mirror of
https://gitlab.crans.org/bde/nk20
synced 2025-07-03 22:32:51 +02:00
Compare commits
131 Commits
aa35724be2
...
svg_icons
| Author | SHA1 | Date | |
|---|---|---|---|
| 466cbd9878 | |||
| 0bd447b608 | |||
| 3f3c93d928 | |||
| 340c90f5d3 | |||
a05dfcbf3d
|
|||
|
ba3c0fb18d
|
|||
| ab69963ea1 | |||
|
654c01631a
|
|||
|
d94cc2a7ad
|
|||
|
69bb38297f
|
|||
|
9628560d64
|
|||
|
df3bb71357
|
|||
|
2a216fd994
|
|||
|
8dd2619013
|
|||
|
62431a4910
|
|||
| 946bc1e497 | |||
|
d4896bfd76
|
|||
|
23f46cc598
|
|||
| d1a9f21b56 | |||
|
d809b2595a
|
|||
| 97803ac983 | |||
| b951c4aa05 | |||
|
69b3d2ac9c
|
|||
|
f29054558a
|
|||
| 11dd8adbb7 | |||
|
d437f2bdbd
|
|||
|
ac8453b04c
|
|||
| 6b4d18f4b3 | |||
| 668cfa71a7 | |||
|
161db0b00b
|
|||
|
8638c16b34
|
|||
|
9583cec3ff
|
|||
|
1ef25924a0
|
|||
|
e89383e3f4
|
|||
|
79a116d9c6
|
|||
|
aa75ce5c7a
|
|||
|
a3a9dfc812
|
|||
|
76531595ad
|
|||
|
a0b920ac94
|
|||
|
ab2e580e68
|
|||
|
0234f19a33
|
|||
|
1a4b7c83e8
|
|||
|
4c17e2a92b
|
|||
|
e68afc7d0a
|
|||
|
c6e3b54f94
|
|||
| 7e6a14296a | |||
| 780f78b385 | |||
|
4e3c32eb5e
|
|||
|
ef118c2445
|
|||
|
600ba15faa
|
|||
|
944bb127e2
|
|||
|
f6d042c998
|
|||
|
bb9a0a2593
|
|||
|
61feac13c7
|
|||
|
81e708a7e3
|
|||
|
3532846c87
|
|||
|
49551e88f8
|
|||
|
db936bf75a
|
|||
| 5828a20383 | |||
| cea3138daf | |||
|
fb98d9cd8b
|
|||
|
0dd3da5c01
|
|||
|
af4be98b5b
|
|||
|
be6059eba6
|
|||
|
5793b83de7
|
|||
|
2c02c747f4
|
|||
|
a78f3b7caa
|
|||
|
1ee40cb94e
|
|||
|
bd035744a4
|
|||
|
7edd622755
|
|||
|
8fd5b6ee01
|
|||
|
03411ac9bd
|
|||
|
d965732b65
|
|||
|
048266ed61
|
|||
|
b27341009e
|
|||
|
da1e15c5e6
|
|||
|
4b03a78ad6
|
|||
|
fb6e3c3de0
|
|||
|
391f3bde8f
|
|||
|
ad04e45992
|
|||
|
4e1ba1447a
|
|||
|
b646f549d6
|
|||
|
ba9ef0371a
|
|||
|
881cd88f48
|
|||
| b4ed354b73 | |||
|
e5051ab018
|
|||
|
bb69627ac5
|
|||
|
ffaa020310
|
|||
|
6d2b7054e2
|
|||
|
d888d5863a
|
|||
|
dbc7b3444b
|
|||
|
f25eb1d2c5
|
|||
|
a2a749e1ca
|
|||
|
5bf6a5501d
|
|||
|
9523b5f05f
|
|||
| 5eb3ffca66 | |||
| 9930c48253 | |||
|
d902e63a0c
|
|||
|
48b0bade51
|
|||
|
f75dbc4525
|
|||
|
fbf64db16e
|
|||
|
a3fd8ba063
|
|||
|
9b26207515
|
|||
|
7ea36a5415
|
|||
|
898f6d52bf
|
|||
|
8be16e7b58
|
|||
|
ea092803d7
|
|||
|
5e9f36ef1a
|
|||
|
b4d87bc6b5
|
|||
|
dd639d829e
|
|||
| 7b809ff3a6 | |||
|
d36edfc063
|
|||
|
cf87da096f
|
|||
|
e452b7acbf
|
|||
|
74ab4df9fe
|
|||
|
451851c955
|
|||
| 789ca149af | |||
| 7d3f1930b8 | |||
|
e8f4ca1e09
|
|||
|
733f145be3
|
|||
|
48c37353ea
|
|||
|
8056dc096d
|
|||
|
6d5b69cd26
|
|||
|
a7bdffd71a
|
|||
|
0887e4bbde
|
|||
|
199f4ca1f2
|
|||
|
802a6c68cb
|
|||
|
41a0b3a1c1
|
|||
| 08ba0b263a | |||
| 4583958f50 | |||
| bab394908d |
1
.gitignore
vendored
1
.gitignore
vendored
@ -47,6 +47,7 @@ backups/
|
||||
env/
|
||||
venv/
|
||||
db.sqlite3
|
||||
shell.nix
|
||||
|
||||
# ansibles customs host
|
||||
ansible/host_vars/*.yaml
|
||||
|
||||
@ -12,7 +12,7 @@ RUN apt-get update && \
|
||||
python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
|
||||
python3-bs4 python3-setuptools \
|
||||
uwsgi uwsgi-plugin-python3 \
|
||||
texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome && \
|
||||
texlive-xetex gettext libjs-bootstrap4 && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Instal PyPI requirements
|
||||
|
||||
@ -23,7 +23,7 @@ Bien que cela permette de créer une instance sur toutes les distributions,
|
||||
$ sudo apt update
|
||||
$ sudo apt install --no-install-recommends -y \
|
||||
ipython3 python3-setuptools python3-venv python3-dev \
|
||||
texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome git
|
||||
texlive-xetex gettext libjs-bootstrap4 git
|
||||
```
|
||||
|
||||
2. **Clonage du dépot** là où vous voulez :
|
||||
@ -115,7 +115,7 @@ Sinon vous pouvez suivre les étapes décrites ci-dessous.
|
||||
python3-babel python3-lockfile python3-pip python3-phonenumbers python3-memcache ipython3 \
|
||||
python3-bs4 python3-setuptools python3-docutils \
|
||||
memcached uwsgi uwsgi-plugin-python3 \
|
||||
texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome \
|
||||
texlive-xetex gettext libjs-bootstrap4 \
|
||||
nginx python3-venv git acl
|
||||
```
|
||||
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
---
|
||||
note:
|
||||
server_name: note-beta.crans.org
|
||||
git_branch: beta
|
||||
cron_enabled: false
|
||||
email: notekfet2020@lists.crans.org
|
||||
@ -2,5 +2,6 @@
|
||||
note:
|
||||
server_name: note-dev.crans.org
|
||||
git_branch: beta
|
||||
serve_static: false
|
||||
cron_enabled: false
|
||||
email: notekfet2020@lists.crans.org
|
||||
|
||||
@ -2,5 +2,6 @@
|
||||
note:
|
||||
server_name: note.crans.org
|
||||
git_branch: master
|
||||
serve_static: true
|
||||
cron_enabled: true
|
||||
email: notekfet2020@lists.crans.org
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
[dev]
|
||||
bde-note-dev.adh.crans.org
|
||||
bde-nk20-beta.adh.crans.org
|
||||
|
||||
[prod]
|
||||
bde-note.adh.crans.org
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
- ipython3
|
||||
|
||||
# Front-end dependencies
|
||||
- fonts-font-awesome
|
||||
- libjs-bootstrap4
|
||||
|
||||
# Python dependencies
|
||||
|
||||
@ -41,6 +41,7 @@ server {
|
||||
# max upload size
|
||||
client_max_body_size 75M; # adjust to taste
|
||||
|
||||
{% if note.serve_static %}
|
||||
# Django media
|
||||
location /media {
|
||||
alias /var/www/note_kfet/media; # your Django project's media files - amend as required
|
||||
@ -50,6 +51,7 @@ server {
|
||||
alias /var/www/note_kfet/static; # your Django project's static files - amend as required
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
location /doc {
|
||||
alias /var/www/documentation; # The documentation of the project
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ from django.utils.translation import gettext_lazy as _
|
||||
from member.models import Club
|
||||
from note.models import Note, NoteUser
|
||||
from note_kfet.inputs import Autocomplete, DateTimePickerInput
|
||||
from note_kfet.middlewares import get_current_authenticated_user
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
|
||||
from .models import Activity, Guest
|
||||
@ -24,10 +24,16 @@ class ActivityForm(forms.ModelForm):
|
||||
self.fields["attendees_club"].initial = Club.objects.get(name="Kfet")
|
||||
self.fields["attendees_club"].widget.attrs["placeholder"] = "Kfet"
|
||||
clubs = list(Club.objects.filter(PermissionBackend
|
||||
.filter_queryset(get_current_authenticated_user(), Club, "view")).all())
|
||||
.filter_queryset(get_current_request(), Club, "view")).all())
|
||||
shuffle(clubs)
|
||||
self.fields["organizer"].widget.attrs["placeholder"] = ", ".join(club.name for club in clubs[:4]) + ", ..."
|
||||
|
||||
def clean_organizer(self):
|
||||
organizer = self.cleaned_data['organizer']
|
||||
if not organizer.note.is_active:
|
||||
self.add_error('organiser', _('The note of this club is inactive.'))
|
||||
return organizer
|
||||
|
||||
def clean_date_end(self):
|
||||
date_end = self.cleaned_data["date_end"]
|
||||
date_start = self.cleaned_data["date_start"]
|
||||
|
||||
@ -1,7 +1,9 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from django.utils import timezone
|
||||
from django.utils.html import format_html
|
||||
from django.utils.html import escape
|
||||
from django.utils.safestring import mark_safe
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
import django_tables2 as tables
|
||||
from django_tables2 import A
|
||||
@ -52,8 +54,8 @@ class GuestTable(tables.Table):
|
||||
def render_entry(self, record):
|
||||
if record.has_entry:
|
||||
return str(_("Entered on ") + str(_("{:%Y-%m-%d %H:%M:%S}").format(record.entry.time, )))
|
||||
return format_html('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> '
|
||||
'{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize()))
|
||||
return mark_safe('<button id="{id}" class="btn btn-danger btn-sm" onclick="remove_guest(this.id)"> '
|
||||
'{delete_trans}</button>'.format(id=record.id, delete_trans=_("remove").capitalize()))
|
||||
|
||||
|
||||
def get_row_class(record):
|
||||
@ -91,7 +93,7 @@ class EntryTable(tables.Table):
|
||||
if hasattr(record, 'username'):
|
||||
username = record.username
|
||||
if username != value:
|
||||
return format_html(value + " <em>aka.</em> " + username)
|
||||
return mark_safe(escape(value) + " <em>aka.</em> " + escape(username))
|
||||
return value
|
||||
|
||||
def render_balance(self, value):
|
||||
|
||||
@ -63,7 +63,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
refreshBalance();
|
||||
}
|
||||
|
||||
alias_obj.keyup(reloadTable);
|
||||
alias_obj.keyup(function(event) {
|
||||
let code = event.originalEvent.keyCode
|
||||
if (65 <= code <= 122 || code === 13) {
|
||||
debounce(reloadTable)()
|
||||
}
|
||||
});
|
||||
|
||||
$(document).ready(init);
|
||||
|
||||
|
||||
@ -34,7 +34,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% endif %}
|
||||
<div class="card-footer">
|
||||
<a class="btn btn-sm btn-success" href="{% url 'activity:activity_create' %}" data-turbolinks="false">
|
||||
<i class="fa fa-calendar-plus-o" aria-hidden="true"></i>
|
||||
<svg class="bi bi-calendar-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M4 .5a.5.5 0 0 0-1 0V1H2a2 2 0 0 0-2 2v1h16V3a2 2 0 0 0-2-2h-1V.5a.5.5 0 0 0-1 0V1H4V.5zM16 14V5H0v9a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2zM8.5 8.5V10H10a.5.5 0 0 1 0 1H8.5v1.5a.5.5 0 0 1-1 0V11H6a.5.5 0 0 1 0-1h1.5V8.5a.5.5 0 0 1 1 0z"/>
|
||||
</svg>
|
||||
{% trans 'New activity' %}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@ -66,21 +66,19 @@ class ActivityListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView
|
||||
ordering = ('-date_start',)
|
||||
extra_context = {"title": _("Activities")}
|
||||
|
||||
def get_queryset(self):
|
||||
return super().get_queryset().distinct()
|
||||
def get_queryset(self, **kwargs):
|
||||
return super().get_queryset(**kwargs).distinct()
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
|
||||
upcoming_activities = Activity.objects.filter(date_end__gt=timezone.now())
|
||||
context['upcoming'] = ActivityTable(
|
||||
data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")),
|
||||
data=upcoming_activities.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")),
|
||||
prefix='upcoming-',
|
||||
)
|
||||
|
||||
started_activities = Activity.objects\
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
|
||||
.filter(open=True, valid=True).all()
|
||||
started_activities = self.get_queryset().filter(open=True, valid=True).distinct().all()
|
||||
context["started_activities"] = started_activities
|
||||
|
||||
return context
|
||||
@ -98,7 +96,7 @@ class ActivityDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
context = super().get_context_data()
|
||||
|
||||
table = GuestTable(data=Guest.objects.filter(activity=self.object)
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view")))
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Guest, "view")))
|
||||
context["guests"] = table
|
||||
|
||||
context["activity_started"] = timezone.now() > timezone.localtime(self.object.date_start)
|
||||
@ -144,15 +142,15 @@ class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
|
||||
def get_form(self, form_class=None):
|
||||
form = super().get_form(form_class)
|
||||
form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
|
||||
.get(pk=self.kwargs["pk"])
|
||||
form.activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
|
||||
.filter(pk=self.kwargs["pk"]).first()
|
||||
form.fields["inviter"].initial = self.request.user.note
|
||||
return form
|
||||
|
||||
@transaction.atomic
|
||||
def form_valid(self, form):
|
||||
form.instance.activity = Activity.objects\
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view")).get(pk=self.kwargs["pk"])
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Activity, "view")).get(pk=self.kwargs["pk"])
|
||||
return super().form_valid(form)
|
||||
|
||||
def get_success_url(self, **kwargs):
|
||||
@ -173,7 +171,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
|
||||
activity = Activity.objects.get(pk=self.kwargs["pk"])
|
||||
|
||||
sample_entry = Entry(activity=activity, note=self.request.user.note)
|
||||
if not PermissionBackend.check_perm(self.request.user, "activity.add_entry", sample_entry):
|
||||
if not PermissionBackend.check_perm(self.request, "activity.add_entry", sample_entry):
|
||||
raise PermissionDenied(_("You are not allowed to display the entry interface for this activity."))
