |             context["can_force_lock"] = club.note.is_active and PermissionBackend \ | ||||||
|  |                 .check_perm(self.request, "note.change_noteclub_is_active", modified_note) | ||||||
|  |             old_note._force_save = True | ||||||
|  |             old_note._no_signal = True | ||||||
|  |             old_note.save() | ||||||
|  |             modified_note.refresh_from_db() | ||||||
|  |             modified_note.is_active = True | ||||||
|  |             context["can_unlock_note"] = not club.note.is_active and PermissionBackend \ | ||||||
|  |                 .check_perm(self.request, "note.change_noteclub_is_active", modified_note) | ||||||
|  |  | ||||||
|         return context |         return context | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -459,8 +520,8 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): | |||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|         note = context['object'].note |         note = context['object'].note | ||||||
|         context["aliases"] = AliasTable(note.alias.filter( |         context["aliases"] = AliasTable(note.alias.filter( | ||||||
|             PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all()) |             PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all()) | ||||||
|         context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias( |         context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias( | ||||||
|             note=context["object"].note, |             note=context["object"].note, | ||||||
|             name="", |             name="", | ||||||
|             normalized_name="", |             normalized_name="", | ||||||
| @@ -535,7 +596,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|         form = context['form'] |         form = context['form'] | ||||||
|  |  | ||||||
|         if "club_pk" in self.kwargs:  # We create a new membership. |         if "club_pk" in self.kwargs:  # We create a new membership. | ||||||
|             club = Club.objects.filter(PermissionBackend.filter_queryset(self.request.user, Club, "view"))\ |             club = Club.objects.filter(PermissionBackend.filter_queryset(self.request, Club, "view"))\ | ||||||
|                 .get(pk=self.kwargs["club_pk"], weiclub=None) |                 .get(pk=self.kwargs["club_pk"], weiclub=None) | ||||||
|             form.fields['credit_amount'].initial = club.membership_fee_paid |             form.fields['credit_amount'].initial = club.membership_fee_paid | ||||||
|             # Ensure that the user is member of the parent club and all its the family tree. |             # Ensure that the user is member of the parent club and all its the family tree. | ||||||
| @@ -625,9 +686,6 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|         # Retrieve form data |         # Retrieve form data | ||||||
|         credit_type = form.cleaned_data["credit_type"] |         credit_type = form.cleaned_data["credit_type"] | ||||||
|         credit_amount = form.cleaned_data["credit_amount"] |         credit_amount = form.cleaned_data["credit_amount"] | ||||||
|         last_name = form.cleaned_data["last_name"] |  | ||||||
|         first_name = form.cleaned_data["first_name"] |  | ||||||
|         bank = form.cleaned_data["bank"] |  | ||||||
|         soge = form.cleaned_data["soge"] and not user.profile.soge and (club.name == "BDE" or club.name == "Kfet") |         soge = form.cleaned_data["soge"] and not user.profile.soge and (club.name == "BDE" or club.name == "Kfet") | ||||||
|  |  | ||||||
|         if not credit_type: |         if not credit_type: | ||||||
| @@ -658,8 +716,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|         if club.name != "Kfet" and club.parent_club and not Membership.objects.filter( |         if club.name != "Kfet" and club.parent_club and not Membership.objects.filter( | ||||||
|                 user=form.instance.user, |                 user=form.instance.user, | ||||||
|                 club=club.parent_club, |                 club=club.parent_club, | ||||||
|                 date_start__lte=timezone.now(), |                 date_start__gte=club.parent_club.membership_start, | ||||||
|                 date_end__gte=club.parent_club.membership_end, |  | ||||||
|         ).exists(): |         ).exists(): | ||||||
|             form.add_error('user', _('User is not a member of the parent club') + ' ' + club.parent_club.name) |             form.add_error('user', _('User is not a member of the parent club') + ' ' + club.parent_club.name) | ||||||
|             error = True |             error = True | ||||||
| @@ -674,17 +731,9 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|                            .format(form.instance.club.membership_end)) |                            .format(form.instance.club.membership_end)) | ||||||
|             error = True |             error = True | ||||||
|  |  | ||||||
|         if credit_amount: |         if credit_amount and not SpecialTransaction.validate_payment_form(form): | ||||||
|             if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"): |             # Check that special information for payment are filled | ||||||
|                 if not last_name: |             error = True | ||||||
|                     form.add_error('last_name', _("This field is required.")) |  | ||||||
|                     error = True |  | ||||||
|                 if not first_name: |  | ||||||
|                     form.add_error('first_name', _("This field is required.")) |  | ||||||
|                     error = True |  | ||||||
|                 if not bank and credit_type.special_type == "Chèque": |  | ||||||
|                     form.add_error('bank', _("This field is required.")) |  | ||||||
|                     error = True |  | ||||||
|  |  | ||||||
|         return not error |         return not error | ||||||
|  |  | ||||||
| @@ -695,7 +744,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|         """ |         """ | ||||||
|         # Get the club that is concerned by the membership |         # Get the club that is concerned by the membership | ||||||
|         if "club_pk" in self.kwargs:  # get from url of new membership |         if "club_pk" in self.kwargs:  # get from url of new membership | ||||||
|             club = Club.objects.filter(PermissionBackend.filter_queryset(self.request.user, Club, "view")) \ |             club = Club.objects.filter(PermissionBackend.filter_queryset(self.request, Club, "view")) \ | ||||||
|                 .get(pk=self.kwargs["club_pk"]) |                 .get(pk=self.kwargs["club_pk"]) | ||||||
|             user = form.instance.user |             user = form.instance.user | ||||||
|             old_membership = None |             old_membership = None | ||||||
| @@ -771,8 +820,8 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|  |  | ||||||
|         ret = super().form_valid(form) |         ret = super().form_valid(form) | ||||||
|  |  | ||||||
|         member_role = Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all() \ |         member_role = Role.objects.filter(Q(name="Adhérent⋅e BDE") | Q(name="Membre de club")).all() \ | ||||||
|             if club.name == "BDE" else Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all() \ |             if club.name == "BDE" else Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all() \ | ||||||
|             if club.name == "Kfet"else Role.objects.filter(name="Membre de club").all() |             if club.name == "Kfet"else Role.objects.filter(name="Membre de club").all() | ||||||
|         # Set the same roles as before |         # Set the same roles as before | ||||||
|         if old_membership: |         if old_membership: | ||||||
| @@ -808,7 +857,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView): | |||||||
|                 membership.refresh_from_db() |                 membership.refresh_from_db() | ||||||
|                 if old_membership.exists(): |                 if old_membership.exists(): | ||||||
|                     membership.roles.set(old_membership.get().roles.all()) |                     membership.roles.set(old_membership.get().roles.all()) | ||||||
|                 membership.roles.set(Role.objects.filter(Q(name="Adhérent Kfet") | Q(name="Membre de club")).all()) |                 membership.roles.set(Role.objects.filter(Q(name="Adhérent⋅e Kfet") | Q(name="Membre de club")).all()) | ||||||
|                 membership.save() |                 membership.save() | ||||||
|  |  | ||||||
|         return ret |         return ret | ||||||
| @@ -879,7 +928,7 @@ class ClubMembersListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableV | |||||||
|     def get_context_data(self, **kwargs): |     def get_context_data(self, **kwargs): | ||||||
|         context = super().get_context_data(**kwargs) |         context = super().get_context_data(**kwargs) | ||||||
|         club = Club.objects.filter( |         club = Club.objects.filter( | ||||||
|             PermissionBackend.filter_queryset(self.request.user, Club, "view") |             PermissionBackend.filter_queryset(self.request, Club, "view") | ||||||
|         ).get(pk=self.kwargs["pk"]) |         ).get(pk=self.kwargs["pk"]) | ||||||
|         context["club"] = club |         context["club"] = club | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| default_app_config = 'note.apps.NoteConfig' | default_app_config = 'note.apps.NoteConfig' | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.contrib import admin | from django.contrib import admin | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| @@ -8,11 +8,11 @@ from rest_framework.exceptions import ValidationError | |||||||
| from rest_polymorphic.serializers import PolymorphicSerializer | from rest_polymorphic.serializers import PolymorphicSerializer | ||||||
| from member.api.serializers import MembershipSerializer | from member.api.serializers import MembershipSerializer | ||||||
| from member.models import Membership | from member.models import Membership | ||||||
| from note_kfet.middlewares import get_current_authenticated_user | from note_kfet.middlewares import get_current_request | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
| from rest_framework.utils import model_meta | from rest_framework.utils import model_meta | ||||||
|  |  | ||||||
| from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias | from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias, Trust | ||||||
| from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \ | from ..models.transactions import TransactionTemplate, Transaction, MembershipTransaction, TemplateCategory, \ | ||||||
|     RecurrentTransaction, SpecialTransaction |     RecurrentTransaction, SpecialTransaction | ||||||
|  |  | ||||||
| @@ -77,6 +77,22 @@ class NoteUserSerializer(serializers.ModelSerializer): | |||||||
|         return str(obj) |         return str(obj) | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class TrustSerializer(serializers.ModelSerializer): | ||||||
|  |     """ | ||||||
|  |     REST API Serializer for Trusts. | ||||||
|  |     The djangorestframework plugin will analyse the model `Trust` and parse all fields in the API. | ||||||
|  |     """ | ||||||
|  |  | ||||||
|  |     class Meta: | ||||||
|  |         model = Trust | ||||||
|  |         fields = '__all__' | ||||||
|  |  | ||||||
|  |     def validate(self, attrs): | ||||||
|  |         instance = Trust(**attrs) | ||||||
|  |         instance.clean() | ||||||
|  |         return attrs | ||||||
|  |  | ||||||
|  |  | ||||||
| class AliasSerializer(serializers.ModelSerializer): | class AliasSerializer(serializers.ModelSerializer): | ||||||
|     """ |     """ | ||||||
|     REST API Serializer for Aliases. |     REST API Serializer for Aliases. | ||||||
| @@ -126,7 +142,7 @@ class ConsumerSerializer(serializers.ModelSerializer): | |||||||
|         """ |         """ | ||||||
|         # If the user has no right to see the note, then we only display the note identifier |         # If the user has no right to see the note, then we only display the note identifier | ||||||
|         return NotePolymorphicSerializer().to_representation(obj.note)\ |         return NotePolymorphicSerializer().to_representation(obj.note)\ | ||||||
|             if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", obj.note)\ |             if PermissionBackend.check_perm(get_current_request(), "note.view_note", obj.note)\ | ||||||
|             else dict( |             else dict( | ||||||
|             id=obj.note.id, |             id=obj.note.id, | ||||||
|             name=str(obj.note), |             name=str(obj.note), | ||||||
| @@ -142,7 +158,7 @@ class ConsumerSerializer(serializers.ModelSerializer): | |||||||
|     def get_membership(self, obj): |     def get_membership(self, obj): | ||||||
|         if isinstance(obj.note, NoteUser): |         if isinstance(obj.note, NoteUser): | ||||||
|             memberships = Membership.objects.filter( |             memberships = Membership.objects.filter( | ||||||
|                 PermissionBackend.filter_queryset(get_current_authenticated_user(), Membership, "view")).filter( |                 PermissionBackend.filter_queryset(get_current_request(), Membership, "view")).filter( | ||||||
|                 user=obj.note.user, |                 user=obj.note.user, | ||||||
|                 club=2,  # Kfet |                 club=2,  # Kfet | ||||||
|             ).order_by("-date_start") |             ).order_by("-date_start") | ||||||
|   | |||||||
| @@ -1,8 +1,9 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \ | from .views import NotePolymorphicViewSet, AliasViewSet, ConsumerViewSet, \ | ||||||
|     TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet |     TemplateCategoryViewSet, TransactionViewSet, TransactionTemplateViewSet, \ | ||||||
|  |     TrustViewSet | ||||||
|  |  | ||||||
|  |  | ||||||
| def register_note_urls(router, path): | def register_note_urls(router, path): | ||||||
| @@ -11,6 +12,7 @@ def register_note_urls(router, path): | |||||||
|     """ |     """ | ||||||
|     router.register(path + '/note', NotePolymorphicViewSet) |     router.register(path + '/note', NotePolymorphicViewSet) | ||||||
|     router.register(path + '/alias', AliasViewSet) |     router.register(path + '/alias', AliasViewSet) | ||||||
|  |     router.register(path + '/trust', TrustViewSet) | ||||||
|     router.register(path + '/consumer', ConsumerViewSet) |     router.register(path + '/consumer', ConsumerViewSet) | ||||||
|  |  | ||||||
|     router.register(path + '/transaction/category', TemplateCategoryViewSet) |     router.register(path + '/transaction/category', TemplateCategoryViewSet) | ||||||
|   | |||||||
| @@ -1,5 +1,6 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  | import re | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.db.models import Q | from django.db.models import Q | ||||||
| @@ -10,12 +11,12 @@ from rest_framework import viewsets | |||||||
| from rest_framework.response import Response | from rest_framework.response import Response | ||||||
| from rest_framework import status | from rest_framework import status | ||||||
| from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet | from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet | ||||||
| from note_kfet.middlewares import get_current_session |  | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
|  |  | ||||||
| from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\ | from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\ | ||||||
|     TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer |     TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer, \ | ||||||
| from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial |     TrustSerializer | ||||||
|  | from ..models.notes import Note, Alias, NoteUser, NoteClub, NoteSpecial, Trust | ||||||
| from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory | from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -40,12 +41,11 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet): | |||||||
|         Parse query and apply filters. |         Parse query and apply filters. | ||||||
|         :return: The filtered set of requested notes |         :return: The filtered set of requested notes | ||||||
|         """ |         """ | ||||||
|         user = self.request.user |         queryset = self.queryset.filter(PermissionBackend.filter_queryset(self.request, Note, "view") | ||||||
|         get_current_session().setdefault("permission_mask", 42) |                                         | PermissionBackend.filter_queryset(self.request, NoteUser, "view") | ||||||
|         queryset = self.queryset.filter(PermissionBackend.filter_queryset(user, Note, "view") |                                         | PermissionBackend.filter_queryset(self.request, NoteClub, "view") | ||||||
|                                         | PermissionBackend.filter_queryset(user, NoteUser, "view") |                                         | PermissionBackend.filter_queryset(self.request, NoteSpecial, "view"))\ | ||||||
|                                         | PermissionBackend.filter_queryset(user, NoteClub, "view") |             .distinct() | ||||||
|                                         | PermissionBackend.filter_queryset(user, NoteSpecial, "view")).distinct() |  | ||||||
|  |  | ||||||
|         alias = self.request.query_params.get("alias", ".*") |         alias = self.request.query_params.get("alias", ".*") | ||||||
|         queryset = queryset.filter( |         queryset = queryset.filter( | ||||||
| @@ -57,17 +57,48 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet): | |||||||
|         return queryset.order_by("id") |         return queryset.order_by("id") | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class TrustViewSet(ReadProtectedModelViewSet): | ||||||
|  |     """ | ||||||
|  |     REST Trust View set. | ||||||
|  |     The djangorestframework plugin will get all `Trust` objects, serialize it to JSON with the given serializer, | ||||||
|  |     then render it on /api/note/trust/ | ||||||
|  |     """ | ||||||
|  |     queryset = Trust.objects | ||||||
|  |     serializer_class = TrustSerializer | ||||||
|  |     filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter] | ||||||
|  |     search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name', | ||||||
|  |                      '$trusted__alias__name', '$trusted__alias__normalized_name'] | ||||||
|  |     filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user'] | ||||||
|  |     ordering_fields = ['trusting', 'trusted', ] | ||||||
|  |  | ||||||
|  |     def get_serializer_class(self): | ||||||
|  |         serializer_class = self.serializer_class | ||||||
|  |         if self.request.method in ['PUT', 'PATCH']: | ||||||
|  |             # trust relationship can't change people involved | ||||||
|  |             serializer_class.Meta.read_only_fields = ('trusting', 'trusting',) | ||||||
|  |         return serializer_class | ||||||
|  |  | ||||||
|  |     def destroy(self, request, *args, **kwargs): | ||||||
|  |         instance = self.get_object() | ||||||
|  |         try: | ||||||
|  |             self.perform_destroy(instance) | ||||||
|  |         except ValidationError as e: | ||||||
|  |             return Response({e.code: str(e)}, status.HTTP_400_BAD_REQUEST) | ||||||
|  |         return Response(status=status.HTTP_204_NO_CONTENT) | ||||||
|  |  | ||||||
|  |  | ||||||
| class AliasViewSet(ReadProtectedModelViewSet): | class AliasViewSet(ReadProtectedModelViewSet): | ||||||
|     """ |     """ | ||||||
|     REST API View set. |     REST API View set. | ||||||
|     The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer, |     The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer, | ||||||
|     then render it on /api/aliases/ |     then render it on /api/note/aliases/ | ||||||
|     """ |     """ | ||||||
|     queryset = Alias.objects |     queryset = Alias.objects | ||||||
|     serializer_class = AliasSerializer |     serializer_class = AliasSerializer | ||||||
|     filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter] |     filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter] | ||||||
|     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ] |     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ] | ||||||
|     filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ] |     filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user', | ||||||
|  |                         'note__noteclub__club', 'note__polymorphic_ctype__model', ] | ||||||
|     ordering_fields = ['name', 'normalized_name', ] |     ordering_fields = ['name', 'normalized_name', ] | ||||||
|  |  | ||||||
|     def get_serializer_class(self): |     def get_serializer_class(self): | ||||||
| @@ -118,7 +149,8 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet): | |||||||
|     serializer_class = ConsumerSerializer |     serializer_class = ConsumerSerializer | ||||||
|     filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend] |     filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend] | ||||||
|     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ] |     search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ] | ||||||
|     filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ] |     filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user', | ||||||
|  |                         'note__noteclub__club', 'note__polymorphic_ctype__model', ] | ||||||
|     ordering_fields = ['name', 'normalized_name', ] |     ordering_fields = ['name', 'normalized_name', ] | ||||||
|  |  | ||||||
|     def get_queryset(self): |     def get_queryset(self): | ||||||
| @@ -133,23 +165,31 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet): | |||||||
|             if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' else queryset |             if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' else queryset | ||||||
|  |  | ||||||
|         alias = self.request.query_params.get("alias", None) |         alias = self.request.query_params.get("alias", None) | ||||||
|  |         # Check if this is a valid regex. If not, we won't check regex | ||||||
|  |         try: | ||||||
|  |             re.compile(alias) | ||||||
|  |             valid_regex = True | ||||||
|  |         except (re.error, TypeError): | ||||||
|  |             valid_regex = False | ||||||
|  |         suffix = '__iregex' if valid_regex else '__istartswith' | ||||||
|  |         alias_prefix = '^' if valid_regex else '' | ||||||
|         queryset = queryset.prefetch_related('note') |         queryset = queryset.prefetch_related('note') | ||||||
|  |  | ||||||
|         if alias: |         if alias: | ||||||
|             # We match first an alias if it is matched without normalization, |             # We match first an alias if it is matched without normalization, | ||||||
|             # then if the normalized pattern matches a normalized alias. |             # then if the normalized pattern matches a normalized alias. | ||||||
|             queryset = queryset.filter( |             queryset = queryset.filter( | ||||||
|                 name__iregex="^" + alias |                 **{f'name{suffix}': alias_prefix + alias} | ||||||
|             ).union( |             ).union( | ||||||
|                 queryset.filter( |                 queryset.filter( | ||||||
|                     Q(normalized_name__iregex="^" + Alias.normalize(alias)) |                     Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)}) | ||||||
|                     & ~Q(name__iregex="^" + alias) |                     & ~Q(**{f'name{suffix}': alias_prefix + alias}) | ||||||
|                 ), |                 ), | ||||||
|                 all=True).union( |                 all=True).union( | ||||||
|                 queryset.filter( |                 queryset.filter( | ||||||
|                     Q(normalized_name__iregex="^" + alias.lower()) |                     Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()}) | ||||||
|                     & ~Q(normalized_name__iregex="^" + Alias.normalize(alias)) |                     & ~Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)}) | ||||||
|                     & ~Q(name__iregex="^" + alias) |                     & ~Q(**{f'name{suffix}': alias_prefix + alias}) | ||||||
|                 ), |                 ), | ||||||
|                 all=True) |                 all=True) | ||||||
|  |  | ||||||
| @@ -205,7 +245,5 @@ class TransactionViewSet(ReadProtectedModelViewSet): | |||||||
|     ordering_fields = ['created_at', 'amount', ] |     ordering_fields = ['created_at', 'amount', ] | ||||||
|  |  | ||||||
|     def get_queryset(self): |     def get_queryset(self): | ||||||
|         user = self.request.user |         return self.model.objects.filter(PermissionBackend.filter_queryset(self.request, self.model, "view"))\ | ||||||
|         get_current_session().setdefault("permission_mask", 42) |  | ||||||
|         return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view"))\ |  | ||||||
|             .order_by("created_at", "id") |             .order_by("created_at", "id") | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.apps import AppConfig | from django.apps import AppConfig | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
| from datetime import datetime | from datetime import datetime | ||||||
|  |  | ||||||
| @@ -26,7 +26,7 @@ class TransactionTemplateForm(forms.ModelForm): | |||||||
|                         # We don't evaluate the content type at launch because the DB might be not initialized |                         # We don't evaluate the content type at launch because the DB might be not initialized | ||||||
|                         'api_url_suffix': |                         'api_url_suffix': | ||||||
|                             lambda: '&polymorphic_ctype=' + str(ContentType.objects.get_for_model(NoteClub).pk), |                             lambda: '&polymorphic_ctype=' + str(ContentType.objects.get_for_model(NoteClub).pk), | ||||||
|                         'placeholder': 'Note ...', |                         'placeholder': 'Note…', | ||||||
|                     }, |                     }, | ||||||
|                 ), |                 ), | ||||||
|             'amount': AmountInput(), |             'amount': AmountInput(), | ||||||
| @@ -43,7 +43,7 @@ class SearchTransactionForm(forms.Form): | |||||||
|             resetable=True, |             resetable=True, | ||||||
|             attrs={ |             attrs={ | ||||||
|                 'api_url': '/api/note/alias/', |                 'api_url': '/api/note/alias/', | ||||||
|                 'placeholder': 'Note ...', |                 'placeholder': 'Note…', | ||||||
|             }, |             }, | ||||||
|         ), |         ), | ||||||
|     ) |     ) | ||||||
| @@ -57,7 +57,7 @@ class SearchTransactionForm(forms.Form): | |||||||
|             resetable=True, |             resetable=True, | ||||||
|             attrs={ |             attrs={ | ||||||
|                 'api_url': '/api/note/alias/', |                 'api_url': '/api/note/alias/', | ||||||
|                 'placeholder': 'Note ...', |                 'placeholder': 'Note…', | ||||||
|             }, |             }, | ||||||
|         ), |         ), | ||||||
|     ) |     ) | ||||||
|   | |||||||
							
								
								
									
										27
									
								
								apps/note/migrations/0006_trust.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								apps/note/migrations/0006_trust.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | |||||||
|  | # Generated by Django 2.2.24 on 2021-09-05 19:16 | ||||||
|  |  | ||||||
|  | from django.db import migrations, models | ||||||
|  | import django.db.models.deletion | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class Migration(migrations.Migration): | ||||||
|  |  | ||||||
|  |     dependencies = [ | ||||||
|  |         ('note', '0005_auto_20210313_1235'), | ||||||
|  |     ] | ||||||
|  |  | ||||||
|  |     operations = [ | ||||||
|  |         migrations.CreateModel( | ||||||
|  |             name='Trust', | ||||||
|  |             fields=[ | ||||||
|  |                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), | ||||||
|  |                 ('trusted', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusted', to='note.Note', verbose_name='trusted')), | ||||||
|  |                 ('trusting', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='trusting', to='note.Note', verbose_name='trusting')), | ||||||
|  |             ], | ||||||
|  |             options={ | ||||||
|  |                 'verbose_name': 'friendship', | ||||||
|  |                 'verbose_name_plural': 'friendships', | ||||||
|  |                 'unique_together': {('trusting', 'trusted')}, | ||||||
|  |             }, | ||||||
|  |         ), | ||||||
|  |     ] | ||||||
| @@ -1,13 +1,13 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser | from .notes import Alias, Note, NoteClub, NoteSpecial, NoteUser, Trust | ||||||
| from .transactions import MembershipTransaction, Transaction, \ | from .transactions import MembershipTransaction, Transaction, \ | ||||||
|     TemplateCategory, TransactionTemplate, RecurrentTransaction, SpecialTransaction |     TemplateCategory, TransactionTemplate, RecurrentTransaction, SpecialTransaction | ||||||
|  |  | ||||||
| __all__ = [ | __all__ = [ | ||||||
|     # Notes |     # Notes | ||||||
|     'Alias', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser', |     'Alias', 'Trust', 'Note', 'NoteClub', 'NoteSpecial', 'NoteUser', | ||||||
|     # Transactions |     # Transactions | ||||||
|     'MembershipTransaction', 'Transaction', 'TemplateCategory', 'TransactionTemplate', |     'MembershipTransaction', 'Transaction', 'TemplateCategory', 'TransactionTemplate', | ||||||
|     'RecurrentTransaction', 'SpecialTransaction', |     'RecurrentTransaction', 'SpecialTransaction', | ||||||
|   | |||||||
| @@ -1,10 +1,9 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import unicodedata | import unicodedata | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.conf.global_settings import DEFAULT_FROM_EMAIL |  | ||||||
| from django.core.exceptions import ValidationError | from django.core.exceptions import ValidationError | ||||||
| from django.core.mail import send_mail | from django.core.mail import send_mail | ||||||
| from django.core.validators import RegexValidator | from django.core.validators import RegexValidator | ||||||
| @@ -190,8 +189,8 @@ class NoteClub(Note): | |||||||
|     def send_mail_negative_balance(self): |     def send_mail_negative_balance(self): | ||||||
|         plain_text = render_to_string("note/mails/negative_balance.txt", dict(note=self)) |         plain_text = render_to_string("note/mails/negative_balance.txt", dict(note=self)) | ||||||
|         html = render_to_string("note/mails/negative_balance.html", dict(note=self)) |         html = render_to_string("note/mails/negative_balance.html", dict(note=self)) | ||||||
|         send_mail("[Note Kfet] Passage en négatif (club {})".format(self.club.name), plain_text, DEFAULT_FROM_EMAIL, |         send_mail("[Note Kfet] Passage en négatif (club {})".format(self.club.name), plain_text, | ||||||
|                   [self.club.email], html_message=html) |                   settings.DEFAULT_FROM_EMAIL, [self.club.email], html_message=html) | ||||||
|  |  | ||||||
|  |  | ||||||
| class NoteSpecial(Note): | class NoteSpecial(Note): | ||||||
| @@ -218,6 +217,38 @@ class NoteSpecial(Note): | |||||||
|         return self.special_type |         return self.special_type | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class Trust(models.Model): | ||||||
|  |     """ | ||||||
|  |     A one-sided trust relationship bertween two users | ||||||
|  |  | ||||||
|  |     If another user considers you as your friend, you can transfer money from | ||||||
|  |     them | ||||||
|  |     """ | ||||||
|  |  | ||||||
|  |     trusting = models.ForeignKey( | ||||||
|  |         Note, | ||||||
|  |         on_delete=models.CASCADE, | ||||||
|  |         related_name='trusting', | ||||||
|  |         verbose_name=_('trusting') | ||||||
|  |     ) | ||||||
|  |  | ||||||
|  |     trusted = models.ForeignKey( | ||||||
|  |         Note, | ||||||
|  |         on_delete=models.CASCADE, | ||||||
|  |         related_name='trusted', | ||||||
|  |         verbose_name=_('trusted') | ||||||
|  |     ) | ||||||
|  |  | ||||||
|  |     class Meta: | ||||||
|  |         verbose_name = _("friendship") | ||||||
|  |         verbose_name_plural = _("friendships") | ||||||
|  |         unique_together = ("trusting", "trusted") | ||||||
|  |  | ||||||
|  |     def __str__(self): | ||||||
|  |         return _("Friendship between {trusting} and {trusted}").format( | ||||||
|  |             trusting=str(self.trusting), trusted=str(self.trusted)) | ||||||
|  |  | ||||||
|  |  | ||||||
| class Alias(models.Model): | class Alias(models.Model): | ||||||
|     """ |     """ | ||||||
|     points toward  a :model:`note.NoteUser` or :model;`note.NoteClub` instance. |     points toward  a :model:`note.NoteUser` or :model;`note.NoteClub` instance. | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.core.exceptions import ValidationError | from django.core.exceptions import ValidationError | ||||||
| @@ -20,7 +20,7 @@ class TemplateCategory(models.Model): | |||||||
|     """ |     """ | ||||||
|     Defined a recurrent transaction category |     Defined a recurrent transaction category | ||||||
|  |  | ||||||
|     Example: food, softs, ... |     Example: food, softs,… | ||||||
|     """ |     """ | ||||||
|     name = models.CharField( |     name = models.CharField( | ||||||
|         verbose_name=_("name"), |         verbose_name=_("name"), | ||||||
| @@ -40,7 +40,7 @@ class TransactionTemplate(models.Model): | |||||||
|     """ |     """ | ||||||
|     Defined a recurrent transaction |     Defined a recurrent transaction | ||||||
|  |  | ||||||
|     associated to selling something (a burger, a beer, ...) |     associated to selling something (a burger, a beer,…) | ||||||
|     """ |     """ | ||||||
|     name = models.CharField( |     name = models.CharField( | ||||||
|         verbose_name=_('name'), |         verbose_name=_('name'), | ||||||
| @@ -333,6 +333,36 @@ class SpecialTransaction(Transaction): | |||||||
|         self.clean() |         self.clean() | ||||||
|         super().save(*args, **kwargs) |         super().save(*args, **kwargs) | ||||||
|  |  | ||||||
|  |     @staticmethod | ||||||
|  |     def validate_payment_form(form): | ||||||
|  |         """ | ||||||
|  |         Ensure that last name and first name are filled for a form that creates a SpecialTransaction, | ||||||
|  |         and check that if the user pays with a check, then the bank field is filled. | ||||||
|  |  | ||||||
|  |         Return True iff there is no error. | ||||||
|  |         Whenever there is an error, they are inserted in the form errors. | ||||||
|  |         """ | ||||||
|  |  | ||||||
|  |         credit_type = form.cleaned_data["credit_type"] | ||||||
|  |         last_name = form.cleaned_data["last_name"] | ||||||
|  |         first_name = form.cleaned_data["first_name"] | ||||||
|  |         bank = form.cleaned_data["bank"] | ||||||
|  |  | ||||||
|  |         error = False | ||||||
|  |  | ||||||
|  |         if not last_name or not first_name or (not bank and credit_type.special_type == "Chèque"): | ||||||
|  |             if not last_name: | ||||||
|  |                 form.add_error('last_name', _("This field is required.")) | ||||||
|  |                 error = True | ||||||
|  |             if not first_name: | ||||||
|  |                 form.add_error('first_name', _("This field is required.")) | ||||||
|  |                 error = True | ||||||
|  |             if not bank and credit_type.special_type == "Chèque": | ||||||
|  |                 form.add_error('bank', _("This field is required.")) | ||||||
|  |                 error = True | ||||||
|  |  | ||||||
|  |         return not error | ||||||
|  |  | ||||||
|     class Meta: |     class Meta: | ||||||
|         verbose_name = _("Special transaction") |         verbose_name = _("Special transaction") | ||||||
|         verbose_name_plural = _("Special transactions") |         verbose_name_plural = _("Special transactions") | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| // Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | // Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| // SPDX-License-Identifier: GPL-3.0-or-later | // SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| // When a transaction is performed, lock the interface to prevent spam clicks. | // When a transaction is performed, lock the interface to prevent spam clicks. | ||||||