|
||||
|
||||
if not activity.activity_type.manage_entries:
|
||||
@ -191,8 +189,8 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
|
||||
guest_qs = Guest.objects\
|
||||
.annotate(balance=F("inviter__balance"), note_name=F("inviter__user__username"))\
|
||||
.filter(activity=activity)\
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Guest, "view"))\
|
||||
.order_by('last_name', 'first_name').distinct()
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Guest, "view"))\
|
||||
.order_by('last_name', 'first_name')
|
||||
|
||||
if "search" in self.request.GET and self.request.GET["search"]:
|
||||
pattern = self.request.GET["search"]
|
||||
@ -206,7 +204,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
|
||||
)
|
||||
else:
|
||||
guest_qs = guest_qs.none()
|
||||
return guest_qs
|
||||
return guest_qs.distinct()
|
||||
|
||||
def get_invited_note(self, activity):
|
||||
"""
|
||||
@ -230,7 +228,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
|
||||
)
|
||||
|
||||
# Filter with permission backend
|
||||
note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view"))
|
||||
note_qs = note_qs.filter(PermissionBackend.filter_queryset(self.request, Alias, "view"))
|
||||
|
||||
if "search" in self.request.GET and self.request.GET["search"]:
|
||||
pattern = self.request.GET["search"]
|
||||
@ -256,7 +254,7 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
|
||||
"""
|
||||
context = super().get_context_data(**kwargs)
|
||||
|
||||
activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request.user, Activity, "view"))\
|
||||
activity = Activity.objects.filter(PermissionBackend.filter_queryset(self.request, Activity, "view"))\
|
||||
.distinct().get(pk=self.kwargs["pk"])
|
||||
context["activity"] = activity
|
||||
|
||||
@ -281,9 +279,9 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView):
|
||||
context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk
|
||||
|
||||
activities_open = Activity.objects.filter(open=True).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all()
|
||||
PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
|
||||
context["activities_open"] = [a for a in activities_open
|
||||
if PermissionBackend.check_perm(self.request.user,
|
||||
if PermissionBackend.check_perm(self.request,
|
||||
"activity.add_entry",
|
||||
Entry(activity=a, note=self.request.user.note,))]
|
||||
|
||||
|
||||
@ -9,7 +9,6 @@ from django.contrib.auth.models import User
|
||||
from rest_framework.filters import SearchFilter
|
||||
from rest_framework.viewsets import ReadOnlyModelViewSet, ModelViewSet
|
||||
from permission.backends import PermissionBackend
|
||||
from note_kfet.middlewares import get_current_session
|
||||
from note.models import Alias
|
||||
|
||||
from .serializers import UserSerializer, ContentTypeSerializer
|
||||
@ -25,9 +24,7 @@ class ReadProtectedModelViewSet(ModelViewSet):
|
||||
self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
|
||||
|
||||
def get_queryset(self):
|
||||
user = self.request.user
|
||||
get_current_session().setdefault("permission_mask", 42)
|
||||
return self.queryset.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()
|
||||
return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct()
|
||||
|
||||
|
||||
class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet):
|
||||
@ -40,9 +37,7 @@ class ReadOnlyProtectedModelViewSet(ReadOnlyModelViewSet):
|
||||
self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
|
||||
|
||||
def get_queryset(self):
|
||||
user = self.request.user
|
||||
get_current_session().setdefault("permission_mask", 42)
|
||||
return self.queryset.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()
|
||||
return self.queryset.filter(PermissionBackend.filter_queryset(self.request, self.model, "view")).distinct()
|
||||
|
||||
|
||||
class UserViewSet(ReadProtectedModelViewSet):
|
||||
|
||||
@ -5,7 +5,7 @@ from django.contrib.contenttypes.models import ContentType
|
||||
from rest_framework.renderers import JSONRenderer
|
||||
from rest_framework.serializers import ModelSerializer
|
||||
from note.models import NoteUser, Alias
|
||||
from note_kfet.middlewares import get_current_authenticated_user, get_current_ip
|
||||
from note_kfet.middlewares import get_current_request
|
||||
|
||||
from .models import Changelog
|
||||
|
||||
@ -57,9 +57,9 @@ def save_object(sender, instance, **kwargs):
|
||||
previous = instance._previous
|
||||
|
||||
# Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
|
||||
user, ip = get_current_authenticated_user(), get_current_ip()
|
||||
request = get_current_request()
|
||||
|
||||
if user is None:
|
||||
if request is None:
|
||||
# Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
|
||||
# On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
|
||||
# IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
|
||||
@ -71,9 +71,23 @@ def save_object(sender, instance, **kwargs):
|
||||
# else:
|
||||
if note.exists():
|
||||
user = note.get().user
|
||||
else:
|
||||
user = None
|
||||
else:
|
||||
user = request.user
|
||||
if 'HTTP_X_REAL_IP' in request.META:
|
||||
ip = request.META.get('HTTP_X_REAL_IP')
|
||||
elif 'HTTP_X_FORWARDED_FOR' in request.META:
|
||||
ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
|
||||
else:
|
||||
ip = request.META.get('REMOTE_ADDR')
|
||||
|
||||
if not user.is_authenticated:
|
||||
# For registration and OAuth2 purposes
|
||||
user = None
|
||||
|
||||
# noinspection PyProtectedMember
|
||||
if user is not None and instance._meta.label_lower == "auth.user" and previous:
|
||||
if request is not None and instance._meta.label_lower == "auth.user" and previous:
|
||||
# On n'enregistre pas les connexions
|
||||
if instance.last_login != previous.last_login:
|
||||
return
|
||||
@ -121,9 +135,9 @@ def delete_object(sender, instance, **kwargs):
|
||||
return
|
||||
|
||||
# Si un utilisateur est connecté, on récupère l'utilisateur courant ainsi que son adresse IP
|
||||
user, ip = get_current_authenticated_user(), get_current_ip()
|
||||
request = get_current_request()
|
||||
|
||||
if user is None:
|
||||
if request is None:
|
||||
# Si la modification n'a pas été faite via le client Web, on suppose que c'est du à `manage.py`
|
||||
# On récupère alors l'utilisateur·trice connecté·e à la VM, et on récupère la note associée
|
||||
# IMPORTANT : l'utilisateur dans la VM doit être un des alias note du respo info
|
||||
@ -135,6 +149,20 @@ def delete_object(sender, instance, **kwargs):
|
||||
# else:
|
||||
if note.exists():
|
||||
user = note.get().user
|
||||
else:
|
||||
user = None
|
||||
else:
|
||||
user = request.user
|
||||
if 'HTTP_X_REAL_IP' in request.META:
|
||||
ip = request.META.get('HTTP_X_REAL_IP')
|
||||
elif 'HTTP_X_FORWARDED_FOR' in request.META:
|
||||
ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
|
||||
else:
|
||||
ip = request.META.get('REMOTE_ADDR')
|
||||
|
||||
if not user.is_authenticated:
|
||||
# For registration and OAuth2 purposes
|
||||
user = None
|
||||
|
||||
# On crée notre propre sérialiseur JSON pour pouvoir sauvegarder les modèles
|
||||
class CustomSerializer(ModelSerializer):
|
||||
|
||||
@ -2,11 +2,13 @@
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
import hashlib
|
||||
from collections import OrderedDict
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.hashers import PBKDF2PasswordHasher
|
||||
from django.contrib.auth.hashers import PBKDF2PasswordHasher, mask_hash
|
||||
from django.utils.crypto import constant_time_compare
|
||||
from note_kfet.middlewares import get_current_authenticated_user, get_current_session
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from note_kfet.middlewares import get_current_request
|
||||
|
||||
|
||||
class CustomNK15Hasher(PBKDF2PasswordHasher):
|
||||
@ -24,16 +26,22 @@ class CustomNK15Hasher(PBKDF2PasswordHasher):
|
||||
|
||||
def must_update(self, encoded):
|
||||
if settings.DEBUG:
|
||||
current_user = get_current_authenticated_user()
|
||||
# Small hack to let superusers to impersonate people.
|
||||
# Don't change their password.
|
||||
request = get_current_request()
|
||||
current_user = request.user
|
||||
if current_user is not None and current_user.is_superuser:
|
||||
return False
|
||||
return True
|
||||
|
||||
def verify(self, password, encoded):
|
||||
if settings.DEBUG:
|
||||
current_user = get_current_authenticated_user()
|
||||
# Small hack to let superusers to impersonate people.
|
||||
# If a superuser is already connected, let him/her log in as another person.
|
||||
request = get_current_request()
|
||||
current_user = request.user
|
||||
if current_user is not None and current_user.is_superuser\
|
||||
and get_current_session().get("permission_mask", -1) >= 42:
|
||||
and request.session.get("permission_mask", -1) >= 42:
|
||||
return True
|
||||
|
||||
if '|' in encoded:
|
||||
@ -41,6 +49,18 @@ class CustomNK15Hasher(PBKDF2PasswordHasher):
|
||||
return constant_time_compare(hashlib.sha256((salt + password).encode("utf-8")).hexdigest(), db_hashed_pass)
|
||||
return super().verify(password, encoded)
|
||||
|
||||
def safe_summary(self, encoded):
|
||||
# Displayed information in Django Admin.
|
||||
if '|' in encoded:
|
||||
salt, db_hashed_pass = encoded.split('$')[2].split('|')
|
||||
return OrderedDict([
|
||||
(_('algorithm'), 'custom_nk15'),
|
||||
(_('iterations'), '1'),
|
||||
(_('salt'), mask_hash(salt)),
|
||||
(_('hash'), mask_hash(db_hashed_pass)),
|
||||
])
|
||||
return super().safe_summary(encoded)
|
||||
|
||||
|
||||
class DebugSuperuserBackdoor(PBKDF2PasswordHasher):
|
||||
"""
|
||||
@ -51,8 +71,11 @@ class DebugSuperuserBackdoor(PBKDF2PasswordHasher):
|
||||
|
||||
def verify(self, password, encoded):
|
||||
if settings.DEBUG:
|
||||
current_user = get_current_authenticated_user()
|
||||
# Small hack to let superusers to impersonate people.
|
||||
# If a superuser is already connected, let him/her log in as another person.
|
||||
request = get_current_request()
|
||||
current_user = request.user
|
||||
if current_user is not None and current_user.is_superuser\
|
||||
and get_current_session().get("permission_mask", -1) >= 42:
|
||||
and request.session.get("permission_mask", -1) >= 42:
|
||||
return True
|
||||
return super().verify(password, encoded)
|
||||
|
||||
@ -19,8 +19,8 @@ def create_bde_and_kfet(apps, schema_editor):
|
||||
membership_fee_paid=500,
|
||||
membership_fee_unpaid=500,
|
||||
membership_duration=396,
|
||||
membership_start="2020-08-01",
|
||||
membership_end="2021-09-30",
|
||||
membership_start="2021-08-01",
|
||||
membership_end="2022-09-30",
|
||||
)
|
||||
Club.objects.get_or_create(
|
||||
id=2,
|
||||
@ -31,8 +31,8 @@ def create_bde_and_kfet(apps, schema_editor):
|
||||
membership_fee_paid=3500,
|
||||
membership_fee_unpaid=3500,
|
||||
membership_duration=396,
|
||||
membership_start="2020-08-01",
|
||||
membership_end="2021-09-30",
|
||||
membership_start="2021-08-01",
|
||||
membership_end="2022-09-30",
|
||||
)
|
||||
|
||||
NoteClub.objects.get_or_create(
|
||||
|
||||
@ -57,7 +57,7 @@ class Profile(models.Model):
|
||||
('A1', _("Mathematics (A1)")),
|
||||
('A2', _("Physics (A2)")),
|
||||
("A'2", _("Applied physics (A'2)")),
|
||||
('A''2', _("Chemistry (A''2)")),
|
||||
("A''2", _("Chemistry (A''2)")),
|
||||
('A3', _("Biology (A3)")),
|
||||
('B1234', _("SAPHIRE (B1234)")),
|
||||
('B1', _("Mechanics (B1)")),
|
||||
@ -74,7 +74,7 @@ class Profile(models.Model):
|
||||
|
||||
promotion = models.PositiveSmallIntegerField(
|
||||
null=True,
|
||||
default=datetime.date.today().year,
|
||||
default=datetime.date.today().year if datetime.date.today().month >= 8 else datetime.date.today().year - 1,
|
||||
verbose_name=_("promotion"),
|
||||
help_text=_("Year of entry to the school (None if not ENS student)"),
|
||||
)
|
||||
@ -413,6 +413,12 @@ class Membership(models.Model):
|
||||
"""
|
||||
Calculate fee and end date before saving the membership and creating the transaction if needed.
|
||||
"""
|
||||
# Ensure that club membership dates are valid
|
||||
old_membership_start = self.club.membership_start
|
||||
self.club.update_membership_dates()
|
||||
if self.club.membership_start != old_membership_start:
|
||||
self.club.save()
|
||||
|
||||
created = not self.pk
|
||||
if not created:
|
||||
for role in self.roles.all():
|
||||
|
||||
@ -9,7 +9,7 @@ from django.utils.translation import gettext_lazy as _
|
||||
from django.urls import reverse_lazy
|
||||
from django.utils.html import format_html
|
||||
from note.templatetags.pretty_money import pretty_money
|
||||
from note_kfet.middlewares import get_current_authenticated_user
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
|
||||
from .models import Club, Membership
|
||||
@ -31,7 +31,8 @@ class ClubTable(tables.Table):
|
||||
row_attrs = {
|
||||
'class': 'table-row',
|
||||
'id': lambda record: "row-" + str(record.pk),
|
||||
'data-href': lambda record: record.pk
|
||||
'data-href': lambda record: record.pk,
|
||||
'style': 'cursor:pointer',
|
||||
}
|
||||
|
||||
|
||||
@ -51,19 +52,19 @@ class UserTable(tables.Table):
|
||||
def render_email(self, record, value):
|
||||
# Replace the email by a dash if the user can't see the profile detail
|
||||
# Replace also the URL
|
||||
if not PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile):
|
||||
if not PermissionBackend.check_perm(get_current_request(), "member.view_profile", record.profile):
|
||||
value = "—"
|
||||
record.email = value
|
||||
return value
|
||||
|
||||
def render_section(self, record, value):
|
||||
return value \
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_profile", record.profile) \
|
||||
if PermissionBackend.check_perm(get_current_request(), "member.view_profile", record.profile) \
|
||||
else "—"
|
||||
|
||||
def render_balance(self, record, value):
|
||||
return pretty_money(value)\
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", record.note) else "—"
|
||||
if PermissionBackend.check_perm(get_current_request(), "note.view_note", record.note) else "—"
|
||||
|
||||
class Meta:
|
||||
attrs = {
|
||||
@ -74,7 +75,8 @@ class UserTable(tables.Table):
|
||||
model = User
|
||||
row_attrs = {
|
||||
'class': 'table-row',
|
||||
'data-href': lambda record: record.pk
|
||||
'data-href': lambda record: record.pk,
|
||||
'style': 'cursor:pointer',
|
||||
}
|
||||
|
||||
|
||||
@ -93,7 +95,7 @@ class MembershipTable(tables.Table):
|
||||
def render_user(self, value):
|
||||
# If the user has the right, link the displayed user with the page of its detail.
|
||||
s = value.username
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value):
|
||||
if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value):
|
||||
s = format_html("<a href={url}>{name}</a>",
|
||||
url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s)
|
||||
|
||||
@ -102,7 +104,7 @@ class MembershipTable(tables.Table):
|
||||
def render_club(self, value):
|
||||
# If the user has the right, link the displayed club with the page of its detail.
|
||||
s = value.name
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_club", value):
|
||||
if PermissionBackend.check_perm(get_current_request(), "member.view_club", value):
|
||||
s = format_html("<a href={url}>{name}</a>",
|
||||
url=reverse_lazy('member:club_detail', kwargs={"pk": value.pk}), name=s)
|
||||
|
||||
@ -127,7 +129,7 @@ class MembershipTable(tables.Table):
|
||||
date_end=date.today(),
|
||||
fee=0,
|
||||
)
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(),
|
||||
if PermissionBackend.check_perm(get_current_request(),
|
||||
"member.add_membership", empty_membership): # If the user has right
|
||||
renew_url = reverse_lazy('member:club_renew_membership',
|
||||
kwargs={"pk": record.pk})
|
||||
@ -142,7 +144,7 @@ class MembershipTable(tables.Table):
|
||||
# If the user has the right to manage the roles, display the link to manage them
|
||||
roles = record.roles.all()
|
||||
s = ", ".join(str(role) for role in roles)
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "member.change_membership_roles", record):
|
||||
if PermissionBackend.check_perm(get_current_request(), "member.change_membership_roles", record):
|
||||
s = format_html("<a href='" + str(reverse_lazy("member:club_manage_roles", kwargs={"pk": record.pk}))
|
||||
+ "'>" + s + "</a>")
|
||||
return s
|
||||
@ -165,7 +167,7 @@ class ClubManagerTable(tables.Table):
|
||||
def render_user(self, value):
|
||||
# If the user has the right, link the displayed user with the page of its detail.
|
||||
s = value.username
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value):
|
||||
if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value):
|
||||
s = format_html("<a href={url}>{name}</a>",
|
||||
url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s)
|
||||
|
||||
|
||||
@ -45,7 +45,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card-footer">
|
||||
{% if user_object %}
|
||||
<a class="btn btn-sm btn-secondary" href="{% url 'member:user_update_profile' user_object.pk %}">
|
||||
<i class="fa fa-edit"></i> {% trans 'Update Profile' %}
|
||||
<svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
|
||||
</svg>
|
||||
{% trans 'Update Profile' %}
|
||||
</a>
|
||||
{% url 'member:user_detail' user_object.pk as user_profile_url %}
|
||||
{% if request.path_info != user_profile_url %}
|
||||
@ -59,7 +62,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% if ".change_"|has_perm:club %}
|
||||
<a class="btn btn-sm btn-secondary" href="{% url 'member:club_update' pk=club.pk %}"
|
||||
data-turbolinks="false">
|
||||
<i class="fa fa-edit"></i> {% trans 'Update Profile' %}
|
||||
<svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
|
||||
</svg>
|
||||
{% trans 'Update Profile' %}
|
||||
</a>
|
||||
{% endif %}
|
||||
{% url 'member:club_detail' club.pk as club_detail_url %}
|
||||
|
||||
@ -10,7 +10,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card">
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<a class="font-weight-bold">
|
||||
<i class="fa fa-users"></i> {% trans "Club managers" %}
|
||||
<svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
</svg>
|
||||
{% trans "Club managers" %}
|
||||
</a>
|
||||
</div>
|
||||
{% render_table managers %}
|
||||
@ -23,7 +26,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card">
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<a class="stretched-link font-weight-bold" href="{% url 'member:club_members' pk=club.pk %}">
|
||||
<i class="fa fa-users"></i> {% trans "Club members" %}
|
||||
<svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
<path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
|
||||
<path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
|
||||
</svg>
|
||||
{% trans "Club members" %}
|
||||
</a>
|
||||
</div>
|
||||
{% render_table member_list %}
|
||||
@ -37,7 +45,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card-header position-relative" id="historyListHeading">
|
||||
<a class="stretched-link font-weight-bold" {% if "note.view_note"|has_perm:club.note %}
|
||||
href="{% url 'note:transactions' pk=club.note.pk %}" {% endif %}>
|
||||
<i class="fa fa-euro"></i> {% trans "Transaction history" %}
|
||||
<svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
|
||||
</svg>
|
||||
{% trans "Transaction history" %}
|
||||
</a>
|
||||
</div>
|
||||
<div id="history_list">
|
||||
|
||||
@ -47,7 +47,9 @@
|
||||
<dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">
|
||||
<a class="badge badge-secondary" href="{% url 'member:club_alias' club.pk %}">
|
||||
<i class="fa fa-edit"></i>
|
||||
<svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
|
||||
</svg>
|
||||
{% trans 'Manage aliases' %} ({{ club.note.alias.all|length }})
|
||||
</a>
|
||||
</dd>
|
||||
|
||||
@ -11,7 +11,9 @@
|
||||
<dt class="col-xl-6">{% trans 'password'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">
|
||||
<a class="badge badge-secondary" href="{% url 'password_change' %}">
|
||||
<i class="fa fa-lock"></i>
|
||||
<svg class="bi bi-lock" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M8 1a2 2 0 0 1 2 2v4H6V3a2 2 0 0 1 2-2zm3 6V3a3 3 0 0 0-6 0v4a2 2 0 0 0-2 2v5a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2z"/>
|
||||
</svg>
|
||||
{% trans 'Change password' %}
|
||||
</a>
|
||||
</dd>
|
||||
@ -20,7 +22,9 @@
|
||||
<dt class="col-xl-6">{% trans 'aliases'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">
|
||||
<a class="badge badge-secondary" href="{% url 'member:user_alias' user_object.pk %}">
|
||||
<i class="fa fa-edit"></i>
|
||||
<svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
|
||||
</svg>
|
||||
{% trans 'Manage aliases' %} ({{ user_object.note.alias.all|length }})
|
||||
</a>
|
||||
</dd>
|
||||
@ -39,20 +43,23 @@
|
||||
<dt class="col-xl-6">{% trans 'address'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ user_object.profile.address }}</dd>
|
||||
|
||||
{% if user_object.note and "note.view_note"|has_perm:user_object.note %}
|
||||
<dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'paid'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ user_object.profile.paid|yesno }}</dd>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if user_object.note and "note.view_note"|has_perm:user_object.note %}
|
||||
<dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ user_object.note.balance | pretty_money }}</dd>
|
||||
{% endif %}
|
||||
</dl>
|
||||
|
||||
{% if user_object.pk == user.pk %}
|
||||
<div class="text-center">
|
||||
<a class="small badge badge-secondary" href="{% url 'member:auth_token' %}">
|
||||
<i class="fa fa-cogs"></i>{% trans 'API token' %}
|
||||
<svg class="bi bi-cogs" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M9.405 1.05c-.413-1.4-2.397-1.4-2.81 0l-.1.34a1.464 1.464 0 0 1-2.105.872l-.31-.17c-1.283-.698-2.686.705-1.987 1.987l.169.311c.446.82.023 1.841-.872 2.105l-.34.1c-1.4.413-1.4 2.397 0 2.81l.34.1a1.464 1.464 0 0 1 .872 2.105l-.17.31c-.698 1.283.705 2.686 1.987 1.987l.311-.169a1.464 1.464 0 0 1 2.105.872l.1.34c.413 1.4 2.397 1.4 2.81 0l.1-.34a1.464 1.464 0 0 1 2.105-.872l.31.17c1.283.698 2.686-.705 1.987-1.987l-.169-.311a1.464 1.464 0 0 1 .872-2.105l.34-.1c1.4-.413 1.4-2.397 0-2.81l-.34-.1a1.464 1.464 0 0 1-.872-2.105l.17-.31c.698-1.283-.705-2.686-1.987-1.987l-.311.169a1.464 1.464 0 0 1-2.105-.872l-.1-.34zM8 10.93a2.929 2.929 0 1 1 0-5.86 2.929 2.929 0 0 1 0 5.858z"/>
|
||||
</svg>
|
||||
{% trans 'API token' %}
|
||||
</a>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
@ -5,32 +5,98 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
<div class="alert alert-info">
|
||||
<h4>À quoi sert un jeton d'authentification ?</h4>
|
||||
<div class="row mt-4">
|
||||
<div class="col-xl-6">
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{% trans "Token authentication" %}</h3>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="alert alert-info">
|
||||
<h4>À quoi sert un jeton d'authentification ?</h4>
|
||||
|
||||
Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a>.<br />
|
||||
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code>
|
||||
pour pouvoir vous identifier.<br /><br />
|
||||
Un jeton vous permet de vous connecter à <a href="/api/">l'API de la Note Kfet</a> via votre propre compte
|
||||
depuis un client externe.<br />
|
||||
Il suffit pour cela d'ajouter en en-tête de vos requêtes <code>Authorization: Token <TOKEN></code>
|
||||
pour pouvoir vous identifier.<br /><br />
|
||||
|
||||
Une documentation de l'API arrivera ultérieurement.