|   | |||||||
| @@ -222,6 +222,13 @@ $(document).ready(function () { | |||||||
|   }) |   }) | ||||||
| }) | }) | ||||||
|  |  | ||||||
|  | // Make transfer when pressing Enter on the amount section | ||||||
|  | $('#amount, #reason, #last_name, #first_name, #bank').keypress((event) => { | ||||||
|  |   if (event.originalEvent.charCode === 13) { | ||||||
|  |     $('#btn_transfer').click() | ||||||
|  |   } | ||||||
|  | }) | ||||||
|  |  | ||||||
| $('#btn_transfer').click(function () { | $('#btn_transfer').click(function () { | ||||||
|   if (LOCK) { return } |   if (LOCK) { return } | ||||||
|  |  | ||||||
| @@ -243,7 +250,7 @@ $('#btn_transfer').click(function () { | |||||||
|     error = true |     error = true | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   const amount = Math.floor(100 * amount_field.val()) |   const amount = Math.round(100 * amount_field.val()) | ||||||
|   if (amount > 2147483647) { |   if (amount > 2147483647) { | ||||||
|     amount_field.addClass('is-invalid') |     amount_field.addClass('is-invalid') | ||||||
|     $('#amount-required').html('<strong>' + gettext('The amount must stay under 21,474,836.47 €.') + '</strong>') |     $('#amount-required').html('<strong>' + gettext('The amount must stay under 21,474,836.47 €.') + '</strong>') | ||||||
| @@ -348,14 +355,14 @@ $('#btn_transfer').click(function () { | |||||||
|               destination_alias: dest.name |               destination_alias: dest.name | ||||||
|             }).done(function () { |             }).done(function () { | ||||||
|             addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'), |             addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'), | ||||||
|                 [pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, gettext('insufficient funds')]), 'danger', 10000) |                 [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, gettext('insufficient funds')]), 'danger', 10000) | ||||||
|             reset() |             reset() | ||||||
|           }).fail(function (err) { |           }).fail(function (err) { | ||||||
|             const errObj = JSON.parse(err.responseText) |             const errObj = JSON.parse(err.responseText) | ||||||
|             let error = errObj.detail ? errObj.detail : errObj.non_field_errors |             let error = errObj.detail ? errObj.detail : errObj.non_field_errors | ||||||
|             if (!error) { error = err.responseText } |             if (!error) { error = err.responseText } | ||||||
|             addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'), |             addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'), | ||||||
|                 [pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, error]), 'danger') |                 [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, error]), 'danger') | ||||||
|             LOCK = false |             LOCK = false | ||||||
|           }) |           }) | ||||||
|         }) |         }) | ||||||
|   | |||||||
| @@ -1,16 +1,16 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import html | import html | ||||||
|  |  | ||||||
| import django_tables2 as tables | import django_tables2 as tables | ||||||
| from django.utils.html import format_html | from django.utils.html import format_html, mark_safe | ||||||
| from django_tables2.utils import A | from django_tables2.utils import A | ||||||
| from django.utils.translation import gettext_lazy as _ | from django.utils.translation import gettext_lazy as _ | ||||||
| from note_kfet.middlewares import get_current_authenticated_user | from note_kfet.middlewares import get_current_request | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
|  |  | ||||||
| from .models.notes import Alias | from .models.notes import Alias, Trust | ||||||
| from .models.transactions import Transaction, TransactionTemplate | from .models.transactions import Transaction, TransactionTemplate | ||||||
| from .templatetags.pretty_money import pretty_money | from .templatetags.pretty_money import pretty_money | ||||||
|  |  | ||||||
| @@ -88,16 +88,16 @@ class HistoryTable(tables.Table): | |||||||
|                 "class": lambda record: |                 "class": lambda record: | ||||||
|                 str(record.valid).lower() |                 str(record.valid).lower() | ||||||
|                 + (' validate' if record.source.is_active and record.destination.is_active and PermissionBackend |                 + (' validate' if record.source.is_active and record.destination.is_active and PermissionBackend | ||||||
|                    .check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record) |                    .check_perm(get_current_request(), "note.change_transaction_invalidity_reason", record) | ||||||
|                    else ''), |                    else ''), | ||||||
|                 "data-toggle": "tooltip", |                 "data-toggle": "tooltip", | ||||||
|                 "title": lambda record: (_("Click to invalidate") if record.valid else _("Click to validate")) |                 "title": lambda record: (_("Click to invalidate") if record.valid else _("Click to validate")) | ||||||
|                 if PermissionBackend.check_perm(get_current_authenticated_user(), |                 if PermissionBackend.check_perm(get_current_request(), | ||||||
|                                                 "note.change_transaction_invalidity_reason", record) |                                                 "note.change_transaction_invalidity_reason", record) | ||||||
|                 and record.source.is_active and record.destination.is_active else None, |                 and record.source.is_active and record.destination.is_active else None, | ||||||
|                 "onclick": lambda record: 'de_validate(' + str(record.id) + ', ' + str(record.valid).lower() |                 "onclick": lambda record: 'de_validate(' + str(record.id) + ', ' + str(record.valid).lower() | ||||||
|                                           + ', "' + str(record.__class__.__name__) + '")' |                                           + ', "' + str(record.__class__.__name__) + '")' | ||||||
|                 if PermissionBackend.check_perm(get_current_authenticated_user(), |                 if PermissionBackend.check_perm(get_current_request(), | ||||||
|                                                 "note.change_transaction_invalidity_reason", record) |                                                 "note.change_transaction_invalidity_reason", record) | ||||||
|                 and record.source.is_active and record.destination.is_active else None, |                 and record.source.is_active and record.destination.is_active else None, | ||||||
|                 "onmouseover": lambda record: '$("#invalidity_reason_' |                 "onmouseover": lambda record: '$("#invalidity_reason_' | ||||||
| @@ -126,7 +126,7 @@ class HistoryTable(tables.Table): | |||||||
|         When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason |         When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason | ||||||
|         """ |         """ | ||||||
|         has_perm = PermissionBackend \ |         has_perm = PermissionBackend \ | ||||||
|             .check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record) |             .check_perm(get_current_request(), "note.change_transaction_invalidity_reason", record) | ||||||
|  |  | ||||||
|         val = "✔" if value else "✖" |         val = "✔" if value else "✖" | ||||||
|  |  | ||||||
| @@ -148,6 +148,31 @@ DELETE_TEMPLATE = """ | |||||||
| """ | """ | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class TrustTable(tables.Table): | ||||||
|  |     class Meta: | ||||||
|  |         attrs = { | ||||||
|  |             'class': 'table table condensed table-striped', | ||||||
|  |             'id': "trust_table" | ||||||
|  |         } | ||||||
|  |         model = Trust | ||||||
|  |         fields = ("trusted",) | ||||||
|  |         template_name = 'django_tables2/bootstrap4.html' | ||||||
|  |  | ||||||
|  |     show_header = False | ||||||
|  |     trusted = tables.Column(attrs={'td': {'class': 'text_center'}}) | ||||||
|  |  | ||||||
|  |     delete_col = tables.TemplateColumn( | ||||||
|  |         template_code=DELETE_TEMPLATE, | ||||||
|  |         extra_context={"delete_trans": _('delete')}, | ||||||
|  |         attrs={ | ||||||
|  |             'td': { | ||||||
|  |                 'class': lambda record: 'col-sm-1' | ||||||
|  |                 + (' d-none' if not PermissionBackend.check_perm( | ||||||
|  |                     get_current_request(), "note.delete_trust", record) | ||||||
|  |                    else '')}}, | ||||||
|  |         verbose_name=_("Delete"),) | ||||||
|  |  | ||||||
|  |  | ||||||
| class AliasTable(tables.Table): | class AliasTable(tables.Table): | ||||||
|     class Meta: |     class Meta: | ||||||
|         attrs = { |         attrs = { | ||||||
| @@ -165,7 +190,7 @@ class AliasTable(tables.Table): | |||||||
|                                        extra_context={"delete_trans": _('delete')}, |                                        extra_context={"delete_trans": _('delete')}, | ||||||
|                                        attrs={'td': {'class': lambda record: 'col-sm-1' + ( |                                        attrs={'td': {'class': lambda record: 'col-sm-1' + ( | ||||||
|                                            ' d-none' if not PermissionBackend.check_perm( |                                            ' d-none' if not PermissionBackend.check_perm( | ||||||
|                                                get_current_authenticated_user(), "note.delete_alias", |                                                get_current_request(), "note.delete_alias", | ||||||
|                                                record) else '')}}, verbose_name=_("Delete"), ) |                                                record) else '')}}, verbose_name=_("Delete"), ) | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -197,6 +222,17 @@ class ButtonTable(tables.Table): | |||||||
|         verbose_name=_("Edit"), |         verbose_name=_("Edit"), | ||||||
|     ) |     ) | ||||||
|  |  | ||||||
|  |     hideshow = tables.Column( | ||||||
|  |         verbose_name=_("Hide/Show"), | ||||||
|  |         accessor="pk", | ||||||
|  |         attrs={ | ||||||
|  |             'td': { | ||||||
|  |                 'class': 'col-sm-1', | ||||||
|  |                 'id': lambda record: "hideshow_" + str(record.pk), | ||||||
|  |             } | ||||||
|  |         }, | ||||||
|  |     ) | ||||||
|  |  | ||||||
|     delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, |     delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, | ||||||
|                                        extra_context={"delete_trans": _('delete')}, |                                        extra_context={"delete_trans": _('delete')}, | ||||||
|                                        attrs={'td': {'class': 'col-sm-1'}}, |                                        attrs={'td': {'class': 'col-sm-1'}}, | ||||||
| @@ -204,3 +240,16 @@ class ButtonTable(tables.Table): | |||||||
|  |  | ||||||
|     def render_amount(self, value): |     def render_amount(self, value): | ||||||
|         return pretty_money(value) |         return pretty_money(value) | ||||||
|  |  | ||||||
|  |     def order_category(self, queryset, is_descending): | ||||||
|  |         return queryset.order_by(f"{'-' if is_descending else ''}category__name"), True | ||||||
|  |  | ||||||
|  |     def render_hideshow(self, record): | ||||||
|  |         val = '<button id="' | ||||||
|  |         val += str(record.pk) | ||||||
|  |         val += '" class="btn btn-secondary btn-sm" \ | ||||||
|  |             onclick="hideshow(' + str(record.id) + ',' + \ | ||||||
|  |             str(record.display).lower() + ')">' | ||||||
|  |         val += str(_("Hide/Show")) | ||||||
|  |         val += '</button>' | ||||||
|  |         return mark_safe(val) | ||||||
|   | |||||||
| @@ -40,7 +40,7 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
|                         {# User search with autocompletion #} |                         {# User search with autocompletion #} | ||||||
|                         <div class="card-footer"> |                         <div class="card-footer"> | ||||||
|                             <input class="form-control mx-auto d-block" |                             <input class="form-control mx-auto d-block" | ||||||
|                                 placeholder="{% trans "Name or alias..." %}" type="text" id="note" autofocus /> |                                 placeholder="{% trans "Name or alias…" %}" type="text" id="note" autofocus /> | ||||||
|                         </div> |                         </div> | ||||||
|                     </div> |                     </div> | ||||||
|                 </div> |                 </div> | ||||||
|   | |||||||
| @@ -22,7 +22,7 @@ | |||||||
| </p> | </p> | ||||||
|  |  | ||||||
| <p> | <p> | ||||||
|     Par ailleurs, le BDE ne sert pas d'alcool aux adhérents dont le solde |     Par ailleurs, le BDE ne sert pas d'alcool aux adhérent⋅es dont le solde | ||||||
|     est inférieur à 0 € depuis plus de 24h. |     est inférieur à 0 € depuis plus de 24h. | ||||||
| </p> | </p> | ||||||
|  |  | ||||||
|   | |||||||
| @@ -9,7 +9,7 @@ Ce mail t'a été envoyé parce que le solde de ta Note Kfet | |||||||
|  |  | ||||||
| Ton solde actuel est de {{ note.balance|pretty_money }}. | Ton solde actuel est de {{ note.balance|pretty_money }}. | ||||||
|  |  | ||||||
| Par ailleurs, le BDE ne sert pas d'alcool aux adhérents dont le solde | Par ailleurs, le BDE ne sert pas d'alcool aux adhérent⋅es dont le solde | ||||||
| est inférieur à 0 € depuis plus de 24h. | est inférieur à 0 € depuis plus de 24h. | ||||||
|  |  | ||||||
| Si tu ne comprends pas ton solde, tu peux consulter ton historique | Si tu ne comprends pas ton solde, tu peux consulter ton historique | ||||||
|   | |||||||
| @@ -10,21 +10,25 @@ SPDX-License-Identifier: GPL-2.0-or-later | |||||||
| {# bandeau transfert/crédit/débit/activité #} | {# bandeau transfert/crédit/débit/activité #} | ||||||
|     <div class="row"> |     <div class="row"> | ||||||
|         <div class="col-xl-12"> |         <div class="col-xl-12"> | ||||||
|             <div class="btn-group btn-group-toggle btn-block" data-toggle="buttons"> |             <div class="btn-group btn-block"> | ||||||
|                 <label for="type_transfer" class="btn btn-sm btn-outline-primary active"> |                 <div class="btn-group btn-group-toggle btn-block" data-toggle="buttons"> | ||||||
|                     <input type="radio" name="transaction_type" id="type_transfer"> |                     <label for="type_transfer" class="btn btn-sm btn-outline-primary active"> | ||||||
|                     {% trans "Transfer" %} |                         <input type="radio" name="transaction_type" id="type_transfer"> | ||||||
|                 </label> |                         {% trans "Transfer" %} | ||||||
|                 {% if "note.notespecial"|not_empty_model_list %} |  | ||||||
|                     <label for="type_credit" class="btn btn-sm btn-outline-primary"> |  | ||||||
|                         <input type="radio" name="transaction_type" id="type_credit"> |  | ||||||
|                         {% trans "Credit" %} |  | ||||||
|                     </label> |                     </label> | ||||||
|                     <label for="type_debit" class="btn btn-sm btn-outline-primary"> |                     {% if "note.notespecial"|not_empty_model_list %} | ||||||
|                         <input type="radio" name="transaction_type" id="type_debit"> |                         <label for="type_credit" class="btn btn-sm btn-outline-primary"> | ||||||
|                         {% trans "Debit" %} |                             <input type="radio" name="transaction_type" id="type_credit"> | ||||||
|                     </label> |                             {% trans "Credit" %} | ||||||
|                 {% endif %} |                         </label> | ||||||
|  |                         <label for="type_debit" class="btn btn-sm btn-outline-primary"> | ||||||
|  |                             <input type="radio" name="transaction_type" id="type_debit"> | ||||||
|  |                             {% trans "Debit" %} | ||||||
|  |                         </label> | ||||||
|  |                     {% endif %} | ||||||
|  |                 </div> | ||||||
|  |  | ||||||
|  |                 {# Add shortcuts for opened activites if necessary #} | ||||||
|                 {% for activity in activities_open %} |                 {% for activity in activities_open %} | ||||||
|                     <a href="{% url "activity:activity_entry" pk=activity.pk %}" class="btn btn-sm btn-outline-primary"> |                     <a href="{% url "activity:activity_entry" pk=activity.pk %}" class="btn btn-sm btn-outline-primary"> | ||||||
|                         {% trans "Entries" %} {{ activity.name }} |                         {% trans "Entries" %} {{ activity.name }} | ||||||
| @@ -57,12 +61,12 @@ SPDX-License-Identifier: GPL-2.0-or-later | |||||||
|                 <ul class="list-group list-group-flush" id="source_note_list"> |                 <ul class="list-group list-group-flush" id="source_note_list"> | ||||||
|                 </ul> |                 </ul> | ||||||
|                 <div class="card-body"> |                 <div class="card-body"> | ||||||
|                     <select id="credit_type" class="custom-select d-none"> |                     <select id="credit_type" class="form-control custom-select d-none"> | ||||||
|                         {% for special_type in special_types %} |                         {% for special_type in special_types %} | ||||||
|                             <option value="{{ special_type.id }}">{{ special_type.special_type }}</option> |                             <option value="{{ special_type.id }}">{{ special_type.special_type }}</option> | ||||||