|
||||
La documentation de l'API est disponible ici :
|
||||
<a href="/doc/api/">{{ request.scheme }}://{{ request.get_host }}/doc/api/</a>.
|
||||
</div>
|
||||
|
||||
<div class="alert alert-info">
|
||||
<strong>{%trans 'Token' %} :</strong>
|
||||
{% if 'show' in request.GET %}
|
||||
{{ token.key }} (<a href="?">cacher</a>)
|
||||
{% else %}
|
||||
<em>caché</em> (<a href="?show">montrer</a>)
|
||||
{% endif %}
|
||||
<br />
|
||||
<strong>{%trans 'Created' %} :</strong> {{ token.created }}
|
||||
</div>
|
||||
|
||||
<div class="alert alert-warning">
|
||||
<strong>{% trans "Warning" %} :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
|
||||
</div>
|
||||
</div>
|
||||
<div class="card-footer text-center">
|
||||
<a href="?regenerate">
|
||||
<button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-xl-6">
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{% trans "OAuth2 authentication" %}</h3>
|
||||
</div>
|
||||
<div class="card-header">
|
||||
<div class="alert alert-info">
|
||||
<p>
|
||||
La Note Kfet implémente également le protocole <a href="https://oauth.net/2/">OAuth2</a>, afin de
|
||||
permettre à des applications tierces d'interagir avec la Note en récoltant des informations
|
||||
(de connexion par exemple) voir en permettant des modifications à distance, par exemple lorsqu'il
|
||||
s'agit d'avoir un site marchand sur lequel faire des transactions via la Note Kfet.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
L'usage de ce protocole est recommandé pour tout usage non personnel, car permet de mieux cibler
|
||||
les droits dont on a besoin, en restreignant leur usage par jeton généré.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
La documentation vis-à-vis de l'usage de ce protocole est disponible ici :
|
||||
<a href="/doc/external_services/oauth2/">{{ request.scheme }}://{{ request.get_host }}/doc/external_services/oauth2/</a>.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
Liste des URL à communiquer à votre application :
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
{% trans "Authorization:" %}
|
||||
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}</a>
|
||||
</li>
|
||||
<li>
|
||||
{% trans "Token:" %}
|
||||
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:token' %}</a>
|
||||
</li>
|
||||
<li>
|
||||
{% trans "Revoke Token:" %}
|
||||
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:revoke-token' %}</a>
|
||||
</li>
|
||||
<li>
|
||||
{% trans "Introspect Token:" %}
|
||||
<a href="{% url 'oauth2_provider:authorize' %}">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:introspect' %}</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="card-footer text-center">
|
||||
<a class="btn btn-primary" href="{% url 'oauth2_provider:list' %}">{% trans "Show my applications" %}</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="alert alert-info">
|
||||
<strong>{%trans 'Token' %} :</strong>
|
||||
{% if 'show' in request.GET %}
|
||||
{{ token.key }} (<a href="?">cacher</a>)
|
||||
{% else %}
|
||||
<em>caché</em> (<a href="?show">montrer</a>)
|
||||
{% endif %}
|
||||
<br />
|
||||
<strong>{%trans 'Created' %} :</strong> {{ token.created }}
|
||||
</div>
|
||||
|
||||
<div class="alert alert-warning">
|
||||
<strong>Attention :</strong> regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton !
|
||||
</div>
|
||||
|
||||
<a href="?regenerate">
|
||||
<button class="btn btn-primary">{% trans 'Regenerate token' %}</button>
|
||||
</a>
|
||||
{% endblock %}
|
||||
@ -18,7 +18,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card bg-light mb-3">
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<a class="font-weight-bold">
|
||||
<i class="fa fa-users"></i> {% trans "View my memberships" %}
|
||||
<svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
</svg>
|
||||
{% trans "View my memberships" %}
|
||||
</a>
|
||||
</div>
|
||||
{% render_table club_list %}
|
||||
@ -29,7 +32,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<a class="stretched-link font-weight-bold text-decoration-none"
|
||||
{% if "note.view_note"|has_perm:user_object.note %}
|
||||
href="{% url 'note:transactions' pk=user_object.note.pk %}" {% endif %}>
|
||||
<i class="fa fa-euro"></i> {% trans "Transaction history" %}
|
||||
<svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
|
||||
</svg>
|
||||
{% trans "Transaction history" %}
|
||||
</a>
|
||||
</div>
|
||||
<div id="history_list">
|
||||
|
||||
@ -7,7 +7,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% block content %}
|
||||
{% if can_manage_registrations %}
|
||||
<a class="btn btn-block btn-secondary mb-3" href="{% url 'registration:future_user_list' %}">
|
||||
<i class="fa fa-user-plus"></i> {% trans "Registrations" %}
|
||||
<svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
<path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
|
||||
</svg>
|
||||
{% trans "Registrations" %}
|
||||
</a>
|
||||
{% endif %}
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ from rest_framework.authtoken.models import Token
|
||||
from note.models import Alias, NoteUser
|
||||
from note.models.transactions import Transaction, SpecialTransaction
|
||||
from note.tables import HistoryTable, AliasTable
|
||||
from note_kfet.middlewares import _set_current_user_and_ip
|
||||
from note_kfet.middlewares import _set_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
from permission.models import Role
|
||||
from permission.views import ProtectQuerysetMixin, ProtectedCreateView
|
||||
@ -41,7 +41,8 @@ class CustomLoginView(LoginView):
|
||||
@transaction.atomic
|
||||
def form_valid(self, form):
|
||||
logout(self.request)
|
||||
_set_current_user_and_ip(form.get_user(), self.request.session, None)
|
||||
self.request.user = form.get_user()
|
||||
_set_current_request(self.request)
|
||||
self.request.session['permission_mask'] = form.cleaned_data['permission_mask'].rank
|
||||
return super().form_valid(form)
|
||||
|
||||
@ -70,7 +71,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
|
||||
form.fields['email'].required = True
|
||||
form.fields['email'].help_text = _("This address must be valid.")
|
||||
|
||||
if PermissionBackend.check_perm(self.request.user, "member.change_profile", context['user_object'].profile):
|
||||
if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile):
|
||||
context['profile_form'] = self.profile_form(instance=context['user_object'].profile,
|
||||
data=self.request.POST if self.request.POST else None)
|
||||
if not self.object.profile.report_frequency:
|
||||
@ -153,13 +154,13 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
history_list = \
|
||||
Transaction.objects.all().filter(Q(source=user.note) | Q(destination=user.note))\
|
||||
.order_by("-created_at")\
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Transaction, "view"))
|
||||
history_table = HistoryTable(history_list, prefix='transaction-')
|
||||
history_table.paginate(per_page=20, page=self.request.GET.get("transaction-page", 1))
|
||||
context['history_list'] = history_table
|
||||
|
||||
club_list = Membership.objects.filter(user=user, date_end__gte=date.today() - timedelta(days=15))\
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Membership, "view"))\
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Membership, "view"))\
|
||||
.order_by("club__name", "-date_start")
|
||||
# Display only the most recent membership
|
||||
club_list = club_list.distinct("club__name")\
|
||||
@ -176,21 +177,20 @@ class UserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
modified_note.is_active = True
|
||||
modified_note.inactivity_reason = 'manual'
|
||||
context["can_lock_note"] = user.note.is_active and PermissionBackend\
|
||||
.check_perm(self.request.user, "note.change_noteuser_is_active",
|
||||
modified_note)
|
||||
.check_perm(self.request, "note.change_noteuser_is_active", modified_note)
|
||||
old_note = NoteUser.objects.select_for_update().get(pk=user.note.pk)
|
||||
modified_note.inactivity_reason = 'forced'
|
||||
modified_note._force_save = True
|
||||
modified_note.save()
|
||||
context["can_force_lock"] = user.note.is_active and PermissionBackend\
|
||||
.check_perm(self.request.user, "note.change_note_is_active", modified_note)
|
||||
.check_perm(self.request, "note.change_note_is_active", modified_note)
|
||||
old_note._force_save = True
|
||||
old_note._no_signal = True
|
||||
old_note.save()
|
||||
modified_note.refresh_from_db()
|
||||
modified_note.is_active = True
|
||||
context["can_unlock_note"] = not user.note.is_active and PermissionBackend\
|
||||
.check_perm(self.request.user, "note.change_note_is_active", modified_note)
|
||||
.check_perm(self.request, "note.change_note_is_active", modified_note)
|
||||
|
||||
return context
|
||||
|
||||
@ -237,7 +237,7 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
pre_registered_users = User.objects.filter(PermissionBackend.filter_queryset(self.request.user, User, "view"))\
|
||||
pre_registered_users = User.objects.filter(PermissionBackend.filter_queryset(self.request, User, "view"))\
|
||||
.filter(profile__registration_valid=False)
|
||||
context["can_manage_registrations"] = pre_registered_users.exists()
|
||||
return context
|
||||
@ -256,8 +256,8 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
context = super().get_context_data(**kwargs)
|
||||
note = context['object'].note
|
||||
context["aliases"] = AliasTable(
|
||||
note.alias.filter(PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all())
|
||||
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
|
||||
note.alias.filter(PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
|
||||
context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
|
||||
note=context["object"].note,
|
||||
name="",
|
||||
normalized_name="",
|
||||
@ -382,7 +382,7 @@ class ClubListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context["can_add_club"] = PermissionBackend.check_perm(self.request.user, "member.add_club", Club(
|
||||
context["can_add_club"] = PermissionBackend.check_perm(self.request, "member.add_club", Club(
|
||||
name="",
|
||||
email="club@example.com",
|
||||
))
|
||||
@ -404,7 +404,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
context = super().get_context_data(**kwargs)
|
||||
|
||||
club = context["club"]
|
||||
if PermissionBackend.check_perm(self.request.user, "member.change_club_membership_start", club):
|
||||
if PermissionBackend.check_perm(self.request, "member.change_club_membership_start", club):
|
||||
club.update_membership_dates()
|
||||
# managers list
|
||||
managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club",
|
||||
@ -413,7 +413,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
context["managers"] = ClubManagerTable(data=managers, prefix="managers-")
|
||||
# transaction history
|
||||
club_transactions = Transaction.objects.all().filter(Q(source=club.note) | Q(destination=club.note))\
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))\
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Transaction, "view"))\
|
||||
.order_by('-created_at')
|
||||
history_table = HistoryTable(club_transactions, prefix="history-")
|
||||
history_table.paginate(per_page=20, page=self.request.GET.get('history-page', 1))
|
||||
@ -422,7 +422,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
club_member = Membership.objects.filter(
|
||||
club=club,
|
||||
date_end__gte=date.today() - timedelta(days=15),
|
||||
).filter(PermissionBackend.filter_queryset(self.request.user, Membership, "view"))\
|
||||
).filter(PermissionBackend.filter_queryset(self.request, Membership, "view"))\
|
||||
.order_by("user__username", "-date_start")
|
||||
# Display only the most recent membership
|
||||
club_member = club_member.distinct("user__username")\
|
||||
@ -459,8 +459,8 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
context = super().get_context_data(**kwargs)
|
||||
note = context['object'].note
|
||||
context["aliases"] = AliasTable(note.alias.filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Alias, "view")).distinct().all())
|
||||
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
|
||||
PermissionBackend.filter_queryset(self.request, Alias, "view")).distinct().all())
|
||||
context["can_create"] = PermissionBackend.check_perm(self.request, "note.add_alias", Alias(
|
||||
note=context["object"].note,
|
||||
name="",
|
||||
normalized_name="",
|
||||
@ -535,7 +535,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
form = context['form']
|
||||
|
||||
if "club_pk" in self.kwargs: # We create a new membership.
|
||||
club = Club.objects.filter(PermissionBackend.filter_queryset(self.request.user, Club, "view"))\
|
||||
club = Club.objects.filter(PermissionBackend.filter_queryset(self.request, Club, "view"))\
|
||||
.get(pk=self.kwargs["club_pk"], weiclub=None)
|
||||
form.fields['credit_amount'].initial = club.membership_fee_paid
|
||||
# Ensure that the user is member of the parent club and all its the family tree.
|
||||
@ -655,8 +655,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
if club.name != "Kfet" and club.parent_club and not Membership.objects.filter(
|
||||
user=form.instance.user,
|
||||
club=club.parent_club,
|
||||
date_start__lte=timezone.now(),
|
||||
date_end__gte=club.parent_club.membership_end,
|
||||
date_start__gte=club.parent_club.membership_start,
|
||||
).exists():
|
||||
form.add_error('user', _('User is not a member of the parent club') + ' ' + club.parent_club.name)
|
||||
error = True
|
||||
@ -684,7 +683,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
"""
|
||||
# Get the club that is concerned by the membership
|
||||
if "club_pk" in self.kwargs: # get from url of new membership
|
||||
club = Club.objects.filter(PermissionBackend.filter_queryset(self.request.user, Club, "view")) \
|
||||
club = Club.objects.filter(PermissionBackend.filter_queryset(self.request, Club, "view")) \
|
||||
.get(pk=self.kwargs["club_pk"])
|
||||
user = form.instance.user
|
||||
old_membership = None
|
||||
@ -868,7 +867,7 @@ class ClubMembersListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableV
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
club = Club.objects.filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Club, "view")
|
||||
PermissionBackend.filter_queryset(self.request, Club, "view")
|
||||
).get(pk=self.kwargs["pk"])
|
||||
context["club"] = club
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ from rest_framework.exceptions import ValidationError
|
||||
from rest_polymorphic.serializers import PolymorphicSerializer
|
||||
from member.api.serializers import MembershipSerializer
|
||||
from member.models import Membership
|
||||
from note_kfet.middlewares import get_current_authenticated_user
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
from rest_framework.utils import model_meta
|
||||
|
||||
@ -126,7 +126,7 @@ class ConsumerSerializer(serializers.ModelSerializer):
|
||||
"""
|
||||
# If the user has no right to see the note, then we only display the note identifier
|
||||
return NotePolymorphicSerializer().to_representation(obj.note)\
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "note.view_note", obj.note)\
|
||||
if PermissionBackend.check_perm(get_current_request(), "note.view_note", obj.note)\
|
||||
else dict(
|
||||
id=obj.note.id,
|
||||
name=str(obj.note),
|
||||
@ -142,7 +142,7 @@ class ConsumerSerializer(serializers.ModelSerializer):
|
||||
def get_membership(self, obj):
|
||||
if isinstance(obj.note, NoteUser):
|
||||
memberships = Membership.objects.filter(
|
||||
PermissionBackend.filter_queryset(get_current_authenticated_user(), Membership, "view")).filter(
|
||||
PermissionBackend.filter_queryset(get_current_request(), Membership, "view")).filter(
|
||||
user=obj.note.user,
|
||||
club=2, # Kfet
|
||||
).order_by("-date_start")
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
import re
|
||||
|
||||
from django.conf import settings
|
||||
from django.db.models import Q
|
||||
@ -10,7 +11,6 @@ from rest_framework import viewsets
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import status
|
||||
from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet
|
||||
from note_kfet.middlewares import get_current_session
|
||||
from permission.backends import PermissionBackend
|
||||
|
||||
from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer,\
|
||||
@ -40,12 +40,11 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
|
||||
Parse query and apply filters.
|
||||
:return: The filtered set of requested notes
|
||||
"""
|
||||
user = self.request.user
|
||||
get_current_session().setdefault("permission_mask", 42)
|
||||
queryset = self.queryset.filter(PermissionBackend.filter_queryset(user, Note, "view")
|
||||
| PermissionBackend.filter_queryset(user, NoteUser, "view")
|
||||
| PermissionBackend.filter_queryset(user, NoteClub, "view")
|
||||
| PermissionBackend.filter_queryset(user, NoteSpecial, "view")).distinct()
|
||||
queryset = self.queryset.filter(PermissionBackend.filter_queryset(self.request, Note, "view")
|
||||
| PermissionBackend.filter_queryset(self.request, NoteUser, "view")
|
||||
| PermissionBackend.filter_queryset(self.request, NoteClub, "view")
|
||||
| PermissionBackend.filter_queryset(self.request, NoteSpecial, "view"))\
|
||||
.distinct()
|
||||
|
||||
alias = self.request.query_params.get("alias", ".*")
|
||||
queryset = queryset.filter(
|
||||
@ -67,7 +66,8 @@ class AliasViewSet(ReadProtectedModelViewSet):
|
||||
serializer_class = AliasSerializer
|
||||
filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter]
|
||||
search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
|
||||
filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ]
|
||||
filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
|
||||
'note__noteclub__club', 'note__polymorphic_ctype__model', ]
|
||||
ordering_fields = ['name', 'normalized_name', ]
|
||||
|
||||
def get_serializer_class(self):
|
||||
@ -118,7 +118,8 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
|
||||
serializer_class = ConsumerSerializer
|
||||
filter_backends = [SearchFilter, OrderingFilter, DjangoFilterBackend]
|
||||
search_fields = ['$normalized_name', '$name', '$note__polymorphic_ctype__model', ]
|
||||
filterset_fields = ['note', 'note__noteuser__user', 'note__noteclub__club', 'note__polymorphic_ctype__model', ]
|
||||
filterset_fields = ['name', 'normalized_name', 'note', 'note__noteuser__user',
|
||||
'note__noteclub__club', 'note__polymorphic_ctype__model', ]
|
||||
ordering_fields = ['name', 'normalized_name', ]
|
||||
|
||||
def get_queryset(self):
|
||||
@ -133,23 +134,31 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet):
|
||||
if settings.DATABASES[queryset.db]["ENGINE"] == 'django.db.backends.postgresql' else queryset
|
||||
|
||||
alias = self.request.query_params.get("alias", None)
|
||||
# Check if this is a valid regex. If not, we won't check regex
|
||||
try:
|
||||
re.compile(alias)
|
||||
valid_regex = True
|
||||
except (re.error, TypeError):
|
||||
valid_regex = False
|
||||
suffix = '__iregex' if valid_regex else '__istartswith'
|
||||
alias_prefix = '^' if valid_regex else ''
|
||||
queryset = queryset.prefetch_related('note')
|
||||
|
||||
if alias:
|
||||
# We match first an alias if it is matched without normalization,
|
||||
# then if the normalized pattern matches a normalized alias.
|
||||
queryset = queryset.filter(
|
||||
name__iregex="^" + alias
|
||||
**{f'name{suffix}': alias_prefix + alias}
|
||||
).union(
|
||||
queryset.filter(
|
||||
Q(normalized_name__iregex="^" + Alias.normalize(alias))
|
||||
& ~Q(name__iregex="^" + alias)
|
||||
Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
|
||||
& ~Q(**{f'name{suffix}': alias_prefix + alias})
|
||||
),
|
||||
all=True).union(
|
||||
queryset.filter(
|
||||
Q(normalized_name__iregex="^" + alias.lower())
|
||||
& ~Q(normalized_name__iregex="^" + Alias.normalize(alias))
|
||||
& ~Q(name__iregex="^" + alias)
|
||||
Q(**{f'normalized_name{suffix}': alias_prefix + alias.lower()})
|
||||
& ~Q(**{f'normalized_name{suffix}': alias_prefix + Alias.normalize(alias)})
|
||||
& ~Q(**{f'name{suffix}': alias_prefix + alias})
|
||||
),
|
||||
all=True)
|
||||
|
||||
@ -205,7 +214,5 @@ class TransactionViewSet(ReadProtectedModelViewSet):
|
||||
ordering_fields = ['created_at', 'amount', ]
|
||||
|
||||
def get_queryset(self):
|
||||
user = self.request.user
|
||||
get_current_session().setdefault("permission_mask", 42)
|
||||
return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view"))\
|
||||
return self.model.objects.filter(PermissionBackend.filter_queryset(self.request, self.model, "view"))\
|
||||
.order_by("created_at", "id")
|
||||
|
||||
@ -222,6 +222,13 @@ $(document).ready(function () {
|
||||
})
|
||||
})
|
||||
|
||||
// Make transfer when pressing Enter on the amount section
|
||||
$('#amount, #reason, #last_name, #first_name, #bank').keypress((event) => {
|
||||
if (event.originalEvent.charCode === 13) {
|
||||
$('#btn_transfer').click()
|
||||
}
|
||||
})
|
||||
|
||||
$('#btn_transfer').click(function () {
|
||||
if (LOCK) { return }
|
||||
|
||||
@ -348,14 +355,14 @@ $('#btn_transfer').click(function () {
|
||||
destination_alias: dest.name
|
||||
}).done(function () {
|
||||
addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
|
||||
[pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, gettext('insufficient funds')]), 'danger', 10000)
|
||||
[pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, gettext('insufficient funds')]), 'danger', 10000)
|
||||
reset()
|
||||
}).fail(function (err) {
|
||||
const errObj = JSON.parse(err.responseText)
|
||||
let error = errObj.detail ? errObj.detail : errObj.non_field_errors
|
||||
if (!error) { error = err.responseText }
|
||||
addMsg(interpolate(gettext('Transfer of %s from %s to %s failed: %s'),
|
||||
[pretty_money(source.quantity * dest.quantity * amount), source.name, + dest.name, error]), 'danger')
|
||||
[pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, error]), 'danger')
|
||||
LOCK = false
|
||||
})
|
||||
})
|
||||
|
||||
@ -7,7 +7,7 @@ import django_tables2 as tables
|
||||
from django.utils.html import format_html
|
||||
from django_tables2.utils import A
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from note_kfet.middlewares import get_current_authenticated_user
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
|
||||
from .models.notes import Alias
|
||||
@ -88,16 +88,16 @@ class HistoryTable(tables.Table):
|
||||
"class": lambda record:
|
||||
str(record.valid).lower()
|
||||
+ (' validate' if record.source.is_active and record.destination.is_active and PermissionBackend
|
||||
.check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
|
||||
.check_perm(get_current_request(), "note.change_transaction_invalidity_reason", record)
|
||||
else ''),
|
||||
"data-toggle": "tooltip",
|
||||
"title": lambda record: (_("Click to invalidate") if record.valid else _("Click to validate"))
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(),
|
||||
if PermissionBackend.check_perm(get_current_request(),
|
||||
"note.change_transaction_invalidity_reason", record)
|
||||
and record.source.is_active and record.destination.is_active else None,
|
||||
"onclick": lambda record: 'de_validate(' + str(record.id) + ', ' + str(record.valid).lower()
|
||||
+ ', "' + str(record.__class__.__name__) + '")'
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(),
|
||||
if PermissionBackend.check_perm(get_current_request(),
|
||||
"note.change_transaction_invalidity_reason", record)
|
||||
and record.source.is_active and record.destination.is_active else None,
|
||||
"onmouseover": lambda record: '$("#invalidity_reason_'
|
||||
@ -126,7 +126,7 @@ class HistoryTable(tables.Table):
|
||||
When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason
|
||||
"""
|
||||
has_perm = PermissionBackend \
|
||||
.check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
|
||||
.check_perm(get_current_request(), "note.change_transaction_invalidity_reason", record)
|
||||
|
||||
val = "✔" if value else "✖"
|
||||
|
||||
@ -165,7 +165,7 @@ class AliasTable(tables.Table):
|
||||
extra_context={"delete_trans": _('delete')},
|
||||
attrs={'td': {'class': lambda record: 'col-sm-1' + (
|
||||
' d-none' if not PermissionBackend.check_perm(
|
||||
get_current_authenticated_user(), "note.delete_alias",
|
||||
get_current_request(), "note.delete_alias",
|
||||
record) else '')}}, verbose_name=_("Delete"), )
|
||||
|
||||
|
||||
|
||||
@ -129,7 +129,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{# Mode switch #}
|
||||
<div class="card-footer border-primary">
|
||||
<a class="btn btn-sm btn-secondary float-left" href="{% url 'note:template_list' %}">
|
||||
<i class="fa fa-edit"></i> {% trans "Edit" %}
|
||||
<svg class="bi bi-edit" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M12.854.146a.5.5 0 0 0-.707 0L10.5 1.793 14.207 5.5l1.647-1.646a.5.5 0 0 0 0-.708l-3-3zm.646 6.061L9.793 2.5 3.293 9H3.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.5h.5a.5.5 0 0 1 .5.5v.207l6.5-6.5zm-7.468 7.468A.5.5 0 0 1 6 13.5V13h-.5a.5.5 0 0 1-.5-.5V12h-.5a.5.5 0 0 1-.5-.5V11h-.5a.5.5 0 0 1-.5-.5V10h-.5a.499.499 0 0 1-.175-.032l-.179.178a.5.5 0 0 0-.11.168l-2 5a.5.5 0 0 0 .65.65l5-2a.5.5 0 0 0 .168-.11l.178-.178z"/>
|
||||
</svg>
|
||||
{% trans "Edit" %}
|
||||
</a>
|
||||
<div class="btn-group btn-group-toggle float-right" data-toggle="buttons">
|
||||
<label for="single_conso" class="btn btn-sm btn-outline-primary active">
|
||||
|
||||
@ -10,21 +10,25 @@ SPDX-License-Identifier: GPL-2.0-or-later
|
||||
{# bandeau transfert/crédit/débit/activité #}
|
||||
<div class="row">
|
||||
<div class="col-xl-12">
|
||||
<div class="btn-group btn-group-toggle btn-block" data-toggle="buttons">
|
||||
<label for="type_transfer" class="btn btn-sm btn-outline-primary active">
|
||||
<input type="radio" name="transaction_type" id="type_transfer">
|
||||
{% trans "Transfer" %}
|
||||
</label>
|
||||
{% if "note.notespecial"|not_empty_model_list %}
|
||||
<label for="type_credit" class="btn btn-sm btn-outline-primary">
|
||||
<input type="radio" name="transaction_type" id="type_credit">
|
||||
{% trans "Credit" %}
|
||||
<div class="btn-group btn-block">
|
||||
<div class="btn-group btn-group-toggle btn-block" data-toggle="buttons">
|
||||
<label for="type_transfer" class="btn btn-sm btn-outline-primary active">
|
||||
<input type="radio" name="transaction_type" id="type_transfer">
|
||||
{% trans "Transfer" %}
|
||||
</label>
|
||||
<label for="type_debit" class="btn btn-sm btn-outline-primary">
|
||||
<input type="radio" name="transaction_type" id="type_debit">
|
||||
{% trans "Debit" %}
|
||||
</label>
|
||||
{% endif %}
|
||||
{% if "note.notespecial"|not_empty_model_list %}
|
||||
<label for="type_credit" class="btn btn-sm btn-outline-primary">
|
||||
<input type="radio" name="transaction_type" id="type_credit">
|
||||
{% trans "Credit" %}
|
||||
</label>
|
||||
<label for="type_debit" class="btn btn-sm btn-outline-primary">
|
||||
<input type="radio" name="transaction_type" id="type_debit">
|
||||
{% trans "Debit" %}
|
||||
</label>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
{# Add shortcuts for opened activites if necessary #}
|
||||
{% for activity in activities_open %}
|
||||
<a href="{% url "activity:activity_entry" pk=activity.pk %}" class="btn btn-sm btn-outline-primary">
|
||||
{% trans "Entries" %} {{ activity.name }}
|
||||
|
||||
@ -38,7 +38,7 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl
|
||||
def get_queryset(self, **kwargs):
|
||||
# retrieves only Transaction that user has the right to see.
|
||||
return Transaction.objects.filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
|
||||
PermissionBackend.filter_queryset(self.request, Transaction, "view")
|
||||
).order_by("-created_at").all()[:20]
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
@ -47,16 +47,16 @@ class TransactionCreateView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTabl
|
||||
context['polymorphic_ctype'] = ContentType.objects.get_for_model(Transaction).pk
|
||||
context['special_polymorphic_ctype'] = ContentType.objects.get_for_model(SpecialTransaction).pk
|
||||
context['special_types'] = NoteSpecial.objects\
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, NoteSpecial, "view"))\
|
||||
.filter(PermissionBackend.filter_queryset(self.request, NoteSpecial, "view"))\
|
||||
.order_by("special_type").all()
|
||||
|
||||
# Add a shortcut for entry page for open activities
|
||||
if "activity" in settings.INSTALLED_APPS:
|
||||
from activity.models import Activity
|
||||
activities_open = Activity.objects.filter(open=True).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Activity, "view")).distinct().all()
|
||||
activities_open = Activity.objects.filter(open=True, activity_type__manage_entries=True).filter(
|
||||
PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
|
||||
context["activities_open"] = [a for a in activities_open
|
||||
if PermissionBackend.check_perm(self.request.user,
|
||||
if PermissionBackend.check_perm(self.request,
|
||||
"activity.add_entry",
|
||||
Entry(activity=a,
|
||||
note=self.request.user.note, ))]
|
||||
@ -159,7 +159,7 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
||||
return self.handle_no_permission()
|
||||
|
||||
templates = TransactionTemplate.objects.filter(
|
||||
PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
|
||||
PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view")
|
||||
)
|
||||
if not templates.exists():
|
||||
raise PermissionDenied(_("You can't see any button."))
|
||||
@ -170,7 +170,7 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
||||
restrict to the transaction history the user can see.
|
||||
"""
|
||||
return Transaction.objects.filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Transaction, "view")
|
||||
PermissionBackend.filter_queryset(self.request, Transaction, "view")
|
||||
).order_by("-created_at").all()[:20]
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
@ -180,13 +180,13 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
||||
# for each category, find which transaction templates the user can see.
|
||||
for category in categories:
|
||||
category.templates_filtered = category.templates.filter(
|
||||
PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
|
||||
PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view")
|
||||
).filter(display=True).order_by('name').all()
|
||||
|
||||
context['categories'] = [cat for cat in categories if cat.templates_filtered]
|
||||
# some transactiontemplate are put forward to find them easily
|
||||
context['highlighted'] = TransactionTemplate.objects.filter(highlighted=True).filter(
|
||||
PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
|
||||
PermissionBackend().filter_queryset(self.request, TransactionTemplate, "view")
|
||||
).order_by('name').all()
|
||||
context['polymorphic_ctype'] = ContentType.objects.get_for_model(RecurrentTransaction).pk
|
||||
|
||||
@ -209,7 +209,7 @@ class TransactionSearchView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView
|
||||
data = form.cleaned_data if form.is_valid() else {}
|
||||
|
||||
transactions = Transaction.objects.annotate(total_amount=F("quantity") * F("amount")).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Transaction, "view"))\
|
||||
PermissionBackend.filter_queryset(self.request, Transaction, "view"))\
|
||||
.filter(Q(source=self.object) | Q(destination=self.object)).order_by('-created_at')
|
||||
|
||||
if "source" in data and data["source"]:
|
||||
|
||||
@ -4,12 +4,12 @@
|
||||
from datetime import date
|
||||
|
||||
from django.contrib.auth.backends import ModelBackend
|
||||
from django.contrib.auth.models import User, AnonymousUser
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.db.models import Q, F
|
||||
from django.utils import timezone
|
||||
from note.models import Note, NoteUser, NoteClub, NoteSpecial
|
||||
from note_kfet.middlewares import get_current_session
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from member.models import Membership, Club
|
||||
|
||||
from .decorators import memoize
|
||||
@ -26,14 +26,31 @@ class PermissionBackend(ModelBackend):
|
||||
|
||||
@staticmethod
|
||||
@memoize
|
||||
def get_raw_permissions(user, t):
|
||||
def get_raw_permissions(request, t):
|
||||
"""
|
||||
Query permissions of a certain type for a user, then memoize it.