|                         {% endfor %} |                         {% endfor %} | ||||||
|                     </select> |                     </select> | ||||||
|                     <input class="form-control mx-auto" type="text" id="source_note" placeholder="{% trans "Name or alias..." %}" /> |                     <input class="form-control mx-auto" type="text" id="source_note" placeholder="{% trans "Name or alias…" %}" /> | ||||||
|                     <div id="source_me_div"> |                     <div id="source_me_div"> | ||||||
|                         <hr> |                         <hr> | ||||||
|                         <a class="btn-block btn btn-secondary" href="#" id="source_me" data-turbolinks="false"> |                         <a class="btn-block btn btn-secondary" href="#" id="source_me" data-turbolinks="false"> | ||||||
| @@ -84,19 +88,19 @@ SPDX-License-Identifier: GPL-2.0-or-later | |||||||
|                 <ul class="list-group list-group-flush" id="dest_note_list"> |                 <ul class="list-group list-group-flush" id="dest_note_list"> | ||||||
|                 </ul> |                 </ul> | ||||||
|                 <div class="card-body"> |                 <div class="card-body"> | ||||||
|                     <select id="debit_type" class="custom-select d-none"> |                     <select id="debit_type" class="form-control custom-select d-none"> | ||||||
|                         {% for special_type in special_types %} |                         {% for special_type in special_types %} | ||||||
|                             <option value="{{ special_type.id }}">{{ special_type.special_type }}</option> |                             <option value="{{ special_type.id }}">{{ special_type.special_type }}</option> | ||||||
|                         {% endfor %} |                         {% endfor %} | ||||||
|                     </select> |                     </select> | ||||||
|                     <input class="form-control mx-auto" type="text" id="dest_note" placeholder="{% trans "Name or alias..." %}" /> |                     <input class="form-control mx-auto" type="text" id="dest_note" placeholder="{% trans "Name or alias…" %}" /> | ||||||
|                     <ul class="list-group list-group-flush" id="dest_alias_matched"> |                     <ul class="list-group list-group-flush" id="dest_alias_matched"> | ||||||
|                     </ul> |                     </ul> | ||||||
|                 </div> |                 </div> | ||||||
|             </div> |             </div> | ||||||
|         </div> |         </div> | ||||||
|  |  | ||||||
|         {# Information on transaction (amount, reason, name,...) #} |         {# Information on transaction (amount, reason, name,…) #} | ||||||
|         <div class="col-md" id="external_div"> |         <div class="col-md" id="external_div"> | ||||||
|             <div class="card bg-light mb-4"> |             <div class="card bg-light mb-4"> | ||||||
|                 <div class="card-header"> |                 <div class="card-header"> | ||||||
|   | |||||||
| @@ -10,7 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
| <div class="row justify-content-center mb-4"> | <div class="row justify-content-center mb-4"> | ||||||
|     <div class="col-md-10 text-center"> |     <div class="col-md-10 text-center"> | ||||||
|         {# Search field , see js #} |         {# Search field , see js #} | ||||||
|         <input class="form-control mx-auto w-25" type="text" id="search_field" placeholder="{% trans "Name of the button..." %}" value="{{ request.GET.search }}"> |         <input class="form-control mx-auto w-25" type="text" id="search_field" placeholder="{% trans "Name of the button…" %}" value="{{ request.GET.search }}"> | ||||||
|         <hr> |         <hr> | ||||||
|         <a class="btn btn-primary text-center my-1" href="{% url 'note:template_create' %}" data-turbolinks="false">{% trans "New button" %}</a> |         <a class="btn btn-primary text-center my-1" href="{% url 'note:template_create' %}" data-turbolinks="false">{% trans "New button" %}</a> | ||||||
|     </div> |     </div> | ||||||
| @@ -19,7 +19,7 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
|     <div class="col-md-12"> |     <div class="col-md-12"> | ||||||
|         <div class="card card-border shadow"> |         <div class="card card-border shadow"> | ||||||
|             <div class="card-header text-center"> |             <div class="card-header text-center"> | ||||||
|                 <h5> {% trans "buttons listing "%}</h5> |                 <h5>{% trans "buttons listing"%}</h5> | ||||||
|             </div> |             </div> | ||||||
|             <div class="card-body px-0 py-0" id="buttons_table"> |             <div class="card-body px-0 py-0" id="buttons_table"> | ||||||
|                 {% render_table table %} |                 {% render_table table %} | ||||||
| @@ -31,29 +31,29 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
|  |  | ||||||
| {% block extrajavascript %} | {% block extrajavascript %} | ||||||
| <script type="text/javascript"> | <script type="text/javascript"> | ||||||
|  |     function refreshMatchedWords() { | ||||||
|  |         $("tr").each(function() { | ||||||
|  |             let pattern = $('#search_field').val(); | ||||||
|  |             if (pattern) { | ||||||
|  |                 $(this).find("td:eq(0), td:eq(1), td:eq(3), td:eq(6)").each(function () { | ||||||
|  |                     $(this).html($(this).text().replace(new RegExp(pattern, 'i'), "<mark>$&</mark>")); | ||||||
|  |                 }); | ||||||
|  |             } | ||||||
|  |         }); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     function reloadTable() { | ||||||
|  |         let pattern = $('#search_field').val(); | ||||||
|  |         $("#buttons_table").load(location.pathname + "?search=" + pattern.replace(" ", "%20") + " #buttons_table", refreshMatchedWords); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     $(document).ready(function() { |     $(document).ready(function() { | ||||||
|         let searchbar_obj = $("#search_field"); |         let searchbar_obj = $("#search_field"); | ||||||
|         let timer_on = false; |         let timer_on = false; | ||||||
|         let timer; |         let timer; | ||||||
|  |  | ||||||
|         function refreshMatchedWords() { |  | ||||||
|             $("tr").each(function() { |  | ||||||
|                 let pattern = searchbar_obj.val(); |  | ||||||
|                 if (pattern) { |  | ||||||
|                     $(this).find("td:eq(0), td:eq(1), td:eq(3), td:eq(6)").each(function () { |  | ||||||
|                         $(this).html($(this).text().replace(new RegExp(pattern, 'i'), "<mark>$&</mark>")); |  | ||||||
|                     }); |  | ||||||
|                 } |  | ||||||
|             }); |  | ||||||
|         } |  | ||||||
|  |  | ||||||
|         refreshMatchedWords(); |         refreshMatchedWords(); | ||||||
|  |  | ||||||
|         function reloadTable() { |  | ||||||
|             let pattern = searchbar_obj.val(); |  | ||||||
|             $("#buttons_table").load(location.pathname + "?search=" + pattern.replace(" ", "%20") + " #buttons_table", refreshMatchedWords); |  | ||||||
|         } |  | ||||||
|  |  | ||||||
|         searchbar_obj.keyup(function() { |         searchbar_obj.keyup(function() { | ||||||
|             if (timer_on) |             if (timer_on) | ||||||
|                 clearTimeout(timer); |                 clearTimeout(timer); | ||||||
| @@ -70,12 +70,35 @@ SPDX-License-Identifier: GPL-3.0-or-later | |||||||
|              headers: {"X-CSRFTOKEN": CSRF_TOKEN} |              headers: {"X-CSRFTOKEN": CSRF_TOKEN} | ||||||
|          }) |          }) | ||||||
|           .done(function() { |           .done(function() { | ||||||
|               addMsg('{% trans "button successfully deleted "%}','success'); |               addMsg('{% trans "button successfully deleted"%}','success'); | ||||||
|             $("#buttons_table").load(location.pathname + "?search=" + $("#search_field").val().replace(" ", "%20") + " #buttons_table"); |             $("#buttons_table").load(location.pathname + "?search=" + $("#search_field").val().replace(" ", "%20") + " #buttons_table"); | ||||||
|           }) |           }) | ||||||
|           .fail(function() { |           .fail(function() { | ||||||
|               addMsg('{% trans "Unable to delete button "%} #' + button_id, 'danger') |               addMsg('{% trans "Unable to delete button"%} #' + button_id, 'danger') | ||||||
|           }); |           }); | ||||||
|      } |      } | ||||||
|  |  | ||||||
|  |     // on click of button "hide/show", call the API | ||||||
|  |     function hideshow(id, displayed) { | ||||||
|  |             $.ajax({ | ||||||
|  |                 url: '/api/note/transaction/template/' + id + '/', | ||||||
|  |                 type: 'PATCH', | ||||||
|  |                 dataType: 'json', | ||||||
|  |                 headers: { | ||||||
|  |                     'X-CSRFTOKEN': CSRF_TOKEN | ||||||
|  |                 }, | ||||||
|  |                 data: { | ||||||
|  |                     display: !displayed | ||||||
|  |                 }, | ||||||
|  |                 success: function() { | ||||||
|  |                     if(displayed) | ||||||
|  |                         addMsg("{% trans "Button hidden"%}", 'success', 1000) | ||||||
|  |                     else addMsg("{% trans "Button displayed"%}", 'success', 1000) | ||||||
|  |                     reloadTable() | ||||||
|  |                 }, | ||||||
|  |                 error: function (err) { | ||||||
|  |                     addMsg("{% trans "An error occured"%}", 'danger') | ||||||
|  |                 }}) | ||||||
|  |         } | ||||||
| </script> | </script> | ||||||
| {% endblock %} | {% endblock %} | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django import template | from django import template | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django import template | from django import template | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from api.tests import TestAPI | from api.tests import TestAPI | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.urls import path | from django.urls import path | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import json | import json | ||||||
| @@ -38,7 +38,7 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl | |||||||
|     def get_queryset(self, **kwargs): |     def get_queryset(self, **kwargs): | ||||||
|         # retrieves only Transaction that user has the right to see. |         # retrieves only Transaction that user has the right to see. | ||||||
|         return Transaction.objects.filter( |         return Transaction.objects.filter( | ||||||
|             PermissionBackend.filter_queryset(self.request.user, Transaction, "view") |             PermissionBackend.filter_queryset(self.request, Transaction, "view") | ||||||
|         ).order_by("-created_at").all()[:20] |         ).order_by("-created_at").all()[:20] | ||||||
|  |  | ||||||
|     def get_context_data(self, **kwargs): |     def get_context_data(self, **kwargs): | ||||||
| @@ -47,16 +47,16 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl | |||||||
|         context['polymorphic_ctype'] = ContentType.objects.get_for_model(Transaction).pk |         context['polymorphic_ctype'] = ContentType.objects.get_for_model(Transaction).pk | ||||||
|         context['special_polymorphic_ctype'] = ContentType.objects.get_for_model(SpecialTransaction).pk |         context['special_polymorphic_ctype'] = ContentType.objects.get_for_model(SpecialTransaction).pk | ||||||
|         context['special_types'] = NoteSpecial.objects\ |         context['special_types'] = NoteSpecial.objects\ | ||||||
|             .filter(PermissionBackend.filter_queryset(self.request.user, NoteSpecial, "view"))\ |             .filter(PermissionBackend.filter_queryset(self.request, NoteSpecial, "view"))\ | ||||||
|             .order_by("special_type").all() |             .order_by("special_type").all() | ||||||
|  |  | ||||||
|         # Add a shortcut for entry page for open activities |         # Add a shortcut for entry page for open activities | ||||||
|         if "activity" in settings.INSTALLED_APPS: |         if "activity" in settings.INSTALLED_APPS: | ||||||
|             from activity.models import Activity |             from activity.models import Activity | ||||||
|             activities_open = Activity.objects.filter(open=True).filter( |             activities_open = Activity.objects.filter(open=True, activity_type__manage_entries=True).filter( | ||||||
|                 PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all() |                 PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all() | ||||||
|             context["activities_open"] = [a for a in activities_open |             context["activities_open"] = [a for a in activities_open | ||||||
|                                           if PermissionBackend.check_perm(self.request.user, |                                           if PermissionBackend.check_perm(self.request, | ||||||
|                                                                           "activity.add_entry", |                                                                           "activity.add_entry", | ||||||
|                                                                           Entry(activity=a, |                                                                           Entry(activity=a, | ||||||
|                                                                                 note=self.request.user.note, ))] |                                                                                 note=self.request.user.note, ))] | ||||||
| @@ -90,9 +90,9 @@ class TransactionTemplateListView(ProtectQuerysetMixin, LoginRequiredMixin, Sing | |||||||
|         if "search" in self.request.GET: |         if "search" in self.request.GET: | ||||||
|             pattern = self.request.GET["search"] |             pattern = self.request.GET["search"] | ||||||
|             qs = qs.filter( |             qs = qs.filter( | ||||||
|                 Q(name__iregex="^" + pattern) |                 Q(name__iregex=pattern) | ||||||
|                 | Q(destination__club__name__iregex="^" + pattern) |                 | Q(destination__club__name__iregex=pattern) | ||||||
|                 | Q(category__name__iregex="^" + pattern) |                 | Q(category__name__iregex=pattern) | ||||||
|                 | Q(description__iregex=pattern) |                 | Q(description__iregex=pattern) | ||||||
|             ) |             ) | ||||||
|  |  | ||||||
| @@ -159,7 +159,7 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): | |||||||
|             return self.handle_no_permission() |             return self.handle_no_permission() | ||||||
|  |  | ||||||
|         templates = TransactionTemplate.objects.filter( |         templates = TransactionTemplate.objects.filter( | ||||||
|             PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view") |             PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view") | ||||||
|         ) |         ) | ||||||
|         if not templates.exists(): |         if not templates.exists(): | ||||||
|             raise PermissionDenied(_("You can't see any button.")) |             raise PermissionDenied(_("You can't see any button.")) | ||||||
| @@ -170,7 +170,7 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): | |||||||
|         restrict to the transaction history the user can see. |         restrict to the transaction history the user can see. | ||||||
|         """ |         """ | ||||||
|         return Transaction.objects.filter( |         return Transaction.objects.filter( | ||||||
|             PermissionBackend.filter_queryset(self.request.user, Transaction, "view") |             PermissionBackend.filter_queryset(self.request, Transaction, "view") | ||||||
|         ).order_by("-created_at").all()[:20] |         ).order_by("-created_at").all()[:20] | ||||||
|  |  | ||||||
|     def get_context_data(self, **kwargs): |     def get_context_data(self, **kwargs): | ||||||
| @@ -180,13 +180,13 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): | |||||||
|         # for each category, find which transaction templates the user can see. |         # for each category, find which transaction templates the user can see. | ||||||
|         for category in categories: |         for category in categories: | ||||||
|             category.templates_filtered = category.templates.filter( |             category.templates_filtered = category.templates.filter( | ||||||
|                 PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view") |                 PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view") | ||||||
|             ).filter(display=True).order_by('name').all() |             ).filter(display=True).order_by('name').all() | ||||||
|  |  | ||||||
|         context['categories'] = [cat for cat in categories if cat.templates_filtered] |         context['categories'] = [cat for cat in categories if cat.templates_filtered] | ||||||
|         # some transactiontemplate are put forward to find them easily |         # some transactiontemplate are put forward to find them easily | ||||||
|         context['highlighted'] = TransactionTemplate.objects.filter(highlighted=True).filter( |         context['highlighted'] = TransactionTemplate.objects.filter(highlighted=True).filter( | ||||||
|             PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view") |             PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view") | ||||||
|         ).order_by('name').all() |         ).order_by('name').all() | ||||||
|         context['polymorphic_ctype'] = ContentType.objects.get_for_model(RecurrentTransaction).pk |         context['polymorphic_ctype'] = ContentType.objects.get_for_model(RecurrentTransaction).pk | ||||||
|  |  | ||||||
| @@ -209,7 +209,7 @@ class TransactionSearchView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView | |||||||
|         data = form.cleaned_data if form.is_valid() else {} |         data = form.cleaned_data if form.is_valid() else {} | ||||||
|  |  | ||||||