|
||||
:param user: The owner of the permissions
|
||||
:param request: The current request
|
||||
:param t: The type of the permissions: view, change, add or delete
|
||||
:return: The queryset of the permissions of the user (memoized) grouped by clubs
|
||||
"""
|
||||
if isinstance(user, AnonymousUser):
|
||||
if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
|
||||
# OAuth2 Authentication
|
||||
user = request.auth.user
|
||||
|
||||
def permission_filter(membership_obj):
|
||||
query = Q(pk=-1)
|
||||
for scope in request.auth.scope.split(' '):
|
||||
permission_id, club_id = scope.split('_')
|
||||
if int(club_id) == membership_obj.club_id:
|
||||
query |= Q(pk=permission_id)
|
||||
return query
|
||||
else:
|
||||
user = request.user
|
||||
|
||||
def permission_filter(membership_obj):
|
||||
return Q(mask__rank__lte=request.session.get("permission_mask", 42))
|
||||
|
||||
if user.is_anonymous:
|
||||
# Unauthenticated users have no permissions
|
||||
return Permission.objects.none()
|
||||
|
||||
@ -43,7 +60,7 @@ class PermissionBackend(ModelBackend):
|
||||
|
||||
for membership in memberships:
|
||||
for role in membership.roles.all():
|
||||
for perm in role.permissions.filter(type=t, mask__rank__lte=get_current_session().get("permission_mask", -1)).all():
|
||||
for perm in role.permissions.filter(permission_filter(membership), type=t).all():
|
||||
if not perm.permanent:
|
||||
if membership.date_start > date.today() or membership.date_end < date.today():
|
||||
continue
|
||||
@ -52,16 +69,22 @@ class PermissionBackend(ModelBackend):
|
||||
return perms
|
||||
|
||||
@staticmethod
|
||||
def permissions(user, model, type):
|
||||
def permissions(request, model, type):
|
||||
"""
|
||||
List all permissions of the given user that applies to a given model and a give type
|
||||
:param user: The owner of the permissions
|
||||
:param request: The current request
|
||||
:param model: The model that the permissions shoud apply
|
||||
:param type: The type of the permissions: view, change, add or delete
|
||||
:return: A generator of the requested permissions
|
||||
"""
|
||||
|
||||
for permission in PermissionBackend.get_raw_permissions(user, type):
|
||||
if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
|
||||
# OAuth2 Authentication
|
||||
user = request.auth.user
|
||||
else:
|
||||
user = request.user
|
||||
|
||||
for permission in PermissionBackend.get_raw_permissions(request, type):
|
||||
if not isinstance(model.model_class()(), permission.model.model_class()) or not permission.membership:
|
||||
continue
|
||||
|
||||
@ -88,20 +111,26 @@ class PermissionBackend(ModelBackend):
|
||||
|
||||
@staticmethod
|
||||
@memoize
|
||||
def filter_queryset(user, model, t, field=None):
|
||||
def filter_queryset(request, model, t, field=None):
|
||||
"""
|
||||
Filter a queryset by considering the permissions of a given user.
|
||||
:param user: The owner of the permissions that are fetched
|
||||
:param request: The current request
|
||||
:param model: The concerned model of the queryset
|
||||
:param t: The type of modification (view, add, change, delete)
|
||||
:param field: The field of the model to test, if concerned
|
||||
:return: A query that corresponds to the filter to give to a queryset
|
||||
"""
|
||||
if user is None or isinstance(user, AnonymousUser):
|
||||
if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
|
||||
# OAuth2 Authentication
|
||||
user = request.auth.user
|
||||
else:
|
||||
user = request.user
|
||||
|
||||
if user is None or user.is_anonymous:
|
||||
# Anonymous users can't do anything
|
||||
return Q(pk=-1)
|
||||
|
||||
if user.is_superuser and get_current_session().get("permission_mask", -1) >= 42:
|
||||
if user.is_superuser and request.session.get("permission_mask", -1) >= 42:
|
||||
# Superusers have all rights
|
||||
return Q()
|
||||
|
||||
@ -110,7 +139,7 @@ class PermissionBackend(ModelBackend):
|
||||
|
||||
# Never satisfied
|
||||
query = Q(pk=-1)
|
||||
perms = PermissionBackend.permissions(user, model, t)
|
||||
perms = PermissionBackend.permissions(request, model, t)
|
||||
for perm in perms:
|
||||
if perm.field and field != perm.field:
|
||||
continue
|
||||
@ -122,7 +151,7 @@ class PermissionBackend(ModelBackend):
|
||||
|
||||
@staticmethod
|
||||
@memoize
|
||||
def check_perm(user_obj, perm, obj=None):
|
||||
def check_perm(request, perm, obj=None):
|
||||
"""
|
||||
Check is the given user has the permission over a given object.
|
||||
The result is then memoized.
|
||||
@ -130,10 +159,19 @@ class PermissionBackend(ModelBackend):
|
||||
primary key, the result is not memoized. Moreover, the right could change
|
||||
(e.g. for a transaction, the balance of the user could change)
|
||||
"""
|
||||
if user_obj is None or isinstance(user_obj, AnonymousUser):
|
||||
# Requested by a shell
|
||||
if request is None:
|
||||
return False
|
||||
|
||||
sess = get_current_session()
|
||||
user_obj = request.user
|
||||
sess = request.session
|
||||
|
||||
if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
|
||||
# OAuth2 Authentication
|
||||
user_obj = request.auth.user
|
||||
|
||||
if user_obj is None or user_obj.is_anonymous:
|
||||
return False
|
||||
|
||||
if user_obj.is_superuser and sess.get("permission_mask", -1) >= 42:
|
||||
return True
|
||||
@ -147,16 +185,19 @@ class PermissionBackend(ModelBackend):
|
||||
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
if any(permission.applies(obj, perm_type, perm_field)
|
||||
for permission in PermissionBackend.permissions(user_obj, ct, perm_type)):
|
||||
for permission in PermissionBackend.permissions(request, ct, perm_type)):
|
||||
return True
|
||||
return False
|
||||
|
||||
def has_perm(self, user_obj, perm, obj=None):
|
||||
return PermissionBackend.check_perm(user_obj, perm, obj)
|
||||
# Warning: this does not check that user_obj has the permission,
|
||||
# but if the current request has the permission.
|
||||
# This function is implemented for backward compatibility, and should not be used.
|
||||
return PermissionBackend.check_perm(get_current_request(), perm, obj)
|
||||
|
||||
def has_module_perms(self, user_obj, app_label):
|
||||
return False
|
||||
|
||||
def get_all_permissions(self, user_obj, obj=None):
|
||||
ct = ContentType.objects.get_for_model(obj)
|
||||
return list(self.permissions(user_obj, ct, "view"))
|
||||
return list(self.permissions(get_current_request(), ct, "view"))
|
||||
|
||||
@ -5,7 +5,7 @@ from functools import lru_cache
|
||||
from time import time
|
||||
|
||||
from django.contrib.sessions.models import Session
|
||||
from note_kfet.middlewares import get_current_session
|
||||
from note_kfet.middlewares import get_current_request
|
||||
|
||||
|
||||
def memoize(f):
|
||||
@ -48,11 +48,11 @@ def memoize(f):
|
||||
last_collect = time()
|
||||
|
||||
# If there is no session, then we don't memoize anything.
|
||||
sess = get_current_session()
|
||||
if sess is None or sess.session_key is None:
|
||||
request = get_current_request()
|
||||
if request is None or request.session is None or request.session.session_key is None:
|
||||
return f(*args, **kwargs)
|
||||
|
||||
sess_key = sess.session_key
|
||||
sess_key = request.session.session_key
|
||||
if sess_key not in sess_funs:
|
||||
# lru_cache makes the job of memoization
|
||||
# We store only the 512 latest data per session. It has to be enough.
|
||||
|
||||
@ -111,12 +111,12 @@
|
||||
"note",
|
||||
"alias"
|
||||
],
|
||||
"query": "[\"AND\", [\"OR\", {\"note__noteuser__user__memberships__club__name\": \"Kfet\", \"note__noteuser__user__memberships__date_start__lte\": [\"today\"], \"note__noteuser__user__memberships__date_end__gte\": [\"today\"]}, {\"note__noteclub__isnull\": false}], {\"note__is_active\": true}]",
|
||||
"query": "[\"AND\", [\"OR\", {\"note__noteuser__user__memberships__club__name\": \"BDE\", \"note__noteuser__user__memberships__date_start__lte\": [\"today\"], \"note__noteuser__user__memberships__date_end__gte\": [\"today\"]}, {\"note__noteclub__isnull\": false}], {\"note__is_active\": true}]",
|
||||
"type": "view",
|
||||
"mask": 1,
|
||||
"field": "",
|
||||
"permanent": false,
|
||||
"description": "Voir les aliases des notes des clubs et des adhérents du club Kfet"
|
||||
"description": "Voir les aliases des notes des clubs et des adhérents du club BDE"
|
||||
}
|
||||
},
|
||||
{
|
||||
@ -627,7 +627,7 @@
|
||||
"type": "view",
|
||||
"mask": 1,
|
||||
"field": "",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Voir les personnes qu'on a invitées"
|
||||
}
|
||||
},
|
||||
@ -1235,7 +1235,7 @@
|
||||
"type": "view",
|
||||
"mask": 1,
|
||||
"field": "",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Voir le dernier WEI"
|
||||
}
|
||||
},
|
||||
@ -1267,7 +1267,7 @@
|
||||
"type": "add",
|
||||
"mask": 1,
|
||||
"field": "",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "M'inscrire au dernier WEI"
|
||||
}
|
||||
},
|
||||
@ -1331,7 +1331,7 @@
|
||||
"type": "view",
|
||||
"mask": 1,
|
||||
"field": "",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Voir ma propre inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -1379,7 +1379,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "soge_credit",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Indiquer si mon inscription WEI est payée par la Société générale tant qu'elle n'est pas validée"
|
||||
}
|
||||
},
|
||||
@ -1427,7 +1427,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "birth_date",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier la date de naissance de ma propre inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -1459,7 +1459,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "gender",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier le genre de ma propre inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -1491,7 +1491,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "health_issues",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier mes problèmes de santé de mon inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -1523,7 +1523,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "emergency_contact_name",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier le nom du contact en cas d'urgence de mon inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -1555,7 +1555,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "emergency_contact_phone",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier le téléphone du contact en cas d'urgence de mon inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -1699,7 +1699,7 @@
|
||||
"type": "add",
|
||||
"mask": 3,
|
||||
"field": "",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Créer une adhésion WEI pour le dernier WEI"
|
||||
}
|
||||
},
|
||||
@ -2003,7 +2003,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "clothing_cut",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier ma coupe de vêtements de mon inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -2035,7 +2035,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "clothing_size",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier la taille de vêtements de mon inscription WEI"
|
||||
}
|
||||
},
|
||||
@ -2243,7 +2243,7 @@
|
||||
"type": "change",
|
||||
"mask": 1,
|
||||
"field": "information_json",
|
||||
"permanent": false,
|
||||
"permanent": true,
|
||||
"description": "Modifier mes préférences en terme de bus et d'équipe si mon inscription n'est pas validée et que je suis en 2A+"
|
||||
}
|
||||
},
|
||||
@ -2883,6 +2883,7 @@
|
||||
3,
|
||||
4,
|
||||
5,
|
||||
6,
|
||||
7,
|
||||
8,
|
||||
9,
|
||||
@ -2890,6 +2891,10 @@
|
||||
11,
|
||||
12,
|
||||
13,
|
||||
14,
|
||||
15,
|
||||
16,
|
||||
17,
|
||||
22,
|
||||
48,
|
||||
52,
|
||||
@ -2907,11 +2912,6 @@
|
||||
"for_club": 2,
|
||||
"name": "Adh\u00e9rent Kfet",
|
||||
"permissions": [
|
||||
6,
|
||||
14,
|
||||
15,
|
||||
16,
|
||||
17,
|
||||
22,
|
||||
34,
|
||||
36,
|
||||
@ -3048,6 +3048,7 @@
|
||||
31,
|
||||
32,
|
||||
33,
|
||||
43,
|
||||
51,
|
||||
53,
|
||||
54,
|
||||
@ -3304,6 +3305,7 @@
|
||||
30,
|
||||
31,
|
||||
70,
|
||||
72,
|
||||
143,
|
||||
166,
|
||||
167,
|
||||
@ -3495,7 +3497,7 @@
|
||||
"model": "permission.role",
|
||||
"pk": 20,
|
||||
"fields": {
|
||||
"for_club": 2,
|
||||
"for_club": 1,
|
||||
"name": "PC Kfet",
|
||||
"permissions": [
|
||||
6,
|
||||
@ -3511,6 +3513,8 @@
|
||||
56,
|
||||
57,
|
||||
58,
|
||||
70,
|
||||
72,
|
||||
135,
|
||||
137,
|
||||
143,
|
||||
|
||||
@ -45,7 +45,7 @@ class StrongDjangoObjectPermissions(DjangoObjectPermissions):
|
||||
|
||||
perms = self.get_required_object_permissions(request.method, model_cls)
|
||||
# if not user.has_perms(perms, obj):
|
||||
if not all(PermissionBackend.check_perm(user, perm, obj) for perm in perms):
|
||||
if not all(PermissionBackend.check_perm(request, perm, obj) for perm in perms):
|
||||
# If the user does not have permissions we need to determine if
|
||||
# they have read permissions to see 403, or not, and simply see
|
||||
# a 404 response.
|
||||
|
||||
34
apps/permission/scopes.py
Normal file
34
apps/permission/scopes.py
Normal file
@ -0,0 +1,34 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from oauth2_provider.scopes import BaseScopes
|
||||
from member.models import Club
|
||||
from note_kfet.middlewares import get_current_request
|
||||
|
||||
from .backends import PermissionBackend
|
||||
from .models import Permission
|
||||
|
||||
|
||||
class PermissionScopes(BaseScopes):
|
||||
"""
|
||||
An OAuth2 scope is defined by a permission object and a club.
|
||||
A token will have a subset of permissions from the owner of the application,
|
||||
and can be useful to make queries through the API with limited privileges.
|
||||
"""
|
||||
|
||||
def get_all_scopes(self):
|
||||
return {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
|
||||
for p in Permission.objects.all() for club in Club.objects.all()}
|
||||
|
||||
def get_available_scopes(self, application=None, request=None, *args, **kwargs):
|
||||
if not application:
|
||||
return []
|
||||
return [f"{p.id}_{p.membership.club.id}"
|
||||
for t in Permission.PERMISSION_TYPES
|
||||
for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
|
||||
|
||||
def get_default_scopes(self, application=None, request=None, *args, **kwargs):
|
||||
if not application:
|
||||
return []
|
||||
return [f"{p.id}_{p.membership.club.id}"
|
||||
for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from note_kfet.middlewares import get_current_authenticated_user
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
|
||||
|
||||
@ -16,6 +16,9 @@ EXCLUDED = [
|
||||
'contenttypes.contenttype',
|
||||
'logs.changelog',
|
||||
'migrations.migration',
|
||||
'oauth2_provider.accesstoken',
|
||||
'oauth2_provider.grant',
|
||||
'oauth2_provider.refreshtoken',
|
||||
'sessions.session',
|
||||
]
|
||||
|
||||
@ -31,8 +34,8 @@ def pre_save_object(sender, instance, **kwargs):
|
||||
if hasattr(instance, "_force_save") or hasattr(instance, "_no_signal"):
|
||||
return
|
||||
|
||||
user = get_current_authenticated_user()
|
||||
if user is None:
|
||||
request = get_current_request()
|
||||
if request is None:
|
||||
# Action performed on shell is always granted
|
||||
return
|
||||
|
||||
@ -45,7 +48,7 @@ def pre_save_object(sender, instance, **kwargs):
|
||||
# We check if the user can change the model
|
||||
|
||||
# If the user has all right on a model, then OK
|
||||
if PermissionBackend.check_perm(user, app_label + ".change_" + model_name, instance):
|
||||
if PermissionBackend.check_perm(request, app_label + ".change_" + model_name, instance):
|
||||
return
|
||||
|
||||
# In the other case, we check if he/she has the right to change one field
|
||||
@ -58,7 +61,14 @@ def pre_save_object(sender, instance, **kwargs):
|
||||
# If the field wasn't modified, no need to check the permissions
|
||||
if old_value == new_value:
|
||||
continue
|
||||
if not PermissionBackend.check_perm(user, app_label + ".change_" + model_name + "_" + field_name, instance):
|
||||
|
||||
if app_label == 'auth' and model_name == 'user' and field.name == 'password' and request.user.is_anonymous:
|
||||
# We must ignore password changes from anonymous users since it can be done by people that forgot
|
||||
# their password. We trust password change form.
|
||||
continue
|
||||
|
||||
if not PermissionBackend.check_perm(request, app_label + ".change_" + model_name + "_" + field_name,
|
||||
instance):
|
||||
raise PermissionDenied(
|
||||
_("You don't have the permission to change the field {field} on this instance of model"
|
||||
" {app_label}.{model_name}.")
|
||||
@ -66,7 +76,7 @@ def pre_save_object(sender, instance, **kwargs):
|
||||
)
|
||||
else:
|
||||
# We check if the user has right to add the object
|
||||
has_perm = PermissionBackend.check_perm(user, app_label + ".add_" + model_name, instance)
|
||||
has_perm = PermissionBackend.check_perm(request, app_label + ".add_" + model_name, instance)
|
||||
|
||||
if not has_perm:
|
||||
raise PermissionDenied(
|
||||
@ -87,8 +97,8 @@ def pre_delete_object(instance, **kwargs):
|
||||
# Don't check permissions on force-deleted objects
|
||||
return
|
||||
|
||||
user = get_current_authenticated_user()
|
||||
if user is None:
|
||||
request = get_current_request()
|
||||
if request is None:
|
||||
# Action performed on shell is always granted
|
||||
return
|
||||
|
||||
@ -97,7 +107,7 @@ def pre_delete_object(instance, **kwargs):
|
||||
model_name = model_name_full[1]
|
||||
|
||||
# We check if the user has rights to delete the object
|
||||
if not PermissionBackend.check_perm(user, app_label + ".delete_" + model_name, instance):
|
||||
if not PermissionBackend.check_perm(request, app_label + ".delete_" + model_name, instance):
|
||||
raise PermissionDenied(
|
||||
_("You don't have the permission to delete this instance of model {app_label}.{model_name}.")
|
||||
.format(app_label=app_label, model_name=model_name))
|
||||
|
||||
@ -8,7 +8,7 @@ from django.urls import reverse_lazy
|
||||
from django.utils.html import format_html
|
||||
from django_tables2 import A
|
||||
from member.models import Membership
|
||||
from note_kfet.middlewares import get_current_authenticated_user
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ class RightsTable(tables.Table):
|
||||
def render_user(self, value):
|
||||
# If the user has the right, link the displayed user with the page of its detail.
|
||||
s = value.username
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "auth.view_user", value):
|
||||
if PermissionBackend.check_perm(get_current_request(), "auth.view_user", value):
|
||||
s = format_html("<a href={url}>{name}</a>",
|
||||
url=reverse_lazy('member:user_detail', kwargs={"pk": value.pk}), name=s)
|
||||
return s
|
||||
@ -28,7 +28,7 @@ class RightsTable(tables.Table):
|
||||
def render_club(self, value):
|
||||
# If the user has the right, link the displayed user with the page of its detail.
|
||||
s = value.name
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "member.view_club", value):
|
||||
if PermissionBackend.check_perm(get_current_request(), "member.view_club", value):
|
||||
s = format_html("<a href={url}>{name}</a>",
|
||||
url=reverse_lazy('member:club_detail', kwargs={"pk": value.pk}), name=s)
|
||||
|
||||
@ -42,7 +42,7 @@ class RightsTable(tables.Table):
|
||||
| Q(name="Bureau de club"))
|
||||
& Q(weirole__isnull=True))).all()
|
||||
s = ", ".join(str(role) for role in roles)
|
||||
if PermissionBackend.check_perm(get_current_authenticated_user(), "member.change_membership_roles", record):
|
||||
if PermissionBackend.check_perm(get_current_request(), "member.change_membership_roles", record):
|
||||
s = format_html("<a href='" + str(reverse_lazy("member:club_manage_roles", kwargs={"pk": record.pk}))
|
||||
+ "'>" + s + "</a>")
|
||||
return s
|
||||
|
||||
74
apps/permission/templates/permission/scopes.html
Normal file
74
apps/permission/templates/permission/scopes.html
Normal file
@ -0,0 +1,74 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h2>{% trans "Available scopes" %}</h2>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="accordion" id="accordionApps">
|
||||
{% for app, app_scopes in scopes.items %}
|
||||
<div class="card">
|
||||
<div class="card-header" id="app-{{ app.name.lower }}-title">
|
||||
<a class="text-decoration-none collapsed" href="#" data-toggle="collapse"
|
||||
data-target="#app-{{ app.name.lower }}" aria-expanded="false"
|
||||
aria-controls="app-{{ app.name.lower }}">
|
||||
{{ app.name }}
|
||||
</a>
|
||||
</div>
|
||||
<div class="collapse" id="app-{{ app.name.lower }}" aria-labelledby="app-{{ app.name.lower }}" data-target="#accordionApps">
|
||||
<div class="card-body">
|
||||
{% for scope_id, scope_desc in app_scopes.items %}
|
||||
<div class="form-group">
|
||||
<label class="form-check-label" for="scope-{{ app.name.lower }}-{{ scope_id }}">
|
||||
<input type="checkbox" id="scope-{{ app.name.lower }}-{{ scope_id }}"
|
||||
name="scope-{{ app.name.lower }}" class="checkboxinput form-check-input" value="{{ scope_id }}">
|
||||
{{ scope_desc }}
|
||||
</label>
|
||||
</div>
|
||||
{% endfor %}
|
||||
<p id="url-{{ app.name.lower }}">
|
||||
<a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code" target="_blank">
|
||||
{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code
|
||||
</a>
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% empty %}
|
||||
<p>
|
||||
{% trans "No applications defined" %}.
|
||||
<a href="{% url 'oauth2_provider:register' %}">{% trans "Click here" %}</a> {% trans "if you want to register a new one" %}.
|
||||
</p>
|
||||
{% endfor %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block extrajavascript %}
|
||||
<script>
|
||||
{% for app in scopes.keys %}
|
||||
let elements = document.getElementsByName("scope-{{ app.name.lower }}");
|
||||
for (let element of elements) {
|
||||
element.onchange = function (event) {
|
||||
let scope = ""
|
||||
for (let element of elements) {
|
||||
if (element.checked) {
|
||||
scope += element.value + " "
|
||||
}
|
||||
}
|
||||
|
||||
scope = scope.substr(0, scope.length - 1)
|
||||
|
||||
document.getElementById("url-{{ app.name.lower }}").innerHTML = 'Scopes : ' + scope
|
||||
+ '<br><a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='+ scope.replaceAll(' ', '%20')
|
||||
+ '" target="_blank">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='
|
||||
+ scope.replaceAll(' ', '%20') + '</a>'
|
||||
}
|
||||
}
|
||||
{% endfor %}
|
||||
</script>
|
||||
{% endblock %}
|
||||
@ -1,12 +1,12 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from django.contrib.auth.models import AnonymousUser
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.template.defaultfilters import stringfilter
|
||||
from django import template
|
||||
from note_kfet.middlewares import get_current_authenticated_user, get_current_session
|
||||
from permission.backends import PermissionBackend
|
||||
from note_kfet.middlewares import get_current_request
|
||||
|
||||
from ..backends import PermissionBackend
|
||||
|
||||
|
||||
@stringfilter
|
||||
@ -14,9 +14,10 @@ def not_empty_model_list(model_name):
|
||||
"""
|
||||
Return True if and only if the current user has right to see any object of the given model.
|
||||
"""
|
||||
user = get_current_authenticated_user()
|
||||
session = get_current_session()
|
||||
if user is None or isinstance(user, AnonymousUser):
|
||||
request = get_current_request()
|
||||
user = request.user
|
||||
session = request.session
|
||||
if user is None or not user.is_authenticated:
|
||||
return False
|
||||
elif user.is_superuser and session.get("permission_mask", -1) >= 42:
|
||||
return True
|
||||
@ -29,11 +30,12 @@ def model_list(model_name, t="view", fetch=True):
|
||||
"""
|
||||
Return the queryset of all visible instances of the given model.
|
||||
"""
|
||||
user = get_current_authenticated_user()
|
||||
request = get_current_request()
|
||||
user = request.user
|
||||
spl = model_name.split(".")
|
||||
ct = ContentType.objects.get(app_label=spl[0], model=spl[1])
|
||||
qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(user, ct, t))
|
||||
if user is None or isinstance(user, AnonymousUser):
|
||||
qs = ct.model_class().objects.filter(PermissionBackend.filter_queryset(request, ct, t))
|
||||
if user is None or not user.is_authenticated:
|
||||
return qs.none()
|
||||
if fetch:
|
||||
qs = qs.all()
|
||||
@ -49,7 +51,7 @@ def model_list_length(model_name, t="view"):
|
||||
|
||||
|
||||
def has_perm(perm, obj):
|
||||
return PermissionBackend.check_perm(get_current_authenticated_user(), perm, obj)
|
||||
return PermissionBackend.check_perm(get_current_request(), perm, obj)
|
||||
|
||||
|
||||
register = template.Library()
|
||||
|
||||
94
apps/permission/tests/test_oauth2.py
Normal file
94
apps/permission/tests/test_oauth2.py
Normal file
@ -0,0 +1,94 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from datetime import timedelta
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from django.test import TestCase
|
||||
from django.urls import reverse
|
||||
from django.utils import timezone
|
||||
from django.utils.crypto import get_random_string
|
||||
from member.models import Membership, Club
|
||||
from note.models import NoteUser
|
||||
from oauth2_provider.models import Application, AccessToken
|
||||
|
||||
from ..models import Role, Permission
|
||||
|
||||
|
||||
class OAuth2TestCase(TestCase):
|
||||
fixtures = ('initial', )
|
||||
|
||||
def setUp(self):
|
||||
self.user = User.objects.create(
|
||||
username="toto",
|
||||
)
|
||||
self.application = Application.objects.create(
|
||||
name="Test",
|
||||
client_type=Application.CLIENT_PUBLIC,
|
||||
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
|
||||
user=self.user,
|
||||
)
|
||||
|
||||
def test_oauth2_access(self):
|
||||
"""
|
||||
Create a simple OAuth2 access token that only has the right to see data of the current user
|
||||
and check that this token has required access, and nothing more.
|
||||
"""
|
||||
|
||||
bde = Club.objects.get(name="BDE")
|
||||
view_user_perm = Permission.objects.get(pk=1) # View own user detail
|
||||
|
||||
# Create access token that has access to our own user detail
|
||||
token = AccessToken.objects.create(
|
||||
user=self.user,
|
||||
application=self.application,
|
||||
scope=f"{view_user_perm.pk}_{bde.pk}",
|
||||
token=get_random_string(64),
|
||||
expires=timezone.now() + timedelta(days=365),
|
||||
)
|
||||
|
||||
# No access without token
|
||||
resp = self.client.get(f'/api/user/{self.user.pk}/')
|
||||
self.assertEqual(resp.status_code, 403)
|
||||
|
||||
# Valid token but user has no membership, so the query is not returning the user object
|
||||
resp = self.client.get(f'/api/user/{self.user.pk}/', **{'Authorization': f'Bearer {token.token}'})
|
||||
self.assertEqual(resp.status_code, 404)
|
||||
|
||||
# Create membership to validate permissions
|
||||
NoteUser.objects.create(user=self.user)
|
||||
membership = Membership.objects.create(user=self.user, club_id=bde.pk)
|
||||
membership.roles.add(Role.objects.get(name="Adhérent BDE"))
|
||||
membership.save()
|
||||
|
||||
# User is now a member and can now see its own user detail
|
||||
resp = self.client.get(f'/api/user/{self.user.pk}/', **{'Authorization': f'Bearer {token.token}'})
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
|
||||
# Token is not granted to see profile detail
|
||||
resp = self.client.get(f'/api/members/profile/{self.user.profile.pk}/',
|
||||
**{'Authorization': f'Bearer {token.token}'})
|
||||
self.assertEqual(resp.status_code, 404)
|
||||
|
||||
def test_scopes(self):
|
||||
"""
|
||||
Ensure that the scopes page is loading.
|
||||
"""
|
||||
self.client.force_login(self.user)
|
||||
|
||||
resp = self.client.get(reverse('permission:scopes'))
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
self.assertIn(self.application, resp.context['scopes'])
|
||||
self.assertNotIn('1_1', resp.context['scopes'][self.application]) # The user has not this permission
|
||||
|
||||
# Create membership to validate permissions
|
||||
bde = Club.objects.get(name="BDE")
|
||||
NoteUser.objects.create(user=self.user)
|
||||
membership = Membership.objects.create(user=self.user, club_id=bde.pk)
|
||||
membership.roles.add(Role.objects.get(name="Adhérent BDE"))
|
||||
membership.save()
|
||||
|
||||
resp = self.client.get(reverse('permission:scopes'))
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
self.assertIn(self.application, resp.context['scopes'])
|
||||
self.assertIn('1_1', resp.context['scopes'][self.application]) # Now the user has this permission
|
||||
@ -1,10 +1,17 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from django.conf import settings
|
||||
from django.urls import path
|
||||
from permission.views import RightsView
|
||||
|
||||
from .views import RightsView, ScopesView
|
||||
|
||||
app_name = 'permission'
|
||||
urlpatterns = [
|
||||
path('rights', RightsView.as_view(), name="rights"),
|
||||
path('rights/', RightsView.as_view(), name="rights"),
|
||||
]
|
||||
|
||||
if "oauth2_provider" in settings.INSTALLED_APPS:
|
||||
urlpatterns += [
|
||||
path('scopes/', ScopesView.as_view(), name="scopes"),
|
||||
]
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from collections import OrderedDict
|
||||
from datetime import date
|
||||
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
@ -28,7 +28,7 @@ class ProtectQuerysetMixin:
|
||||
"""
|
||||
def get_queryset(self, filter_permissions=True, **kwargs):
|
||||
qs = super().get_queryset(**kwargs)
|
||||
return qs.filter(PermissionBackend.filter_queryset(self.request.user, qs.model, "view")).distinct()\
|
||||
return qs.filter(PermissionBackend.filter_queryset(self.request, qs.model, "view")).distinct()\
|
||||
if filter_permissions else qs
|
||||
|
||||
def get_object(self, queryset=None):
|
||||
@ -53,7 +53,7 @@ class ProtectQuerysetMixin:
|
||||
# We could also delete the field, but some views might be affected.
|
||||
meta = form.instance._meta
|
||||
for key in form.base_fields:
|
||||
if not PermissionBackend.check_perm(self.request.user,
|
||||
if not PermissionBackend.check_perm(self.request,
|
||||
f"{meta.app_label}.change_{meta.model_name}_" + key, self.object):
|
||||
form.fields[key].widget = HiddenInput()
|
||||
|
||||
@ -101,7 +101,7 @@ class ProtectedCreateView(LoginRequiredMixin, CreateView):
|
||||
# noinspection PyProtectedMember
|
||||
app_label, model_name = model_class._meta.app_label, model_class._meta.model_name.lower()
|
||||
perm = app_label + ".add_" + model_name
|
||||
if not PermissionBackend.check_perm(request.user, perm, self.get_sample_object()):
|
||||
if not PermissionBackend.check_perm(request, perm, self.get_sample_object()):
|
||||
raise PermissionDenied(_("You don't have the permission to add an instance of model "
|
||||
"{app_label}.{model_name}.").format(app_label=app_label, model_name=model_name))
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
@ -143,3 +143,26 @@ class RightsView(TemplateView):
|
||||
prefix="superusers-")
|
||||
|
||||
return context
|
||||
|
||||
|
||||
class ScopesView(LoginRequiredMixin, TemplateView):
|
||||
template_name = "permission/scopes.html"
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
|
||||
from oauth2_provider.models import Application
|
||||
from .scopes import PermissionScopes
|
||||
|
||||
scopes = PermissionScopes()
|
||||
context["scopes"] = {}
|
||||
all_scopes = scopes.get_all_scopes()
|
||||
for app in Application.objects.filter(user=self.request.user).all():
|
||||
available_scopes = scopes.get_available_scopes(app)
|
||||
context["scopes"][app] = OrderedDict()
|
||||
items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes]
|
||||
items.sort(key=lambda x: (int(x[0].split("_")[1]), int(x[0].split("_")[0])))
|
||||
for k, v in items:
|
||||
context["scopes"][app][k] = v
|
||||
|
||||
return context
|
||||
|
||||
@ -46,7 +46,8 @@ class SignUpForm(UserCreationForm):
|
||||
|
||||
class DeclareSogeAccountOpenedForm(forms.Form):
|
||||
soge_account = forms.BooleanField(
|
||||
label=_("I declare that I opened a bank account in the Société générale with the BDE partnership."),
|
||||
label=_("I declare that I opened or I will open soon a bank account in the Société générale with the BDE "
|
||||
"partnership."),
|
||||
help_text=_("Warning: this engages you to open your bank account. If you finally decides to don't open your "
|
||||
"account, you will have to pay the BDE membership."),
|
||||
required=False,
|
||||
|
||||
@ -66,9 +66,11 @@ class UserCreateView(CreateView):
|
||||
profile_form.instance.user = user
|
||||
profile = profile_form.save(commit=False)
|
||||
user.profile = profile
|
||||
user._force_save = True
|
||||
user.save()
|
||||
user.refresh_from_db()
|
||||
profile.user = user
|
||||
profile._force_save = True
|
||||
profile.save()
|
||||
|
||||
user.profile.send_email_validation_link()
|
||||
@ -83,6 +85,9 @@ class UserCreateView(CreateView):
|
||||
return super().form_valid(form)
|
||||
|
||||
def get_success_url(self):
|
||||
# Direct access to validation menu if we have the right to validate it
|
||||
if PermissionBackend.check_perm(self.request, 'auth.view_user', self.object):
|
||||
return reverse_lazy('registration:future_user_detail', args=(self.object.pk,))
|
||||
return reverse_lazy('registration:email_validation_sent')
|
||||
|
||||
|
||||
@ -110,7 +115,9 @@ class UserValidateView(TemplateView):
|
||||
self.validlink = True
|
||||
user.is_active = user.profile.registration_valid or user.is_superuser
|
||||
user.profile.email_confirmed = True
|
||||
user._force_save = True
|
||||
user.save()
|
||||
user.profile._force_save = True
|
||||
user.profile.save()
|
||||
return self.render_to_response(self.get_context_data(), status=200 if self.validlink else 400)
|
||||
|
||||
@ -230,9 +237,6 @@ class FutureUserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin,
|
||||
fee += bde.membership_fee_paid if user.profile.paid else bde.membership_fee_unpaid
|
||||
kfet = Club.objects.get(name="Kfet")
|
||||
fee += kfet.membership_fee_paid if user.profile.paid else kfet.membership_fee_unpaid
|
||||
# In 2020, for COVID-19 reasons, the BDE offered 80 € to each new member that opens a Sogé account,
|
||||
# since there is no WEI.
|
||||
fee += 8000
|
||||
ctx["total_fee"] = "{:.02f}".format(fee / 100, )
|
||||
|
||||
ctx["declare_soge_account"] = SogeCredit.objects.filter(user=user).exists()
|
||||
@ -387,7 +391,7 @@ class FutureUserInvalidateView(ProtectQuerysetMixin, LoginRequiredMixin, View):
|
||||
Delete the pre-registered user which id is given in the URL.
|
||||
"""
|
||||
user = User.objects.filter(profile__registration_valid=False)\
|
||||
.filter(PermissionBackend.filter_queryset(request.user, User, "change", "is_valid"))\
|
||||
.filter(PermissionBackend.filter_queryset(request, User, "change", "is_valid"))\
|
||||
.get(pk=self.kwargs["pk"])
|
||||
# Delete associated soge credits before
|
||||
SogeCredit.objects.filter(user=user).delete()
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from django.db import transaction
|
||||
from rest_framework import serializers
|
||||
from note.api.serializers import SpecialTransactionSerializer
|
||||
|
||||
@ -68,6 +68,14 @@ class SogeCreditSerializer(serializers.ModelSerializer):
|
||||
The djangorestframework plugin will analyse the model `SogeCredit` and parse all fields in the API.