|         transactions = Transaction.objects.annotate(total_amount=F("quantity") * F("amount")).filter( |         transactions = Transaction.objects.annotate(total_amount=F("quantity") * F("amount")).filter( | ||||||
|             PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))\ |             PermissionBackend.filter_queryset(self.request, Transaction, "view"))\ | ||||||
|             .filter(Q(source=self.object) | Q(destination=self.object)).order_by('-created_at') |             .filter(Q(source=self.object) | Q(destination=self.object)).order_by('-created_at') | ||||||
|  |  | ||||||
|         if "source" in data and data["source"]: |         if "source" in data and data["source"]: | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| default_app_config = 'permission.apps.PermissionConfig' | default_app_config = 'permission.apps.PermissionConfig' | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-lateré | # SPDX-License-Identifier: GPL-3.0-or-lateré | ||||||
|  |  | ||||||
| from django.contrib import admin | from django.contrib import admin | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from rest_framework import serializers | from rest_framework import serializers | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from .views import PermissionViewSet, RoleViewSet | from .views import PermissionViewSet, RoleViewSet | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from api.viewsets import ReadOnlyProtectedModelViewSet | from api.viewsets import ReadOnlyProtectedModelViewSet | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.apps import AppConfig | from django.apps import AppConfig | ||||||
|   | |||||||
| @@ -1,15 +1,15 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from datetime import date | from datetime import date | ||||||
|  |  | ||||||
| from django.contrib.auth.backends import ModelBackend | from django.contrib.auth.backends import ModelBackend | ||||||
| from django.contrib.auth.models import User, AnonymousUser | from django.contrib.auth.models import User | ||||||
| from django.contrib.contenttypes.models import ContentType | from django.contrib.contenttypes.models import ContentType | ||||||
| from django.db.models import Q, F | from django.db.models import Q, F | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
| from note.models import Note, NoteUser, NoteClub, NoteSpecial | from note.models import Note, NoteUser, NoteClub, NoteSpecial | ||||||
| from note_kfet.middlewares import get_current_session | from note_kfet.middlewares import get_current_request | ||||||
| from member.models import Membership, Club | from member.models import Membership, Club | ||||||
|  |  | ||||||
| from .decorators import memoize | from .decorators import memoize | ||||||
| @@ -26,14 +26,31 @@ class PermissionBackend(ModelBackend): | |||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     @memoize |     @memoize | ||||||
|     def get_raw_permissions(user, t): |     def get_raw_permissions(request, t): | ||||||
|         """ |         """ | ||||||
|         Query permissions of a certain type for a user, then memoize it. |         Query permissions of a certain type for a user, then memoize it. | ||||||
|         :param user: The owner of the permissions |         :param request: The current request | ||||||
|         :param t: The type of the permissions: view, change, add or delete |         :param t: The type of the permissions: view, change, add or delete | ||||||
|         :return: The queryset of the permissions of the user (memoized) grouped by clubs |         :return: The queryset of the permissions of the user (memoized) grouped by clubs | ||||||
|         """ |         """ | ||||||
|         if isinstance(user, AnonymousUser): |         if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'): | ||||||
|  |             # OAuth2 Authentication | ||||||
|  |             user = request.auth.user | ||||||
|  |  | ||||||
|  |             def permission_filter(membership_obj): | ||||||
|  |                 query = Q(pk=-1) | ||||||
|  |                 for scope in request.auth.scope.split(' '): | ||||||
|  |                     permission_id, club_id = scope.split('_') | ||||||
|  |                     if int(club_id) == membership_obj.club_id: | ||||||
|  |                         query |= Q(pk=permission_id) | ||||||
|  |                 return query | ||||||
|  |         else: | ||||||
|  |             user = request.user | ||||||
|  |  | ||||||
|  |             def permission_filter(membership_obj): | ||||||
|  |                 return Q(mask__rank__lte=request.session.get("permission_mask", 42)) | ||||||
|  |  | ||||||
|  |         if user.is_anonymous: | ||||||
|             # Unauthenticated users have no permissions |             # Unauthenticated users have no permissions | ||||||
|             return Permission.objects.none() |             return Permission.objects.none() | ||||||
|  |  | ||||||
| @@ -43,7 +60,7 @@ class PermissionBackend(ModelBackend): | |||||||
|  |  | ||||||
|         for membership in memberships: |         for membership in memberships: | ||||||
|             for role in membership.roles.all(): |             for role in membership.roles.all(): | ||||||
|                 for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", -1)).all(): |                 for perm in role.permissions.filter(permission_filter(membership), type=t).all(): | ||||||
|                     if not perm.permanent: |                     if not perm.permanent: | ||||||
|                         if membership.date_start > date.today() or membership.date_end < date.today(): |                         if membership.date_start > date.today() or membership.date_end < date.today(): | ||||||
|                             continue |                             continue | ||||||
| @@ -52,16 +69,22 @@ class PermissionBackend(ModelBackend): | |||||||
|         return perms |         return perms | ||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def permissions(user, model, type): |     def permissions(request, model, type): | ||||||
|         """ |         """ | ||||||
|         List all permissions of the given user that applies to a given model and a give type |         List all permissions of the given user that applies to a given model and a give type | ||||||
|         :param user: The owner of the permissions |         :param request: The current request | ||||||
|         :param model: The model that the permissions shoud apply |         :param model: The model that the permissions shoud apply | ||||||
|         :param type: The type of the permissions: view, change, add or delete |         :param type: The type of the permissions: view, change, add or delete | ||||||
|         :return: A generator of the requested permissions |         :return: A generator of the requested permissions | ||||||
|         """ |         """ | ||||||
|  |  | ||||||
|         for permission in PermissionBackend.get_raw_permissions(user, type): |         if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'): | ||||||
|  |             # OAuth2 Authentication | ||||||
|  |             user = request.auth.user | ||||||
|  |         else: | ||||||
|  |             user = request.user | ||||||
|  |  | ||||||
|  |         for permission in PermissionBackend.get_raw_permissions(request, type): | ||||||
|             if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.membership: |             if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.membership: | ||||||
|                 continue |                 continue | ||||||
|  |  | ||||||
| @@ -88,20 +111,26 @@ class PermissionBackend(ModelBackend): | |||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     @memoize |     @memoize | ||||||
|     def filter_queryset(user, model, t, field=None): |     def filter_queryset(request, model, t, field=None): | ||||||
|         """ |         """ | ||||||
|         Filter a queryset by considering the permissions of a given user. |         Filter a queryset by considering the permissions of a given user. | ||||||
|         :param user: The owner of the permissions that are fetched |         :param request: The current request | ||||||
|         :param model: The concerned model of the queryset |         :param model: The concerned model of the queryset | ||||||
|         :param t: The type of modification (view, add, change, delete) |         :param t: The type of modification (view, add, change, delete) | ||||||
|         :param field: The field of the model to test, if concerned |         :param field: The field of the model to test, if concerned | ||||||
|         :return: A query that corresponds to the filter to give to a queryset |         :return: A query that corresponds to the filter to give to a queryset | ||||||
|         """ |         """ | ||||||
|         if user is None or isinstance(user, AnonymousUser): |         if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'): | ||||||
|  |             # OAuth2 Authentication | ||||||
|  |             user = request.auth.user | ||||||
|  |         else: | ||||||
|  |             user = request.user | ||||||
|  |  | ||||||
|  |         if user is None or user.is_anonymous: | ||||||
|             # Anonymous users can't do anything |             # Anonymous users can't do anything | ||||||
|             return Q(pk=-1) |             return Q(pk=-1) | ||||||
|  |  | ||||||
|         if user.is_superuser and get_current_session().get("permission_mask", -1) >= 42: |         if user.is_superuser and request.session.get("permission_mask", -1) >= 42: | ||||||
|             # Superusers have all rights |             # Superusers have all rights | ||||||
|             return Q() |             return Q() | ||||||
|  |  | ||||||
| @@ -110,7 +139,7 @@ class PermissionBackend(ModelBackend): | |||||||
|  |  | ||||||
|         # Never satisfied |         # Never satisfied | ||||||
|         query = Q(pk=-1) |         query = Q(pk=-1) | ||||||
|         perms = PermissionBackend.permissions(user, model, t) |         perms = PermissionBackend.permissions(request, model, t) | ||||||
|         for perm in perms: |         for perm in perms: | ||||||
|             if perm.field and field != perm.field: |             if perm.field and field != perm.field: | ||||||
|                 continue |                 continue | ||||||
| @@ -122,7 +151,7 @@ class PermissionBackend(ModelBackend): | |||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     @memoize |     @memoize | ||||||
|     def check_perm(user_obj, perm, obj=None): |     def check_perm(request, perm, obj=None): | ||||||
|         """ |         """ | ||||||
|         Check is the given user has the permission over a given object. |         Check is the given user has the permission over a given object. | ||||||
|         The result is then memoized. |         The result is then memoized. | ||||||
| @@ -130,10 +159,19 @@ class PermissionBackend(ModelBackend): | |||||||
|         primary key, the result is not memoized. Moreover, the right could change |         primary key, the result is not memoized. Moreover, the right could change | ||||||
|         (e.g. for a transaction, the balance of the user could change) |         (e.g. for a transaction, the balance of the user could change) | ||||||
|         """ |         """ | ||||||
|         if user_obj is None or isinstance(user_obj, AnonymousUser): |         # Requested by a shell | ||||||
|  |         if request is None: | ||||||
|             return False |             return False | ||||||
|  |  | ||||||
|         sess = get_current_session() |         user_obj = request.user | ||||||
|  |         sess = request.session | ||||||
|  |  | ||||||
|  |         if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'): | ||||||
|  |             # OAuth2 Authentication | ||||||
|  |             user_obj = request.auth.user | ||||||
|  |  | ||||||
|  |         if user_obj is None or user_obj.is_anonymous: | ||||||
|  |             return False | ||||||
|  |  | ||||||
|         if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42: |         if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42: | ||||||
|             return True |             return True | ||||||
| @@ -147,16 +185,19 @@ class PermissionBackend(ModelBackend): | |||||||
|  |  | ||||||
|         ct = ContentType.objects.get_for_model(obj) |         ct = ContentType.objects.get_for_model(obj) | ||||||
|         if any(permission.applies(obj, perm_type, perm_field) |         if any(permission.applies(obj, perm_type, perm_field) | ||||||
|                for permission in PermissionBackend.permissions(user_obj, ct, perm_type)): |                for permission in PermissionBackend.permissions(request, ct, perm_type)): | ||||||
|             return True |             return True | ||||||
|         return False |         return False | ||||||
|  |  | ||||||
|     def has_perm(self, user_obj, perm, obj=None): |     def has_perm(self, user_obj, perm, obj=None): | ||||||
|         return PermissionBackend.check_perm(user_obj, perm, obj) |         # Warning: this does not check that user_obj has the permission, | ||||||
|  |         # but if the current request has the permission. | ||||||
|  |         # This function is implemented for backward compatibility, and should not be used. | ||||||
|  |         return PermissionBackend.check_perm(get_current_request(), perm, obj) | ||||||
|  |  | ||||||
|     def has_module_perms(self, user_obj, app_label): |     def has_module_perms(self, user_obj, app_label): | ||||||
|         return False |         return False | ||||||
|  |  | ||||||
|     def get_all_permissions(self, user_obj, obj=None): |     def get_all_permissions(self, user_obj, obj=None): | ||||||
|         ct = ContentType.objects.get_for_model(obj) |         ct = ContentType.objects.get_for_model(obj) | ||||||
|         return list(self.permissions(user_obj, ct, "view")) |         return list(self.permissions(get_current_request(), ct, "view")) | ||||||
|   | |||||||
| @@ -1,11 +1,11 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
| import sys | import sys | ||||||
| from functools import lru_cache | from functools import lru_cache | ||||||
| from time import time | from time import time | ||||||
|  |  | ||||||
| from django.contrib.sessions.models import Session | from django.contrib.sessions.models import Session | ||||||
| from note_kfet.middlewares import get_current_session | from note_kfet.middlewares import get_current_request | ||||||
|  |  | ||||||
|  |  | ||||||
| def memoize(f): | def memoize(f): | ||||||
| @@ -48,11 +48,11 @@ def memoize(f): | |||||||
|             last_collect = time() |             last_collect = time() | ||||||
|  |  | ||||||
|         # If there is no session, then we don't memoize anything. |         # If there is no session, then we don't memoize anything. | ||||||
|         sess = get_current_session() |         request = get_current_request() | ||||||
|         if sess is None or sess.session_key is None: |         if request is None or request.session is None or request.session.session_key is None: | ||||||
|             return f(*args, **kwargs) |             return f(*args, **kwargs) | ||||||
|  |  | ||||||
|         sess_key = sess.session_key |         sess_key = request.session.session_key | ||||||
|         if sess_key not in sess_funs: |         if sess_key not in sess_funs: | ||||||
|             # lru_cache makes the job of memoization |             # lru_cache makes the job of memoization | ||||||
|             # We store only the 512 latest data per session. It has to be enough. |             # We store only the 512 latest data per session. It has to be enough. | ||||||
|   | |||||||
| @@ -36,7 +36,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": true, | 			"permanent": true, | ||||||
| 			"description": "Voir son compte utilisateur" | 			"description": "Voir son compte utilisateur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -68,7 +68,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": true, | 			"permanent": true, | ||||||
| 			"description": "Voir sa propre note d'utilisateur" | 			"description": "Voir sa propre note d'utilisateur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -111,12 +111,12 @@ | |||||||
| 				"note", | 				"note", | ||||||
| 				"alias" | 				"alias" | ||||||
| 			], | 			], | ||||||
| 			"query": "[\"AND\", [\"OR\", {\"note__noteuser__user__memberships__club__name\": \"Kfet\", \"note__noteuser__user__memberships__date_start__lte\": [\"today\"], \"note__noteuser__user__memberships__date_end__gte\": [\"today\"]}, {\"note__noteclub__isnull\": false}], {\"note__is_active\": true}]", | 			"query": "[\"AND\", [\"OR\", {\"note__noteuser__user__memberships__club__name\": \"BDE\", \"note__noteuser__user__memberships__date_start__lte\": [\"today\"], \"note__noteuser__user__memberships__date_end__gte\": [\"today\"]}, {\"note__noteclub__isnull\": false}], {\"note__is_active\": true}]", | ||||||
| 			"type": "view", | 			"type": "view", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir les aliases des notes des clubs et des adhérents du club Kfet" | 			"description": "Voir les alias des notes des clubs et des adhérent⋅es du club BDE" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -627,7 +627,7 @@ | |||||||
| 			"type": "view", | 			"type": "view", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Voir les personnes qu'on a invitées" | 			"description": "Voir les personnes qu'on a invitées" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -772,7 +772,7 @@ | |||||||
| 			"mask": 3, | 			"mask": 3, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir les adhérents du club" | 			"description": "Voir les adhérent⋅es du club" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -788,7 +788,7 @@ | |||||||
| 			"mask": 2, | 			"mask": 2, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Ajouter un membre à un club" | 			"description": "Ajouter un⋅e membre à un club" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -852,7 +852,7 @@ | |||||||
| 			"mask": 3, | 			"mask": 3, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier n'importe quel utilisateur" | 			"description": "Modifier n'importe quel⋅le utilisateur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -868,7 +868,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Ajouter un utilisateur" | 			"description": "Ajouter un⋅e utilisateur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -977,7 +977,7 @@ | |||||||