|
||||
"""
|
||||
|
||||
@transaction.atomic
|
||||
def save(self, **kwargs):
|
||||
# Update soge transactions after creating a credit
|
||||
instance = super().save(**kwargs)
|
||||
instance.update_transactions()
|
||||
instance.save()
|
||||
return instance
|
||||
|
||||
class Meta:
|
||||
model = SogeCredit
|
||||
fields = '__all__'
|
||||
|
||||
@ -4,11 +4,12 @@
|
||||
from crispy_forms.helper import FormHelper
|
||||
from crispy_forms.layout import Submit
|
||||
from django import forms
|
||||
from django.contrib.auth.models import User
|
||||
from django.db import transaction
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from note_kfet.inputs import AmountInput
|
||||
from note_kfet.inputs import AmountInput, Autocomplete
|
||||
|
||||
from .models import Invoice, Product, Remittance, SpecialTransactionProxy
|
||||
from .models import Invoice, Product, Remittance, SpecialTransactionProxy, SogeCredit
|
||||
|
||||
|
||||
class InvoiceForm(forms.ModelForm):
|
||||
@ -161,3 +162,19 @@ class LinkTransactionToRemittanceForm(forms.ModelForm):
|
||||
class Meta:
|
||||
model = SpecialTransactionProxy
|
||||
fields = ('remittance', )
|
||||
|
||||
|
||||
class SogeCreditForm(forms.ModelForm):
|
||||
class Meta:
|
||||
model = SogeCredit
|
||||
fields = ('user', )
|
||||
widgets = {
|
||||
"user": Autocomplete(
|
||||
User,
|
||||
attrs={
|
||||
'api_url': '/api/user/',
|
||||
'name_field': 'username',
|
||||
'placeholder': 'Nom ...',
|
||||
},
|
||||
),
|
||||
}
|
||||
|
||||
@ -1,8 +1,9 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
import datetime
|
||||
from datetime import date
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import User
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.core.validators import MinValueValidator
|
||||
@ -11,6 +12,7 @@ from django.db.models import Q
|
||||
from django.template.loader import render_to_string
|
||||
from django.utils import timezone
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from member.models import Club, Membership
|
||||
from note.models import NoteSpecial, SpecialTransaction, MembershipTransaction, NoteUser
|
||||
|
||||
|
||||
@ -286,6 +288,7 @@ class SogeCredit(models.Model):
|
||||
transactions = models.ManyToManyField(
|
||||
MembershipTransaction,
|
||||
related_name="+",
|
||||
blank=True,
|
||||
verbose_name=_("membership transactions"),
|
||||
)
|
||||
|
||||
@ -302,8 +305,55 @@ class SogeCredit(models.Model):
|
||||
|
||||
@property
|
||||
def amount(self):
|
||||
return self.credit_transaction.total if self.valid \
|
||||
else sum(transaction.total for transaction in self.transactions.all()) + 8000
|
||||
if self.valid:
|
||||
return self.credit_transaction.total
|
||||
amount = sum(transaction.total for transaction in self.transactions.all())
|
||||
if 'wei' in settings.INSTALLED_APPS:
|
||||
from wei.models import WEIMembership
|
||||
if not WEIMembership.objects.filter(club__weiclub__year=datetime.date.today().year, user=self.user)\
|
||||
.exists():
|
||||
# 80 € for people that don't go to WEI
|
||||
amount += 8000
|
||||
return amount
|
||||
|
||||
def update_transactions(self):
|
||||
"""
|
||||
The Sogé credit may be created after the user already paid its memberships.
|
||||
We query transactions and update the credit, if it is unvalid.
|
||||
"""
|
||||
if self.valid or not self.pk:
|
||||
return
|
||||
|
||||
bde = Club.objects.get(name="BDE")
|
||||
kfet = Club.objects.get(name="Kfet")
|
||||
bde_qs = Membership.objects.filter(user=self.user, club=bde, date_start__gte=bde.membership_start)
|
||||
kfet_qs = Membership.objects.filter(user=self.user, club=kfet, date_start__gte=kfet.membership_start)
|
||||
|
||||
if bde_qs.exists():
|
||||
m = bde_qs.get()
|
||||
if MembershipTransaction.objects.filter(membership=m).exists(): # non-free membership
|
||||
if m.transaction not in self.transactions.all():
|
||||
self.transactions.add(m.transaction)
|
||||
|
||||
if kfet_qs.exists():
|
||||
m = kfet_qs.get()
|
||||
if MembershipTransaction.objects.filter(membership=m).exists(): # non-free membership
|
||||
if m.transaction not in self.transactions.all():
|
||||
self.transactions.add(m.transaction)
|
||||
|
||||
if 'wei' in settings.INSTALLED_APPS:
|
||||
from wei.models import WEIClub
|
||||
wei = WEIClub.objects.order_by('-year').first()
|
||||
wei_qs = Membership.objects.filter(user=self.user, club=wei, date_start__gte=wei.membership_start)
|
||||
if wei_qs.exists():
|
||||
m = wei_qs.get()
|
||||
if MembershipTransaction.objects.filter(membership=m).exists(): # non-free membership
|
||||
if m.transaction not in self.transactions.all():
|
||||
self.transactions.add(m.transaction)
|
||||
|
||||
for tr in self.transactions.all():
|
||||
tr.valid = False
|
||||
tr.save()
|
||||
|
||||
def invalidate(self):
|
||||
"""
|
||||
@ -365,7 +415,8 @@ class SogeCredit(models.Model):
|
||||
self.credit_transaction.amount = self.amount
|
||||
self.credit_transaction._force_save = True
|
||||
self.credit_transaction.save()
|
||||
super().save(*args, **kwargs)
|
||||
|
||||
return super().save(*args, **kwargs)
|
||||
|
||||
def delete(self, **kwargs):
|
||||
"""
|
||||
@ -392,6 +443,7 @@ class SogeCredit(models.Model):
|
||||
# was opened after the validation of the account.
|
||||
self.credit_transaction.valid = False
|
||||
self.credit_transaction.reason += " (invalide)"
|
||||
self.credit_transaction._force_save = True
|
||||
self.credit_transaction.save()
|
||||
super().delete(**kwargs)
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% endcomment %}
|
||||
{% load render_table from django_tables2 %}
|
||||
{% load crispy_forms_filters %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
@ -27,7 +28,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{{ title }}
|
||||
</h3>
|
||||
<div class="card-body">
|
||||
<input id="searchbar" type="text" class="form-control" placeholder="Nom/prénom/note ...">
|
||||
<div class="input-group">
|
||||
<input id="searchbar" type="text" class="form-control" placeholder="Nom/prénom/note ...">
|
||||
<div class="input-group-append">
|
||||
<button id="add_sogecredit" class="btn btn-success" data-toggle="modal" data-target="#add-sogecredit-modal">{% trans "Add" %}</button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-check">
|
||||
<label for="invalid_only" class="form-check-label">
|
||||
<input id="invalid_only" name="invalid_only" type="checkbox" class="checkboxinput form-check-input" checked>
|
||||
@ -47,28 +53,65 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{# Popup to add new Soge credits manually if needed #}
|
||||
<div class="modal fade" id="add-sogecredit-modal" tabindex="-1" role="dialog" aria-labelledby="addSogeCredit"
|
||||
aria-hidden="true">
|
||||
<div class="modal-dialog" role="document">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<h5 class="modal-title" id="lockNote">{% trans "Add credit from the Société générale" %}</h5>
|
||||
<button type="button" class="close btn-modal" data-dismiss="modal" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
{{ form|crispy }}
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-secondary btn-modal" data-dismiss="modal">{% trans "Close" %}</button>
|
||||
<button type="button" class="btn btn-success btn-modal" data-dismiss="modal" onclick="addSogeCredit()">{% trans "Add" %}</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block extrajavascript %}
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function () {
|
||||
let old_pattern = null;
|
||||
let searchbar_obj = $("#searchbar");
|
||||
let invalid_only_obj = $("#invalid_only");
|
||||
let old_pattern = null;
|
||||
let searchbar_obj = $("#searchbar");
|
||||
let invalid_only_obj = $("#invalid_only");
|
||||
|
||||
function reloadTable() {
|
||||
let pattern = searchbar_obj.val();
|
||||
function reloadTable() {
|
||||
let pattern = searchbar_obj.val();
|
||||
|
||||
$("#credits_table").load(location.pathname + "?search=" + pattern.replace(" ", "%20") + (
|
||||
invalid_only_obj.is(':checked') ? "" : "&valid=1") + " #credits_table");
|
||||
$("#credits_table").load(location.pathname + "?search=" + pattern.replace(" ", "%20") + (
|
||||
invalid_only_obj.is(':checked') ? "" : "&valid=1") + " #credits_table");
|
||||
|
||||
$(".table-row").click(function () {
|
||||
window.document.location = $(this).data("href");
|
||||
});
|
||||
}
|
||||
$(".table-row").click(function () {
|
||||
window.document.location = $(this).data("href");
|
||||
});
|
||||
}
|
||||
|
||||
searchbar_obj.keyup(reloadTable);
|
||||
invalid_only_obj.change(reloadTable);
|
||||
});
|
||||
searchbar_obj.keyup(reloadTable);
|
||||
invalid_only_obj.change(reloadTable);
|
||||
|
||||
function addSogeCredit() {
|
||||
let user_pk = $('#id_user_pk').val()
|
||||
if (!user_pk)
|
||||
return
|
||||
|
||||
$.post('/api/treasury/soge_credit/?format=json', {
|
||||
csrfmiddlewaretoken: CSRF_TOKEN,
|
||||
user: user_pk,
|
||||
}).done(function() {
|
||||
addMsg("{% trans "Credit successfully registered" %}", 'success', 10000)
|
||||
reloadTable()
|
||||
}).fail(function (xhr) {
|
||||
errMsg(xhr.responseJSON, 30000)
|
||||
reloadTable()
|
||||
})
|
||||
}
|
||||
</script>
|
||||
{% endblock %}
|
||||
@ -25,7 +25,8 @@ from note_kfet.settings.base import BASE_DIR
|
||||
from permission.backends import PermissionBackend
|
||||
from permission.views import ProtectQuerysetMixin, ProtectedCreateView
|
||||
|
||||
from .forms import InvoiceForm, ProductFormSet, ProductFormSetHelper, RemittanceForm, LinkTransactionToRemittanceForm
|
||||
from .forms import InvoiceForm, ProductFormSet, ProductFormSetHelper, RemittanceForm, \
|
||||
LinkTransactionToRemittanceForm, SogeCreditForm
|
||||
from .models import Invoice, Product, Remittance, SpecialTransactionProxy, SogeCredit
|
||||
from .tables import InvoiceTable, RemittanceTable, SpecialTransactionTable, SogeCreditTable
|
||||
|
||||
@ -107,7 +108,7 @@ class InvoiceListView(LoginRequiredMixin, SingleTableView):
|
||||
name="",
|
||||
address="",
|
||||
)
|
||||
if not PermissionBackend.check_perm(self.request.user, "treasury.add_invoice", sample_invoice):
|
||||
if not PermissionBackend.check_perm(self.request, "treasury.add_invoice", sample_invoice):
|
||||
raise PermissionDenied(_("You are not able to see the treasury interface."))
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
@ -194,7 +195,7 @@ class InvoiceRenderView(LoginRequiredMixin, View):
|
||||
|
||||
def get(self, request, **kwargs):
|
||||
pk = kwargs["pk"]
|
||||
invoice = Invoice.objects.filter(PermissionBackend.filter_queryset(request.user, Invoice, "view")).get(pk=pk)
|
||||
invoice = Invoice.objects.filter(PermissionBackend.filter_queryset(request, Invoice, "view")).get(pk=pk)
|
||||
tex = invoice.tex
|
||||
|
||||
try:
|
||||
@ -259,7 +260,7 @@ class RemittanceCreateView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
|
||||
context["table"] = RemittanceTable(
|
||||
data=Remittance.objects.filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Remittance, "view")).all())
|
||||
PermissionBackend.filter_queryset(self.request, Remittance, "view")).all())
|
||||
context["special_transactions"] = SpecialTransactionTable(data=SpecialTransaction.objects.none())
|
||||
|
||||
return context
|
||||
@ -281,7 +282,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
|
||||
remittance_type_id=1,
|
||||
comment="",
|
||||
)
|
||||
if not PermissionBackend.check_perm(self.request.user, "treasury.add_remittance", sample_remittance):
|
||||
if not PermissionBackend.check_perm(self.request, "treasury.add_remittance", sample_remittance):
|
||||
raise PermissionDenied(_("You are not able to see the treasury interface."))
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
@ -290,7 +291,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
|
||||
|
||||
opened_remittances = RemittanceTable(
|
||||
data=Remittance.objects.filter(closed=False).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Remittance, "view")).all(),
|
||||
PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
|
||||
prefix="opened-remittances-",
|
||||
)
|
||||
opened_remittances.paginate(page=self.request.GET.get("opened-remittances-page", 1), per_page=10)
|
||||
@ -298,7 +299,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
|
||||
|
||||
closed_remittances = RemittanceTable(
|
||||
data=Remittance.objects.filter(closed=True).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Remittance, "view")).all(),
|
||||
PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
|
||||
prefix="closed-remittances-",
|
||||
)
|
||||
closed_remittances.paginate(page=self.request.GET.get("closed-remittances-page", 1), per_page=10)
|
||||
@ -307,7 +308,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
|
||||
no_remittance_tr = SpecialTransactionTable(
|
||||
data=SpecialTransaction.objects.filter(source__in=NoteSpecial.objects.filter(~Q(remittancetype=None)),
|
||||
specialtransactionproxy__remittance=None).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Remittance, "view")).all(),
|
||||
PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
|
||||
exclude=('remittance_remove', ),
|
||||
prefix="no-remittance-",
|
||||
)
|
||||
@ -317,7 +318,7 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
|
||||
with_remittance_tr = SpecialTransactionTable(
|
||||
data=SpecialTransaction.objects.filter(source__in=NoteSpecial.objects.filter(~Q(remittancetype=None)),
|
||||
specialtransactionproxy__remittance__closed=False).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Remittance, "view")).all(),
|
||||
PermissionBackend.filter_queryset(self.request, Remittance, "view")).all(),
|
||||
exclude=('remittance_add', ),
|
||||
prefix="with-remittance-",
|
||||
)
|
||||
@ -342,7 +343,7 @@ class RemittanceUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView)
|
||||
context = super().get_context_data(**kwargs)
|
||||
|
||||
data = SpecialTransaction.objects.filter(specialtransactionproxy__remittance=self.object).filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, Remittance, "view")).all()
|
||||
PermissionBackend.filter_queryset(self.request, Remittance, "view")).all()
|
||||
context["special_transactions"] = SpecialTransactionTable(
|
||||
data=data,
|
||||
exclude=('remittance_add', 'remittance_remove', ) if self.object.closed else ('remittance_add', ))
|
||||
@ -433,6 +434,11 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
|
||||
|
||||
return qs
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context['form'] = SogeCreditForm(self.request.POST or None)
|
||||
return context
|
||||
|
||||
|
||||
class SogeCreditManageView(LoginRequiredMixin, ProtectQuerysetMixin, BaseFormView, DetailView):
|
||||
"""
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from .registration import WEIForm, WEIRegistrationForm, WEIMembershipForm, BusForm, BusTeamForm
|
||||
from .registration import WEIForm, WEIRegistrationForm, WEIMembership1AForm, WEIMembershipForm, BusForm, BusTeamForm
|
||||
from .surveys import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, CurrentSurvey
|
||||
|
||||
__all__ = [
|
||||
'WEIForm', 'WEIRegistrationForm', 'WEIMembershipForm', 'BusForm', 'BusTeamForm',
|
||||
'WEIForm', 'WEIRegistrationForm', 'WEIMembership1AForm', 'WEIMembershipForm', 'BusForm', 'BusTeamForm',
|
||||
'WEISurvey', 'WEISurveyInformation', 'WEISurveyAlgorithm', 'CurrentSurvey',
|
||||
]
|
||||
|
||||
@ -6,7 +6,7 @@ from django.contrib.auth.models import User
|
||||
from django.db.models import Q
|
||||
from django.forms import CheckboxSelectMultiple
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from note.models import NoteSpecial
|
||||
from note.models import NoteSpecial, NoteUser
|
||||
from note_kfet.inputs import AmountInput, DatePickerInput, Autocomplete, ColorWidget
|
||||
|
||||
from ..models import WEIClub, WEIRegistration, Bus, BusTeam, WEIMembership, WEIRole
|
||||
@ -27,6 +27,15 @@ class WEIForm(forms.ModelForm):
|
||||
|
||||
|
||||
class WEIRegistrationForm(forms.ModelForm):
|
||||
def clean(self):
|
||||
cleaned_data = super().clean()
|
||||
|
||||
if 'user' in cleaned_data:
|
||||
if not NoteUser.objects.filter(user=cleaned_data['user']).exists():
|
||||
self.add_error('user', _("The selected user is not validated. Please validate its account first"))
|
||||
|
||||
return cleaned_data
|
||||
|
||||
class Meta:
|
||||
model = WEIRegistration
|
||||
exclude = ('wei', )
|
||||
@ -39,8 +48,7 @@ class WEIRegistrationForm(forms.ModelForm):
|
||||
'placeholder': 'Nom ...',
|
||||
},
|
||||
),
|
||||
"birth_date": DatePickerInput(options={'defaultDate': '2000-01-01',
|
||||
'minDate': '1900-01-01',
|
||||
"birth_date": DatePickerInput(options={'minDate': '1900-01-01',
|
||||
'maxDate': '2100-01-01'}),
|
||||
}
|
||||
|
||||
@ -109,7 +117,8 @@ class WEIMembershipForm(forms.ModelForm):
|
||||
|
||||
def clean(self):
|
||||
cleaned_data = super().clean()
|
||||
if cleaned_data["team"] is not None and cleaned_data["team"].bus != cleaned_data["bus"]:
|
||||
if 'team' in cleaned_data and cleaned_data["team"] is not None \
|
||||
and cleaned_data["team"].bus != cleaned_data["bus"]:
|
||||
self.add_error('bus', _("This team doesn't belong to the given bus."))