| 			], | 			], | ||||||
| 			"query": "[\"OR\", {\"source\": [\"club\", \"note\"]}, {\"destination\": [\"club\", \"note\"]}]", | 			"query": "[\"OR\", {\"source\": [\"club\", \"note\"]}, {\"destination\": [\"club\", \"note\"]}]", | ||||||
| 			"type": "view", | 			"type": "view", | ||||||
| 			"mask": 1, | 			"mask": 2, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir les transactions d'un club" | 			"description": "Voir les transactions d'un club" | ||||||
| @@ -1235,7 +1235,7 @@ | |||||||
| 			"type": "view", | 			"type": "view", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Voir le dernier WEI" | 			"description": "Voir le dernier WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1267,7 +1267,7 @@ | |||||||
| 			"type": "add", | 			"type": "add", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "M'inscrire au dernier WEI" | 			"description": "M'inscrire au dernier WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1284,7 +1284,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Inscrire un 1A au WEI" | 			"description": "Inscrire un⋅e 1A au WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -1331,7 +1331,7 @@ | |||||||
| 			"type": "view", | 			"type": "view", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Voir ma propre inscription WEI" | 			"description": "Voir ma propre inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1379,7 +1379,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "soge_credit", | 			"field": "soge_credit", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Indiquer si mon inscription WEI est payée par la Société générale tant qu'elle n'est pas validée" | 			"description": "Indiquer si mon inscription WEI est payée par la Société générale tant qu'elle n'est pas validée" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1427,7 +1427,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "birth_date", | 			"field": "birth_date", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier la date de naissance de ma propre inscription WEI" | 			"description": "Modifier la date de naissance de ma propre inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1459,7 +1459,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "gender", | 			"field": "gender", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier le genre de ma propre inscription WEI" | 			"description": "Modifier le genre de ma propre inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1491,7 +1491,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "health_issues", | 			"field": "health_issues", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier mes problèmes de santé de mon inscription WEI" | 			"description": "Modifier mes problèmes de santé de mon inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1523,7 +1523,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "emergency_contact_name", | 			"field": "emergency_contact_name", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier le nom du contact en cas d'urgence de mon inscription WEI" | 			"description": "Modifier le nom du contact en cas d'urgence de mon inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1555,7 +1555,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "emergency_contact_phone", | 			"field": "emergency_contact_phone", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier le téléphone du contact en cas d'urgence de mon inscription WEI" | 			"description": "Modifier le téléphone du contact en cas d'urgence de mon inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1572,7 +1572,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "information_json", | 			"field": "information_json", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier les informations (sondage 1A, ...) d'une inscription WEI" | 			"description": "Modifier les informations (sondage 1A,…) d'une inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -1699,7 +1699,7 @@ | |||||||
| 			"type": "add", | 			"type": "add", | ||||||
| 			"mask": 3, | 			"mask": 3, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Créer une adhésion WEI pour le dernier WEI" | 			"description": "Créer une adhésion WEI pour le dernier WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -1956,7 +1956,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": true, | 			"permanent": true, | ||||||
| 			"description": "Voir mes activitées passées, même après la fin de l'adhésion BDE" | 			"description": "Voir mes activités passées, même après la fin de l'adhésion BDE" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2003,7 +2003,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "clothing_cut", | 			"field": "clothing_cut", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier ma coupe de vêtements de mon inscription WEI" | 			"description": "Modifier ma coupe de vêtements de mon inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -2035,7 +2035,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "clothing_size", | 			"field": "clothing_size", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier la taille de vêtements de mon inscription WEI" | 			"description": "Modifier la taille de vêtements de mon inscription WEI" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -2100,7 +2100,7 @@ | |||||||
| 			"mask": 3, | 			"mask": 3, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir n'importe quel utilisateur" | 			"description": "Voir n'importe quel⋅le utilisateur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2228,7 +2228,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Créer une note d'utilisateur" | 			"description": "Créer une note d'utilisateur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2243,7 +2243,7 @@ | |||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "information_json", | 			"field": "information_json", | ||||||
| 			"permanent": false, | 			"permanent": true, | ||||||
| 			"description": "Modifier mes préférences en terme de bus et d'équipe si mon inscription n'est pas validée et que je suis en 2A+" | 			"description": "Modifier mes préférences en terme de bus et d'équipe si mon inscription n'est pas validée et que je suis en 2A+" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -2276,7 +2276,7 @@ | |||||||
| 			"mask": 3, | 			"mask": 3, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir tous les adhérents du club" | 			"description": "Voir toustes les adhérent⋅es du club" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2292,7 +2292,7 @@ | |||||||
| 			"mask": 3, | 			"mask": 3, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Ajouter un membre à n'importe quel club" | 			"description": "Ajouter un⋅e membre à n'importe quel club" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2372,7 +2372,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "name", | 			"field": "name", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier le nom d'une activité non validée dont on est l'auteur" | 			"description": "Modifier le nom d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2388,7 +2388,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "description", | 			"field": "description", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier la description d'une activité non validée dont on est l'auteur" | 			"description": "Modifier la description d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2404,7 +2404,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "location", | 			"field": "location", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier le lieu d'une activité non validée dont on est l'auteur" | 			"description": "Modifier le lieu d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2420,7 +2420,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "activity_type", | 			"field": "activity_type", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier le type d'une activité non validée dont on est l'auteur" | 			"description": "Modifier le type d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2436,7 +2436,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "organizer", | 			"field": "organizer", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur" | 			"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2452,7 +2452,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "attendees_club", | 			"field": "attendees_club", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur" | 			"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2468,7 +2468,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "date_start", | 			"field": "date_start", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier la date de début d'une activité non validée dont on est l'auteur" | 			"description": "Modifier la date de début d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2484,7 +2484,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "date_end", | 			"field": "date_end", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur" | 			"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur⋅rice" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2511,7 +2511,7 @@ | |||||||
| 				"note", | 				"note", | ||||||
| 				"noteuser" | 				"noteuser" | ||||||
| 			], | 			], | ||||||
| 			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"inactivity_reason\": null}]]", | 			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]", | ||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "is_active", | 			"field": "is_active", | ||||||
| @@ -2527,7 +2527,7 @@ | |||||||
| 				"note", | 				"note", | ||||||
| 				"noteuser" | 				"noteuser" | ||||||
| 			], | 			], | ||||||
| 			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"inactivity_reason\": null}]]", | 			"query": "[\"AND\", {\"user\": [\"user\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]", | ||||||
| 			"type": "change", | 			"type": "change", | ||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "inactivity_reason", | 			"field": "inactivity_reason", | ||||||
| @@ -2756,7 +2756,7 @@ | |||||||
| 			"mask": 1, | 			"mask": 1, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Modifier n'importe quel utilisateur non encore inscrit" | 			"description": "Modifier n'importe quel⋅le utilisateur⋅rice non encore inscrit⋅e" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2788,7 +2788,7 @@ | |||||||
| 			"mask": 3, | 			"mask": 3, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir tous les alias, y compris ceux des non adhérents" | 			"description": "Voir tous les alias, y compris ceux des non adhérent⋅es" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2820,7 +2820,7 @@ | |||||||
| 			"mask": 2, | 			"mask": 2, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir n'importe quel utilisateur non encore inscrit" | 			"description": "Voir n'importe quel⋅le utilisateur⋅rice non encore inscrit⋅e" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2847,12 +2847,12 @@ | |||||||
| 				"auth", | 				"auth", | ||||||
| 				"user" | 				"user" | ||||||
| 			], | 			], | ||||||
| 			"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}", | 			"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent⋅e BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}", | ||||||
| 			"type": "view", | 			"type": "view", | ||||||
| 			"mask": 2, | 			"mask": 2, | ||||||
| 			"field": "", | 			"field": "", | ||||||
| 			"permanent": false, | 			"permanent": false, | ||||||
| 			"description": "Voir n'importe quel utilisateur qui est adhérent BDE" | 			"description": "Voir n'importe quel⋅le utilisateur⋅rice qui est adhérent⋅e BDE" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| 	{ | 	{ | ||||||
| @@ -2871,18 +2871,227 @@ | |||||||
| 			"description": "Changer l'image de n'importe quelle note" | 			"description": "Changer l'image de n'importe quelle note" | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 184, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"noteclub" | ||||||
|  | 			], | ||||||
|  | 			"query": "[\"AND\", {\"club\": [\"club\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]", | ||||||
|  | 			"type": "change", | ||||||
|  | 			"mask": 3, | ||||||
|  | 			"field": "is_active", | ||||||
|  | 			"permanent": true, | ||||||
|  | 			"description": "(Dé)bloquer la note de son club manuellement" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 185, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"noteclub" | ||||||
|  | 			], | ||||||
|  | 			"query": "[\"AND\", {\"club\": [\"club\"]}, [\"OR\", {\"inactivity_reason\": \"manual\"}, {\"is_active\": true}]]", | ||||||
|  | 			"type": "change", | ||||||
|  | 			"mask": 3, | ||||||
|  | 			"field": "inactivity_reason", | ||||||
|  | 			"permanent": true, | ||||||
|  | 			"description": "(Dé)bloquer la note de son club et indiquer que cela a été fait manuellement" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 186, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"oauth2_provider", | ||||||
|  | 				"application" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"user\": [\"user\"]}", | ||||||
|  | 			"type": "view", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": true, | ||||||
|  | 			"description": "Voir ses applications OAuth2" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 187, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"oauth2_provider", | ||||||
|  | 				"application" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"user\": [\"user\"]}", | ||||||
|  | 			"type": "add", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": true, | ||||||
|  | 			"description": "Créer une application OAuth2" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 188, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"oauth2_provider", | ||||||
|  | 				"application" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"user\": [\"user\"]}", | ||||||
|  | 			"type": "change", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": true, | ||||||
|  | 			"description": "Modifier une application OAuth2" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 189, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"oauth2_provider", | ||||||
|  | 				"application" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"user\": [\"user\"]}", | ||||||
|  | 			"type": "delete", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": true, | ||||||
|  | 			"description": "Supprimer une application OAuth2" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 190, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"trust" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"trusting\": [\"user\", \"note\"]}", | ||||||
|  | 			"type": "delete", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": false, | ||||||
|  | 			"description": "Supprimer une amitié à sa note" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 191, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"trust" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"trusting\": [\"user\", \"note\"]}", | ||||||
|  | 			"type": "add", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": false, | ||||||
|  | 			"description": "Ajouter une amitié à sa note" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 192, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"trust" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"trusting__is_active\": true}", | ||||||
|  | 			"type": "add", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": false, | ||||||
|  | 			"description": "Ajouter une amitié à une note non bloquée" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 193, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"trust" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"trusting__is_active\": true}", | ||||||
|  | 			"type": "delete", | ||||||
|  | 			"mask": 3, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": false, | ||||||
|  | 			"description": "Supprimer une amitié à une note non bloquée" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 194, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"trust" | ||||||
|  | 			], | ||||||
|  | 			"query": "{}", | ||||||
|  | 			"type": "view", | ||||||
|  | 			"mask": 3, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": false, | ||||||
|  | 			"description": "Voir toutes les amitiés, y compris celles des non adhérent⋅es" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 195, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"trust" | ||||||
|  | 			], | ||||||
|  | 			"query": "{\"trusting__noteuser__user\": [\"user\"]}", | ||||||
|  | 			"type": "view", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": true, | ||||||
|  | 			"description": "Voir ses propres amitiés, pour toujours" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
|  | 	{ | ||||||
|  | 		"model": "permission.permission", | ||||||
|  | 		"pk": 196, | ||||||
|  | 		"fields": { | ||||||
|  | 			"model": [ | ||||||
|  | 				"note", | ||||||
|  | 				"transaction" | ||||||
|  | 			], | ||||||
|  | 			"query": "[\"AND\", {\"source__trusting__trusted\": [\"user\", \"note\"]}, [\"OR\", {\"source__balance__gte\": {\"F\": [\"MUL\", [\"F\", \"amount\"], [\"F\", \"quantity\"]]}}, {\"valid\": false}]]", | ||||||
|  | 			"type": "add", | ||||||
|  | 			"mask": 1, | ||||||
|  | 			"field": "", | ||||||
|  | 			"permanent": false, | ||||||
|  | 			"description": "Transférer de l'argent depuis une note amie en restant positif" | ||||||
|  | 		} | ||||||
|  | 	}, | ||||||
| 	{ | 	{ | ||||||
| 		"model": "permission.role", | 		"model": "permission.role", | ||||||
| 		"pk": 1, | 		"pk": 1, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": 1, | 			"for_club": 1, | ||||||
| 			"name": "Adh\u00e9rent BDE", | 			"name": "Adh\u00e9rent\u22c5e BDE", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				1, | 				1, | ||||||
| 				2, | 				2, | ||||||
| 				3, | 				3, | ||||||
| 				4, | 				4, | ||||||
| 				5, | 				5, | ||||||
|  | 				6, | ||||||
| 				7, | 				7, | ||||||
| 				8, | 				8, | ||||||
| 				9, | 				9, | ||||||
| @@ -2890,13 +3099,25 @@ | |||||||
| 				11, | 				11, | ||||||
| 				12, | 				12, | ||||||
| 				13, | 				13, | ||||||
|  | 				14, | ||||||
|  | 				15, | ||||||
|  | 				16, | ||||||
|  | 				17, | ||||||
| 				22, | 				22, | ||||||
| 				48, | 				48, | ||||||
| 				52, | 				52, | ||||||
| 				126, | 				126, | ||||||
| 				161, | 				161, | ||||||
| 				162, | 				162, | ||||||
| 				165 | 				165, | ||||||
|  | 				186, | ||||||
|  | 				187, | ||||||
|  | 				188, | ||||||
|  | 				189, | ||||||
|  | 				190, | ||||||
|  | 				191, | ||||||
|  | 				195, | ||||||
|  | 				196 | ||||||
| 			] | 			] | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -2905,13 +3126,8 @@ | |||||||
| 		"pk": 2, | 		"pk": 2, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": 2, | 			"for_club": 2, | ||||||
| 			"name": "Adh\u00e9rent Kfet", | 			"name": "Adh\u00e9rent\u22c5e Kfet", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				6, |  | ||||||
| 				14, |  | ||||||
| 				15, |  | ||||||
| 				16, |  | ||||||
| 				17, |  | ||||||
| 				22, | 				22, | ||||||
| 				34, | 				34, | ||||||
| 				36, | 				36, | ||||||
| @@ -2942,7 +3158,9 @@ | |||||||
| 				158, | 				158, | ||||||
| 				159, | 				159, | ||||||
| 				160, | 				160, | ||||||
| 				179 | 				179, | ||||||
|  | 				189, | ||||||
|  | 				190 | ||||||
| 			] | 			] | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -2977,7 +3195,7 @@ | |||||||
| 		"pk": 5, | 		"pk": 5, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": null, | 			"for_club": null, | ||||||
| 			"name": "Pr\u00e9sident\u00b7e de club", | 			"name": "Pr\u00e9sident\u22c5e de club", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				50, | 				50, | ||||||
| 				62, | 				62, | ||||||
| @@ -2991,7 +3209,7 @@ | |||||||
| 		"pk": 6, | 		"pk": 6, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": null, | 			"for_club": null, | ||||||
| 			"name": "Tr\u00e9sorier\u00b7\u00e8re de club", | 			"name": "Tr\u00e9sorièr\u22c5e de club", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				59, | 				59, | ||||||
| 				19, | 				19, | ||||||
| @@ -3010,7 +3228,9 @@ | |||||||
| 				166, | 				166, | ||||||
| 				167, | 				167, | ||||||
| 				168, | 				168, | ||||||
| 				182 | 				182, | ||||||
|  | 				184, | ||||||
|  | 				185 | ||||||
| 			] | 			] | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -3019,7 +3239,7 @@ | |||||||
| 		"pk": 7, | 		"pk": 7, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": 1, | 			"for_club": 1, | ||||||
| 			"name": "Pr\u00e9sident\u00b7e BDE", | 			"name": "Pr\u00e9sident\u22c5e BDE", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				24, | 				24, | ||||||
| 				25, | 				25, | ||||||
| @@ -3035,7 +3255,7 @@ | |||||||
| 		"pk": 8, | 		"pk": 8, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": 1, | 			"for_club": 1, | ||||||
| 			"name": "Tr\u00e9sorier\u00b7\u00e8re BDE", | 			"name": "Tr\u00e9sorièr\u22c5e BDE", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				23, | 				23, | ||||||
| 				24, | 				24, | ||||||
| @@ -3048,6 +3268,7 @@ | |||||||
| 				31, | 				31, | ||||||
| 				32, | 				32, | ||||||
| 				33, | 				33, | ||||||
|  | 				43, | ||||||
| 				51, | 				51, | ||||||
| 				53, | 				53, | ||||||
| 				54, | 				54, | ||||||
| @@ -3089,7 +3310,10 @@ | |||||||
| 				176, | 				176, | ||||||
| 				177, | 				177, | ||||||
| 				178, | 				178, | ||||||
| 				183 | 				188, | ||||||
|  | 				183, | ||||||
|  | 				186, | ||||||
|  | 				187 | ||||||
| 			] | 			] | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -3277,7 +3501,20 @@ | |||||||
| 				180, | 				180, | ||||||
| 				181, | 				181, | ||||||
| 				182, | 				182, | ||||||
| 				183 | 				183, | ||||||
|  | 				184, | ||||||
|  | 				185, | ||||||
|  | 				186, | ||||||
|  | 				187, | ||||||
|  | 				188, | ||||||
|  | 				189, | ||||||
|  | 				190, | ||||||
|  | 				191, | ||||||
|  | 				192, | ||||||
|  | 				193, | ||||||
|  | 				194, | ||||||
|  | 				195, | ||||||
|  | 				196 | ||||||
| 			] | 			] | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -3304,6 +3541,7 @@ | |||||||
| 				30, | 				30, | ||||||
| 				31, | 				31, | ||||||
| 				70, | 				70, | ||||||
|  | 				72, | ||||||
| 				143, | 				143, | ||||||
| 				166, | 				166, | ||||||
| 				167, | 				167, | ||||||
| @@ -3336,7 +3574,8 @@ | |||||||
| 				45, | 				45, | ||||||
| 				46, | 				46, | ||||||
| 				148, | 				148, | ||||||
| 				149 | 				149, | ||||||
|  | 				182 | ||||||
| 			] | 			] | ||||||
| 		} | 		} | ||||||
| 	}, | 	}, | ||||||
| @@ -3379,7 +3618,7 @@ | |||||||
| 		"pk": 13, | 		"pk": 13, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": null, | 			"for_club": null, | ||||||
| 			"name": "Chef de bus", | 			"name": "Chef\u22c5fe de bus", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				22, | 				22, | ||||||
| 				84, | 				84, | ||||||
| @@ -3397,7 +3636,7 @@ | |||||||
| 		"pk": 14, | 		"pk": 14, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": null, | 			"for_club": null, | ||||||
| 			"name": "Chef d'\u00e9quipe", | 			"name": "Chef\u22c5fe d'\u00e9quipe", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				22, | 				22, | ||||||
| 				84, | 				84, | ||||||
| @@ -3446,7 +3685,7 @@ | |||||||
| 		"pk": 18, | 		"pk": 18, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": null, | 			"for_club": null, | ||||||
| 			"name": "Adhérent WEI", | 			"name": "Adhérent\u22c5e WEI", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				77, | 				77, | ||||||
| 				87, | 				87, | ||||||
| @@ -3495,7 +3734,7 @@ | |||||||
| 		"model": "permission.role", | 		"model": "permission.role", | ||||||
| 		"pk": 20, | 		"pk": 20, | ||||||
| 		"fields": { | 		"fields": { | ||||||
| 			"for_club": 2, | 			"for_club": 1, | ||||||
| 			"name": "PC Kfet", | 			"name": "PC Kfet", | ||||||
| 			"permissions": [ | 			"permissions": [ | ||||||
| 				6, | 				6, | ||||||
| @@ -3511,6 +3750,8 @@ | |||||||
| 				56, | 				56, | ||||||
| 				57, | 				57, | ||||||
| 				58, | 				58, | ||||||
|  | 				70, | ||||||
|  | 				72, | ||||||
| 				135, | 				135, | ||||||
| 				137, | 				137, | ||||||
| 				143, | 				143, | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import functools | import functools | ||||||
| @@ -59,7 +59,7 @@ class InstancedPermission: | |||||||
|  |  | ||||||
|                     # Force insertion, no data verification, no trigger |                     # Force insertion, no data verification, no trigger | ||||||
|                     obj._force_save = True |                     obj._force_save = True | ||||||
|                     # We don't want to trigger any signal (log, ...) |                     # We don't want to trigger any signal (log,…) | ||||||
|                     obj._no_signal = True |                     obj._no_signal = True | ||||||
|                     Model.save(obj, force_insert=True) |                     Model.save(obj, force_insert=True) | ||||||
|                     ret = self.model.model_class().objects.filter(self.query & Q(pk=0)).exists() |                     ret = self.model.model_class().objects.filter(self.query & Q(pk=0)).exists() | ||||||
| @@ -227,7 +227,7 @@ class Permission(models.Model): | |||||||
|     def compute_param(value, **kwargs): |     def compute_param(value, **kwargs): | ||||||
|         """ |         """ | ||||||
|         A parameter is given by a list. The first argument is the name of the parameter. |         A parameter is given by a list. The first argument is the name of the parameter. | ||||||
|         The parameters are the user, the club, and some classes (Note, ...) |         The parameters are the user, the club, and some classes (Note,…) | ||||||
|         If there are more arguments in the list, then attributes are queried. |         If there are more arguments in the list, then attributes are queried. | ||||||
|         For example, ["user", "note", "balance"] will return the balance of the note of the user. |         For example, ["user", "note", "balance"] will return the balance of the note of the user. | ||||||
|         If an argument is a list, then this is interpreted with a function call: |         If an argument is a list, then this is interpreted with a function call: | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from rest_framework.permissions import DjangoObjectPermissions | from rest_framework.permissions import DjangoObjectPermissions | ||||||
| @@ -45,7 +45,7 @@ class StrongDjangoObjectPermissions(DjangoObjectPermissions): | |||||||
|  |  | ||||||
|         perms = self.get_required_object_permissions(request.method, model_cls) |         perms = self.get_required_object_permissions(request.method, model_cls) | ||||||
|         # if not user.has_perms(perms, obj): |         # if not user.has_perms(perms, obj): | ||||||
|         if not all(PermissionBackend.check_perm(user, perm, obj) for perm in perms): |         if not all(PermissionBackend.check_perm(request, perm, obj) for perm in perms): | ||||||
|             # If the user does not have permissions we need to determine if |             # If the user does not have permissions we need to determine if | ||||||
|             # they have read permissions to see 403, or not, and simply see |             # they have read permissions to see 403, or not, and simply see | ||||||
|             # a 404 response. |             # a 404 response. | ||||||
|   | |||||||
							
								
								
									
										57
									
								
								apps/permission/scopes.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										57
									
								
								apps/permission/scopes.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,57 @@ | |||||||
|  | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
|  | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  | from oauth2_provider.oauth2_validators import OAuth2Validator | ||||||
|  | from oauth2_provider.scopes import BaseScopes | ||||||
|  | from member.models import Club | ||||||
|  | from note_kfet.middlewares import get_current_request | ||||||
|  |  | ||||||
|  | from .backends import PermissionBackend | ||||||
|  | from .models import Permission | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class PermissionScopes(BaseScopes): | ||||||
|  |     """ | ||||||
|  |     An OAuth2 scope is defined by a permission object and a club. | ||||||
|  |     A token will have a subset of permissions from the owner of the application, | ||||||
|  |     and can be useful to make queries through the API with limited privileges. | ||||||
|  |     """ | ||||||
|  |  | ||||||
|  |     def get_all_scopes(self): | ||||||
|  |         return {f"{p.id}_{club.id}": f"{p.description} (club {club.name})" | ||||||
|  |                 for p in Permission.objects.all() for club in Club.objects.all()} | ||||||
|  |  | ||||||
|  |     def get_available_scopes(self, application=None, request=None, *args, **kwargs): | ||||||
|  |         if not application: | ||||||
|  |             return [] | ||||||
|  |         return [f"{p.id}_{p.membership.club.id}" | ||||||
|  |                 for t in Permission.PERMISSION_TYPES | ||||||
|  |                 for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])] | ||||||
|  |  | ||||||
|  |     def get_default_scopes(self, application=None, request=None, *args, **kwargs): | ||||||
|  |         if not application: | ||||||
|  |             return [] | ||||||
|  |         return [f"{p.id}_{p.membership.club.id}" | ||||||
|  |                 for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')] | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class PermissionOAuth2Validator(OAuth2Validator): | ||||||
|  |     def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs): | ||||||
|  |         """ | ||||||
|  |         User can request as many scope as he wants, including invalid scopes, | ||||||
|  |         but it will have only the permissions he has. | ||||||
|  |  | ||||||
|  |         This allows clients to request more permission to get finally a | ||||||
|  |         subset of permissions. | ||||||
|  |         """ | ||||||
|  |  | ||||||
|  |         valid_scopes = set() | ||||||
|  |  | ||||||
|  |         for t in Permission.PERMISSION_TYPES: | ||||||
|  |             for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0]): | ||||||
|  |                 scope = f"{p.id}_{p.membership.club.id}" | ||||||
|  |                 if scope in scopes: | ||||||
|  |                     valid_scopes.add(scope) | ||||||
|  |  | ||||||
|  |         request.scopes = valid_scopes | ||||||
|  |  | ||||||
|  |         return valid_scopes | ||||||
| @@ -1,9 +1,9 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.core.exceptions import PermissionDenied | from django.core.exceptions import PermissionDenied | ||||||
| from django.utils.translation import gettext_lazy as _ | from django.utils.translation import gettext_lazy as _ | ||||||
| from note_kfet.middlewares import get_current_authenticated_user | from note_kfet.middlewares import get_current_request | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -16,6 +16,9 @@ EXCLUDED = [ | |||||||
|     'contenttypes.contenttype', |     'contenttypes.contenttype', | ||||||
|     'logs.changelog', |     'logs.changelog', | ||||||
|     'migrations.migration', |     'migrations.migration', | ||||||
|  |     'oauth2_provider.accesstoken', | ||||||
|  |     'oauth2_provider.grant', | ||||||
|  |     'oauth2_provider.refreshtoken', | ||||||
|     'sessions.session', |     'sessions.session', | ||||||
| ] | ] | ||||||
|  |  | ||||||
| @@ -31,8 +34,8 @@ def pre_save_object(sender, instance, **kwargs): | |||||||
|     if hasattr(instance, "_force_save") or hasattr(instance, "_no_signal"): |     if hasattr(instance, "_force_save") or hasattr(instance, "_no_signal"): | ||||||
|         return |         return | ||||||
|  |  | ||||||
|     user = get_current_authenticated_user() |     request = get_current_request() | ||||||
|     if user is None: |     if request is None: | ||||||
|         # Action performed on shell is always granted |         # Action performed on shell is always granted | ||||||
|         return |         return | ||||||
|  |  | ||||||
| @@ -45,7 +48,7 @@ def pre_save_object(sender, instance, **kwargs): | |||||||
|         # We check if the user can change the model |         # We check if the user can change the model | ||||||
|  |  | ||||||
|         # If the user has all right on a model, then OK |         # If the user has all right on a model, then OK | ||||||
|         if PermissionBackend.check_perm(user, app_label + ".change_" + model_name, instance): |         if PermissionBackend.check_perm(request, app_label + ".change_" + model_name, instance): | ||||||
|             return |             return | ||||||
|  |  | ||||||
|         # In the other case, we check if he/she has the right to change one field |         # In the other case, we check if he/she has the right to change one field | ||||||
| @@ -58,7 +61,14 @@ def pre_save_object(sender, instance, **kwargs): | |||||||
|             # If the field wasn't modified, no need to check the permissions |             # If the field wasn't modified, no need to check the permissions | ||||||
|             if old_value == new_value: |             if old_value == new_value: | ||||||
|                 continue |                 continue | ||||||
|             if not PermissionBackend.check_perm(user, app_label + ".change_" + model_name + "_" + field_name, instance): |  | ||||||
|  |             if app_label == 'auth' and model_name == 'user' and field.name == 'password' and request.user.is_anonymous: | ||||||
|  |                 # We must ignore password changes from anonymous users since it can be done by people that forgot | ||||||
|  |                 # their password. We trust password change form. | ||||||
|  |                 continue | ||||||
|  |  | ||||||
|  |             if not PermissionBackend.check_perm(request, app_label + ".change_" + model_name + "_" + field_name, | ||||||
|  |                                                 instance): | ||||||
|                 raise PermissionDenied( |                 raise PermissionDenied( | ||||||
|                     _("You don't have the permission to change the field {field} on this instance of model" |                     _("You don't have the permission to change the field {field} on this instance of model" | ||||||
|                       " {app_label}.{model_name}.") |                       " {app_label}.{model_name}.") | ||||||
| @@ -66,7 +76,7 @@ def pre_save_object(sender, instance, **kwargs): | |||||||
|                 ) |                 ) | ||||||
|     else: |     else: | ||||||
|         # We check if the user has right to add the object |         # We check if the user has right to add the object | ||||||
|         has_perm = PermissionBackend.check_perm(user, app_label + ".add_" + model_name, instance) |         has_perm = PermissionBackend.check_perm(request, app_label + ".add_" + model_name, instance) | ||||||
|  |  | ||||||
|         if not has_perm: |         if not has_perm: | ||||||
|             raise PermissionDenied( |             raise PermissionDenied( | ||||||
| @@ -87,8 +97,8 @@ def pre_delete_object(instance, **kwargs): | |||||||
|         # Don't check permissions on force-deleted objects |         # Don't check permissions on force-deleted objects | ||||||
|         return |         return | ||||||
|  |  | ||||||
|     user = get_current_authenticated_user() |     request = get_current_request() | ||||||
|     if user is None: |     if request is None: | ||||||
|         # Action performed on shell is always granted |         # Action performed on shell is always granted | ||||||
|         return |         return | ||||||
|  |  | ||||||
| @@ -97,7 +107,7 @@ def pre_delete_object(instance, **kwargs): | |||||||
|     model_name = model_name_full[1] |     model_name = model_name_full[1] | ||||||
|  |  | ||||||
|     # We check if the user has rights to delete the object |     # We check if the user has rights to delete the object | ||||||
|     if not PermissionBackend.check_perm(user, app_label + ".delete_" + model_name, instance): |     if not PermissionBackend.check_perm(request, app_label + ".delete_" + model_name, instance): | ||||||
|         raise PermissionDenied( |         raise PermissionDenied( | ||||||
|             _("You don't have the permission to delete this instance of model {app_label}.{model_name}.") |             _("You don't have the permission to delete this instance of model {app_label}.{model_name}.") | ||||||
|             .format(app_label=app_label, model_name=model_name)) |             .format(app_label=app_label, model_name=model_name)) | ||||||
|   | |||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| import django_tables2 as tables | import django_tables2 as tables | ||||||
| @@ -8,7 +8,7 @@ from django.urls import reverse_lazy | |||||||
| from django.utils.html import format_html | from django.utils.html import format_html | ||||||
| from django_tables2 import A | from django_tables2 import A | ||||||
| from member.models import Membership | from member.models import Membership | ||||||
| from note_kfet.middlewares import get_current_authenticated_user | from note_kfet.middlewares import get_current_request | ||||||
| from permission.backends import PermissionBackend | from permission.backends import PermissionBackend | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -20,7 +20,7 @@ class RightsTable(tables.Table): | |||||||
|     def render_user(self, value): |     def render_user(self, value): | ||||||
|         # If the user has the right, link the displayed user with the page of its detail. |         # If the user has the right, link the displayed user with the page of its detail. | ||||||
|         s = value.username |         s = value.username | ||||||
|         if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value): |         if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value): | ||||||
|             s = format_html("<a href={url}>{name}</a>", |             s = format_html("<a href={url}>{name}</a>", | ||||||
|                             url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s) |                             url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s) | ||||||
|         return s |         return s | ||||||
| @@ -28,7 +28,7 @@ class RightsTable(tables.Table): | |||||||
|     def render_club(self, value): |     def render_club(self, value): | ||||||
|         # If the user has the right, link the displayed user with the page of its detail. |         # If the user has the right, link the displayed user with the page of its detail. | ||||||
|         s = value.name |         s = value.name | ||||||
|         if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_club", value): |         if PermissionBackend.check_perm(get_current_request(), "member.view_club", value): | ||||||
|             s = format_html("<a href={url}>{name}</a>", |             s = format_html("<a href={url}>{name}</a>", | ||||||
|                             url=reverse_lazy('member:club_detail', kwargs={"pk": value.pk}), name=s) |                             url=reverse_lazy('member:club_detail', kwargs={"pk": value.pk}), name=s) | ||||||
|  |  | ||||||
| @@ -36,13 +36,13 @@ class RightsTable(tables.Table): | |||||||
|  |  | ||||||
|     def render_roles(self, record): |     def render_roles(self, record): | ||||||
|         # If the user has the right to manage the roles, display the link to manage them |         # If the user has the right to manage the roles, display the link to manage them | ||||||
|         roles = record.roles.filter((~(Q(name="Adhérent BDE") |         roles = record.roles.filter((~(Q(name="Adhérent⋅e BDE") | ||||||
|                                      | Q(name="Adhérent Kfet") |                                      | Q(name="Adhérent⋅e Kfet") | ||||||
|                                      | Q(name="Membre de club") |                                      | Q(name="Membre de club") | ||||||
|                                      | Q(name="Bureau de club")) |                                      | Q(name="Bureau de club")) | ||||||
|                                      & Q(weirole__isnull=True))).all() |                                      & Q(weirole__isnull=True))).all() | ||||||
|         s = ", ".join(str(role) for role in roles) |         s = ", ".join(str(role) for role in roles) | ||||||
|         if PermissionBackend.check_perm(get_current_authenticated_user(), "member.change_membership_roles", record): |         if PermissionBackend.check_perm(get_current_request(), "member.change_membership_roles", record): | ||||||
|             s = format_html("<a href='" + str(reverse_lazy("member:club_manage_roles", kwargs={"pk": record.pk})) |             s = format_html("<a href='" + str(reverse_lazy("member:club_manage_roles", kwargs={"pk": record.pk})) | ||||||
|                             + "'>" + s + "</a>") |                             + "'>" + s + "</a>") | ||||||
|         return s |         return s | ||||||
|   | |||||||
							
								
								
									
										73
									
								
								apps/permission/templates/permission/scopes.html
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								apps/permission/templates/permission/scopes.html
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,73 @@ | |||||||
|  | {% extends "base.html" %} | ||||||
|  |  | ||||||
|  | {% load i18n %} | ||||||
|  |  | ||||||
|  | {% block content %} | ||||||
|  |     <div class="card"> | ||||||
|  |         <div class="card-header text-center"> | ||||||
|  |             <h2>{% trans "Available scopes" %}</h2> | ||||||
|  |         </div> | ||||||
|  |         <div class="card-body"> | ||||||
|  |             <div class="accordion" id="accordionApps"> | ||||||
|  |                 {% for app, app_scopes in scopes.items %} | ||||||
|  |                     <div class="card"> | ||||||
|  |                         <div class="card-header" id="app-{{ app.name|slugify }}-title"> | ||||||
|  |                             <a class="text-decoration-none collapsed" href="#" data-toggle="collapse" | ||||||
|  |                                data-target="#app-{{ app.name|slugify }}" aria-expanded="false" | ||||||
|  |                                aria-controls="app-{{ app.name|slugify }}"> | ||||||
|  |                                 {{ app.name }} | ||||||
|  |                             </a> | ||||||
|  |                         </div> | ||||||
|  |                         <div class="collapse" id="app-{{ app.name|slugify }}" aria-labelledby="app-{{ app.name|slugify }}" data-target="#accordionApps"> | ||||||
|  |                             <div class="card-body"> | ||||||
|  |                                 {% for scope_id, scope_desc in app_scopes.items %} | ||||||
|  |                                     <div class="form-group"> | ||||||
|  |                                         <label class="form-check-label" for="scope-{{ app.name|slugify }}-{{ scope_id }}"> | ||||||
|  |                                             <input type="checkbox" id="scope-{{ app.name|slugify }}-{{ scope_id }}" | ||||||
|  |                                                    name="scope-{{ app.name|slugify }}" class="checkboxinput form-check-input" value="{{ scope_id }}"> | ||||||
|  |                                             {{ scope_desc }} | ||||||
|  |                                         </label> | ||||||
|  |                                     </div> | ||||||
|  |                                 {% endfor %} | ||||||
|  |                                 <p id="url-{{ app.name|slugify }}"> | ||||||
|  |                                     <a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code" target="_blank"> | ||||||
|  |                                         {{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code | ||||||
|  |                                     </a> | ||||||
|  |                                 </p> | ||||||
|  |                             </div> | ||||||
|  |                         </div> | ||||||
|  |                     </div> | ||||||
|  |                 {% empty %} | ||||||
|  |                     <p> | ||||||
|  |                         {% trans "No applications defined" %}. | ||||||
|  |                         <a href="{% url 'oauth2_provider:register' %}">{% trans "Click here" %}</a> {% trans "if you want to register a new one" %}. | ||||||
|  |                     </p> | ||||||
|  |                 {% endfor %} | ||||||
|  |             </div> | ||||||
|  |         </div> | ||||||
|  |     </div> | ||||||
|  | {% endblock %} | ||||||
|  |  | ||||||
|  | {% block extrajavascript %} | ||||||
|  |     <script> | ||||||
|  |         {% for app in scopes.keys %} | ||||||
|  |             for (let element of document.getElementsByName("scope-{{ app.name|slugify }}")) { | ||||||
|  |                 element.onchange = function (event) { | ||||||
|  |                     let scope = "" | ||||||
|  |                     for (let element of document.getElementsByName("scope-{{ app.name|slugify }}")) { | ||||||
|  |                         if (element.checked) { | ||||||
|  |                             scope += element.value + " " | ||||||
|  |                         } | ||||||
|  |                     } | ||||||
|  |  | ||||||
|  |                     scope = scope.substr(0, scope.length - 1) | ||||||
|  |  | ||||||
|  |                     document.getElementById("url-{{ app.name|slugify }}").innerHTML = 'Scopes : ' + scope | ||||||
|  |                         + '<br><a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='+ scope.replaceAll(' ', '%20') | ||||||
|  |                         + '" target="_blank">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope=' | ||||||
|  |                         + scope.replaceAll(' ', '%20') + '</a>' | ||||||
|  |                 } | ||||||
|  |             } | ||||||
|  |         {% endfor %} | ||||||
|  |     </script> | ||||||
|  | {% endblock %} | ||||||
| @@ -1,12 +1,12 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from django.contrib.auth.models import AnonymousUser |  | ||||||
| from django.contrib.contenttypes.models import ContentType | from django.contrib.contenttypes.models import ContentType | ||||||
| from django.template.defaultfilters import stringfilter | from django.template.defaultfilters import stringfilter | ||||||
| from django import template | from django import template | ||||||
| from note_kfet.middlewares import get_current_authenticated_user, get_current_session | from note_kfet.middlewares import get_current_request | ||||||
| from permission.backends import PermissionBackend |  | ||||||
|  | from ..backends import PermissionBackend | ||||||
|  |  | ||||||
|  |  | ||||||
| @stringfilter | @stringfilter | ||||||
| @@ -14,9 +14,10 @@ def not_empty_model_list(model_name): | |||||||
|     """ |     """ | ||||||
|     Return True if and only if the current user has right to see any object of the given model. |     Return True if and only if the current user has right to see any object of the given model. | ||||||
|     """ |     """ | ||||||
|     user = get_current_authenticated_user() |     request = get_current_request() | ||||||
|     session = get_current_session() |     user = request.user | ||||||
|     if user is None or isinstance(user, AnonymousUser): |     session = request.session | ||||||
|  |     if user is None or not user.is_authenticated: | ||||||
|         return False |         return False | ||||||
|     elif user.is_superuser and session.get("permission_mask", -1) >= 42: |     elif user.is_superuser and session.get("permission_mask", -1) >= 42: | ||||||
|         return True |         return True | ||||||
| @@ -29,11 +30,12 @@ def model_list(model_name, t="view", fetch=True): | |||||||
|     """ |     """ | ||||||
|     Return the queryset of all visible instances of the given model. |     Return the queryset of all visible instances of the given model. | ||||||
|     """ |     """ | ||||||
|     user = get_current_authenticated_user() |     request = get_current_request() | ||||||
|  |     user = request.user | ||||||
|     spl = model_name.split(".") |     spl = model_name.split(".") | ||||||
|     ct = ContentType.objects.get(app_label=spl[0], model=spl[1]) |     ct = ContentType.objects.get(app_label=spl[0], model=spl[1]) | ||||||
|     qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(user, ct, t)) |     qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(request, ct, t)) | ||||||
|     if user is None or isinstance(user, AnonymousUser): |     if user is None or not user.is_authenticated: | ||||||
|         return qs.none() |         return qs.none() | ||||||
|     if fetch: |     if fetch: | ||||||
|         qs = qs.all() |         qs = qs.all() | ||||||
| @@ -49,7 +51,7 @@ def model_list_length(model_name, t="view"): | |||||||
|  |  | ||||||
|  |  | ||||||
| def has_perm(perm, obj): | def has_perm(perm, obj): | ||||||
|     return PermissionBackend.check_perm(get_current_authenticated_user(), perm, obj) |     return PermissionBackend.check_perm(get_current_request(), perm, obj) | ||||||
|  |  | ||||||
|  |  | ||||||
| register = template.Library() | register = template.Library() | ||||||
|   | |||||||
							
								
								
									
										94
									
								
								apps/permission/tests/test_oauth2.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										94
									
								
								apps/permission/tests/test_oauth2.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,94 @@ | |||||||
|  | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
|  | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
|  | from datetime import timedelta | ||||||
|  |  | ||||||
|  | from django.contrib.auth.models import User | ||||||
|  | from django.test import TestCase | ||||||
|  | from django.urls import reverse | ||||||
|  | from django.utils import timezone | ||||||
|  | from django.utils.crypto import get_random_string | ||||||
|  | from member.models import Membership, Club | ||||||
|  | from note.models import NoteUser | ||||||
|  | from oauth2_provider.models import Application, AccessToken | ||||||
|  |  | ||||||
|  | from ..models import Role, Permission | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class OAuth2TestCase(TestCase): | ||||||
|  |     fixtures = ('initial', ) | ||||||
|  |  | ||||||
|  |     def setUp(self): | ||||||
|  |         self.user = User.objects.create( | ||||||
|  |             username="toto", | ||||||
|  |         ) | ||||||
|  |         self.application = Application.objects.create( | ||||||
|  |             name="Test", | ||||||
|  |             client_type=Application.CLIENT_PUBLIC, | ||||||
|  |             authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE, | ||||||
|  |             user=self.user, | ||||||
|  |         ) | ||||||
|  |  | ||||||
|  |     def test_oauth2_access(self): | ||||||
|  |         """ | ||||||
|  |         Create a simple OAuth2 access token that only has the right to see data of the current user | ||||||
|  |         and check that this token has required access, and nothing more. | ||||||
|  |         """ | ||||||
|  |  | ||||||
|  |         bde = Club.objects.get(name="BDE") | ||||||
|  |         view_user_perm = Permission.objects.get(pk=1)  # View own user detail | ||||||
|  |  | ||||||
|  |         # Create access token that has access to our own user detail | ||||||
|  |         token = AccessToken.objects.create( | ||||||
|  |             user=self.user, | ||||||
|  |             application=self.application, | ||||||
|  |             scope=f"{view_user_perm.pk}_{bde.pk}", | ||||||
|  |             token=get_random_string(64), | ||||||
|  |             expires=timezone.now() + timedelta(days=365), | ||||||
|  |         ) | ||||||
|  |  | ||||||
|  |         # No access without token | ||||||
|  |         resp = self.client.get(f'/api/user/{self.user.pk}/') | ||||||
|  |         self.assertEqual(resp.status_code, 403) | ||||||
|  |  | ||||||
|  |         # Valid token but user has no membership, so the query is not returning the user object | ||||||
|  |         resp = self.client.get(f'/api/user/{self.user.pk}/', **{'Authorization': f'Bearer {token.token}'}) | ||||||
|  |         self.assertEqual(resp.status_code, 404) | ||||||
|  |  | ||||||
|  |         # Create membership to validate permissions | ||||||
|  |         NoteUser.objects.create(user=self.user) | ||||||
|  |         membership = Membership.objects.create(user=self.user, club_id=bde.pk) | ||||||
|  |         membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE")) | ||||||
|  |         membership.save() | ||||||
|  |  | ||||||
|  |         # User is now a member and can now see its own user detail | ||||||
|  |         resp = self.client.get(f'/api/user/{self.user.pk}/', **{'Authorization': f'Bearer {token.token}'}) | ||||||
|  |         self.assertEqual(resp.status_code, 200) | ||||||
|  |  | ||||||
|  |         # Token is not granted to see profile detail | ||||||
|  |         resp = self.client.get(f'/api/members/profile/{self.user.profile.pk}/', | ||||||
|  |                                **{'Authorization': f'Bearer {token.token}'}) | ||||||
|  |         self.assertEqual(resp.status_code, 404) | ||||||
|  |  | ||||||
|  |     def test_scopes(self): | ||||||
|  |         """ | ||||||
|  |         Ensure that the scopes page is loading. | ||||||
|  |         """ | ||||||
|  |         self.client.force_login(self.user) | ||||||
|  |  | ||||||
|  |         resp = self.client.get(reverse('permission:scopes')) | ||||||
|  |         self.assertEqual(resp.status_code, 200) | ||||||
|  |         self.assertIn(self.application, resp.context['scopes']) | ||||||
|  |         self.assertNotIn('1_1', resp.context['scopes'][self.application])  # The user has not this permission | ||||||
|  |  | ||||||
|  |         # Create membership to validate permissions | ||||||
|  |         bde = Club.objects.get(name="BDE") | ||||||
|  |         NoteUser.objects.create(user=self.user) | ||||||
|  |         membership = Membership.objects.create(user=self.user, club_id=bde.pk) | ||||||
|  |         membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE")) | ||||||
|  |         membership.save() | ||||||
|  |  | ||||||
|  |         resp = self.client.get(reverse('permission:scopes')) | ||||||
|  |         self.assertEqual(resp.status_code, 200) | ||||||
|  |         self.assertIn(self.application, resp.context['scopes']) | ||||||
|  |         self.assertIn('1_1', resp.context['scopes'][self.application])  # Now the user has this permission | ||||||
| @@ -1,4 +1,4 @@ | |||||||
| # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay | # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay | ||||||
| # SPDX-License-Identifier: GPL-3.0-or-later | # SPDX-License-Identifier: GPL-3.0-or-later | ||||||
|  |  | ||||||
| from datetime import timedelta, date | from datetime import timedelta, date | ||||||
|   | |||||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user