|
||||
return cleaned_data
|
||||
|
||||
@ -135,10 +144,24 @@ class WEIMembershipForm(forms.ModelForm):
|
||||
}
|
||||
|
||||
|
||||
class WEIMembership1AForm(WEIMembershipForm):
|
||||
"""
|
||||
Used to confirm registrations of first year members without choosing a bus now.
|
||||
"""
|
||||
roles = None
|
||||
|
||||
def clean(self):
|
||||
return super(forms.ModelForm, self).clean()
|
||||
|
||||
class Meta:
|
||||
model = WEIMembership
|
||||
fields = ('credit_type', 'credit_amount', 'last_name', 'first_name', 'bank',)
|
||||
|
||||
|
||||
class BusForm(forms.ModelForm):
|
||||
class Meta:
|
||||
model = Bus
|
||||
exclude = ('information_json',)
|
||||
fields = '__all__'
|
||||
widgets = {
|
||||
"wei": Autocomplete(
|
||||
WEIClub,
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from typing import Optional
|
||||
from typing import Optional, List
|
||||
|
||||
from django.db.models import QuerySet
|
||||
from django.forms import Form
|
||||
|
||||
from ...models import WEIClub, WEIRegistration, Bus
|
||||
from ...models import WEIClub, WEIRegistration, Bus, WEIMembership
|
||||
|
||||
|
||||
class WEISurveyInformation:
|
||||
@ -50,6 +50,20 @@ class WEIBusInformation:
|
||||
self.bus.information = d
|
||||
self.bus.save()
|
||||
|
||||
def free_seats(self, surveys: List["WEISurvey"] = None, quotas=None):
|
||||
if not quotas:
|
||||
size = self.bus.size
|
||||
already_occupied = WEIMembership.objects.filter(bus=self.bus).count()
|
||||
quotas = {self.bus: size - already_occupied}
|
||||
|
||||
quota = quotas[self.bus]
|
||||
valid_surveys = sum(1 for survey in surveys if survey.information.valid
|
||||
and survey.information.get_selected_bus() == self.bus) if surveys else 0
|
||||
return quota - valid_surveys
|
||||
|
||||
def has_free_seats(self, surveys=None, quotas=None):
|
||||
return self.free_seats(surveys, quotas) > 0
|
||||
|
||||
|
||||
class WEISurveyAlgorithm:
|
||||
"""
|
||||
@ -76,14 +90,20 @@ class WEISurveyAlgorithm:
|
||||
"""
|
||||
Queryset of all first year registrations
|
||||
"""
|
||||
return WEIRegistration.objects.filter(wei__year=cls.get_survey_class().get_year(), first_year=True)
|
||||
if not hasattr(cls, '_registrations'):
|
||||
cls._registrations = WEIRegistration.objects.filter(wei__year=cls.get_survey_class().get_year(),
|
||||
first_year=True).all()
|
||||
|
||||
return cls._registrations
|
||||
|
||||
@classmethod
|
||||
def get_buses(cls) -> QuerySet:
|
||||
"""
|
||||
Queryset of all buses of the associated wei.
|
||||
"""
|
||||
return Bus.objects.filter(wei__year=cls.get_survey_class().get_year())
|
||||
if not hasattr(cls, '_buses'):
|
||||
cls._buses = Bus.objects.filter(wei__year=cls.get_survey_class().get_year(), size__gt=0).all()
|
||||
return cls._buses
|
||||
|
||||
@classmethod
|
||||
def get_bus_information(cls, bus):
|
||||
@ -125,7 +145,10 @@ class WEISurvey:
|
||||
"""
|
||||
The WEI associated to this kind of survey.
|
||||
"""
|
||||
return WEIClub.objects.get(year=cls.get_year())
|
||||
if not hasattr(cls, '_wei'):
|
||||
cls._wei = WEIClub.objects.get(year=cls.get_year())
|
||||
|
||||
return cls._wei
|
||||
|
||||
@classmethod
|
||||
def get_survey_information_class(cls):
|
||||
@ -192,3 +215,23 @@ class WEISurvey:
|
||||
self.information.selected_bus_pk = bus.pk
|
||||
self.information.selected_bus_name = bus.name
|
||||
self.information.valid = True
|
||||
|
||||
def free(self) -> None:
|
||||
"""
|
||||
Unselect the select bus.
|
||||
"""
|
||||
self.information.selected_bus_pk = None
|
||||
self.information.selected_bus_name = None
|
||||
self.information.valid = False
|
||||
|
||||
@classmethod
|
||||
def clear_cache(cls):
|
||||
"""
|
||||
Clear stored information.
|
||||
"""
|
||||
if hasattr(cls, '_wei'):
|
||||
del cls._wei
|
||||
if hasattr(cls.get_algorithm_class(), '_registrations'):
|
||||
del cls.get_algorithm_class()._registrations
|
||||
if hasattr(cls.get_algorithm_class(), '_buses'):
|
||||
del cls.get_algorithm_class()._buses
|
||||
|
||||
@ -1,23 +1,28 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
import time
|
||||
from functools import lru_cache
|
||||
from random import Random
|
||||
|
||||
from django import forms
|
||||
from django.db import transaction
|
||||
from django.db.models import Q
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, WEIBusInformation
|
||||
from ...models import Bus
|
||||
from ...models import WEIMembership
|
||||
|
||||
|
||||
# TODO: Use new words
|
||||
WORDS = ['Rap', 'Retro', 'DJ', 'Rock', 'Jazz', 'Chansons Populaires', 'Chansons Paillardes', 'Pop', 'Fanfare',
|
||||
'Biere', 'Pastis', 'Vodka', 'Cocktails', 'Eau', 'Sirop', 'Jus de fruit', 'Binge Drinking', 'Rhum',
|
||||
'Eau de vie', 'Apéro', 'Morning beer', 'Huit-six', 'Jeux de societé', 'Jeux de cartes', 'Danse', 'Karaoké',
|
||||
'Bière Pong', 'Poker', 'Loup Garou', 'Films', "Jeux d'alcool", 'Sport', 'Rangées de cul', 'Chips', 'BBQ',
|
||||
'Kebab', 'Saucisse', 'Vegan', 'Vege', 'LGBTIQ+', 'Dab', 'Solitaire', 'Séducteur', 'Sociale', 'Chanteur',
|
||||
'Se lacher', 'Chill', 'Débile', 'Beauf', 'Bon enfant']
|
||||
WORDS = [
|
||||
'13 organisé', '3ième mi temps', 'Années 2000', 'Apéro', 'BBQ', 'BP', 'Beauf', 'Binge drinking', 'Bon enfant',
|
||||
'Cartouche', 'Catacombes', 'Chansons paillardes', 'Chansons populaires', 'Chanteur', 'Chartreuse', 'Chill',
|
||||
'Core', 'DJ', 'Dancefloor', 'Danse', 'David Guetta', 'Disco', 'Eau de vie', 'Électro', 'Escalade', 'Familial',
|
||||
'Fanfare', 'Fracassage', 'Féria', 'Hard rock', 'Hoeggarden', 'House', 'Huit-six', 'IPA', 'Inclusif', 'Inferno',
|
||||
'Introverti', 'Jager bomb', 'Jazz', 'Jeux d\'alcool', 'Jeux de rôles', 'Jeux vidéo', 'Jul', 'Jus de fruit',
|
||||
'Karaoké', 'LGBTQI+', 'Lady Gaga', 'Loup garou', 'Morning beer', 'Métal', 'Nuit blanche', 'Ovalie', 'Psychedelic',
|
||||
'Pétanque', 'Rave', 'Reggae', 'Rhum', 'Ricard', 'Rock', 'Rosé', 'Rétro', 'Séducteur', 'Techno', 'Thérapie taxi',
|
||||
'Théâtre', 'Trap', 'Turn up', 'Underground', 'Volley', 'Wati B', 'Zinédine Zidane',
|
||||
]
|
||||
|
||||
|
||||
class WEISurveyForm2021(forms.Form):
|
||||
@ -39,19 +44,31 @@ class WEISurveyForm2021(forms.Form):
|
||||
if not information.seed:
|
||||
information.seed = int(1000 * time.time())
|
||||
information.save(registration)
|
||||
registration._force_save = True
|
||||
registration.save()
|
||||
|
||||
rng = Random(information.seed)
|
||||
|
||||
words = []
|
||||
for _ in range(information.step + 1):
|
||||
# Generate N times words
|
||||
words = [rng.choice(WORDS) for _ in range(10)]
|
||||
words = [(w, w) for w in words]
|
||||
if self.data:
|
||||
self.fields["word"].choices = [(w, w) for w in WORDS]
|
||||
if self.is_valid():
|
||||
return
|
||||
|
||||
rng = Random((information.step + 1) * information.seed)
|
||||
|
||||
words = None
|
||||
|
||||
buses = WEISurveyAlgorithm2021.get_buses()
|
||||
informations = {bus: WEIBusInformation2021(bus) for bus in buses}
|
||||
scores = sum((list(informations[bus].scores.values()) for bus in buses), [])
|
||||
average_score = sum(scores) / len(scores)
|
||||
|
||||
preferred_words = {bus: [word for word in WORDS
|
||||
if informations[bus].scores[word] >= average_score]
|
||||
for bus in buses}
|
||||
while words is None or len(set(words)) != len(words):
|
||||
# Ensure that there is no the same word 2 times
|
||||
words = [rng.choice(words) for _ignored2, words in preferred_words.items()]
|
||||
rng.shuffle(words)
|
||||
words = [(w, w) for w in words]
|
||||
self.fields["word"].choices = words
|
||||
|
||||
|
||||
@ -59,9 +76,12 @@ class WEIBusInformation2021(WEIBusInformation):
|
||||
"""
|
||||
For each word, the bus has a score
|
||||
"""
|
||||
scores: dict
|
||||
|
||||
def __init__(self, bus):
|
||||
self.scores = {}
|
||||
for word in WORDS:
|
||||
setattr(self, word, 0.0)
|
||||
self.scores[word] = 0.0
|
||||
super().__init__(bus)
|
||||
|
||||
|
||||
@ -119,12 +139,46 @@ class WEISurvey2021(WEISurvey):
|
||||
"""
|
||||
return self.information.step == 20
|
||||
|
||||
@classmethod
|
||||
@lru_cache()
|
||||
def word_mean(cls, word):
|
||||
"""
|
||||
Calculate the mid-score given by all buses.
|
||||
"""
|
||||
buses = cls.get_algorithm_class().get_buses()
|
||||
return sum([cls.get_algorithm_class().get_bus_information(bus).scores[word] for bus in buses]) / buses.count()
|
||||
|
||||
@lru_cache()
|
||||
def score(self, bus):
|
||||
if not self.is_complete():
|
||||
raise ValueError("Survey is not ended, can't calculate score")
|
||||
|
||||
bus_info = self.get_algorithm_class().get_bus_information(bus)
|
||||
# Score is the given score by the bus subtracted to the mid-score of the buses.
|
||||
s = sum(bus_info.scores[getattr(self.information, 'word' + str(i))]
|
||||
- self.word_mean(getattr(self.information, 'word' + str(i))) for i in range(1, 21)) / 20
|
||||
return s
|
||||
|
||||
@lru_cache()
|
||||
def scores_per_bus(self):
|
||||
return {bus: self.score(bus) for bus in self.get_algorithm_class().get_buses()}
|
||||
|
||||
@lru_cache()
|
||||
def ordered_buses(self):
|
||||
values = list(self.scores_per_bus().items())
|
||||
values.sort(key=lambda item: -item[1])
|
||||
return values
|
||||
|
||||
@classmethod
|
||||
def clear_cache(cls):
|
||||
cls.word_mean.cache_clear()
|
||||
return super().clear_cache()
|
||||
|
||||
|
||||
class WEISurveyAlgorithm2021(WEISurveyAlgorithm):
|
||||
"""
|
||||
The algorithm class for the year 2021.
|
||||
For now, the algorithm is quite simple: the selected bus is the chosen bus.
|
||||
TODO: Improve this algorithm.
|
||||
We use Gale-Shapley algorithm to attribute 1y students into buses.
|
||||
"""
|
||||
|
||||
@classmethod
|
||||
@ -135,9 +189,105 @@ class WEISurveyAlgorithm2021(WEISurveyAlgorithm):
|
||||
def get_bus_information_class(cls):
|
||||
return WEIBusInformation2021
|
||||
|
||||
def run_algorithm(self):
|
||||
for registration in self.get_registrations():
|
||||
survey = self.get_survey_class()(registration)
|
||||
rng = Random(survey.information.seed)
|
||||
survey.select_bus(rng.choice(Bus.objects.all()))
|
||||
def run_algorithm(self, display_tqdm=False):
|
||||
"""
|
||||
Gale-Shapley algorithm implementation.
|
||||
We modify it to allow buses to have multiple "weddings".
|
||||
"""
|
||||
surveys = list(self.get_survey_class()(r) for r in self.get_registrations()) # All surveys
|
||||
surveys = [s for s in surveys if s.is_complete()] # Don't consider invalid surveys
|
||||
# Don't manage hardcoded people
|
||||
surveys = [s for s in surveys if not hasattr(s.information, 'hardcoded') or not s.information.hardcoded]
|
||||
|
||||
# Reset previous algorithm run
|
||||
for survey in surveys:
|
||||
survey.free()
|
||||
survey.save()
|
||||
|
||||
non_men = [s for s in surveys if s.registration.gender != 'male']
|
||||
men = [s for s in surveys if s.registration.gender == 'male']
|
||||
|
||||
quotas = {}
|
||||
registrations = self.get_registrations()
|
||||
non_men_total = registrations.filter(~Q(gender='male')).count()
|
||||
for bus in self.get_buses():
|
||||
free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
|
||||
# Remove hardcoded people
|
||||
free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
|
||||
registration__information_json__icontains="hardcoded").count()
|
||||
quotas[bus] = 4 + int(non_men_total / registrations.count() * free_seats)
|
||||
|
||||
tqdm_obj = None
|
||||
if display_tqdm:
|
||||
from tqdm import tqdm
|
||||
tqdm_obj = tqdm(total=len(non_men), desc="Non-hommes")
|
||||
|
||||
# Repartition for non men people first
|
||||
self.make_repartition(non_men, quotas, tqdm_obj=tqdm_obj)
|
||||
|
||||
quotas = {}
|
||||
for bus in self.get_buses():
|
||||
free_seats = bus.size - WEIMembership.objects.filter(bus=bus, registration__first_year=False).count()
|
||||
free_seats -= sum(1 for s in non_men if s.information.selected_bus_pk == bus.pk)
|
||||
# Remove hardcoded people
|
||||
free_seats -= WEIMembership.objects.filter(bus=bus, registration__first_year=True,
|
||||
registration__information_json__icontains="hardcoded").count()
|
||||
quotas[bus] = free_seats
|
||||
|
||||
if display_tqdm:
|
||||
tqdm_obj.close()
|
||||
|
||||
from tqdm import tqdm
|
||||
tqdm_obj = tqdm(total=len(men), desc="Hommes")
|
||||
|
||||
self.make_repartition(men, quotas, tqdm_obj=tqdm_obj)
|
||||
|
||||
if display_tqdm:
|
||||
tqdm_obj.close()
|
||||
|
||||
# Clear cache information after running algorithm
|
||||
WEISurvey2021.clear_cache()
|
||||
|
||||
def make_repartition(self, surveys, quotas=None, tqdm_obj=None):
|
||||
free_surveys = surveys.copy() # Remaining surveys
|
||||
while free_surveys: # Some students are not affected
|
||||
survey = free_surveys[0]
|
||||
buses = survey.ordered_buses() # Preferences of the student
|
||||
for bus, current_score in buses:
|
||||
if self.get_bus_information(bus).has_free_seats(surveys, quotas):
|
||||
# Selected bus has free places. Put student in the bus
|
||||
survey.select_bus(bus)
|
||||
survey.save()
|
||||
free_surveys.remove(survey)
|
||||
break
|
||||
else:
|
||||
# Current bus has not enough places. Remove the least preferred student from the bus if existing
|
||||
least_preferred_survey = None
|
||||
least_score = -1
|
||||
# Find the least student in the bus that has a lower score than the current student
|
||||
for survey2 in surveys:
|
||||
if not survey2.information.valid or survey2.information.get_selected_bus() != bus:
|
||||
continue
|
||||
score2 = survey2.score(bus)
|
||||
if current_score <= score2: # Ignore better students
|
||||
continue
|
||||
if least_preferred_survey is None or score2 < least_score:
|
||||
least_preferred_survey = survey2
|
||||
least_score = score2
|
||||
|
||||
if least_preferred_survey is not None:
|
||||
# Remove the least student from the bus and put the current student in.
|
||||
# If it does not exist, choose the next bus.
|
||||
least_preferred_survey.free()
|
||||
least_preferred_survey.save()
|
||||
free_surveys.append(least_preferred_survey)
|
||||
survey.select_bus(bus)
|
||||
survey.save()
|
||||
free_surveys.remove(survey)
|
||||
break
|
||||
else:
|
||||
raise ValueError(f"User {survey.registration.user} has no free seat")
|
||||
|
||||
if tqdm_obj is not None:
|
||||
tqdm_obj.n = len(surveys) - len(free_surveys)
|
||||
tqdm_obj.refresh()
|
||||
|
||||
50
apps/wei/management/commands/import_scores.py
Normal file
50
apps/wei/management/commands/import_scores.py
Normal file
@ -0,0 +1,50 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
import argparse
|
||||
import sys
|
||||
|
||||
from django.core.management import BaseCommand
|
||||
from django.db import transaction
|
||||
|
||||
from ...forms import CurrentSurvey
|
||||
from ...forms.surveys.wei2021 import WORDS # WARNING: this is specific to 2021
|
||||
from ...models import Bus
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
"""
|
||||
This script is used to load scores for buses from a CSV file.
|
||||
"""
|
||||
def add_arguments(self, parser):
|
||||
parser.add_argument('file', nargs='?', type=argparse.FileType('r'), default=sys.stdin, help='Input CSV file')
|
||||
|
||||
@transaction.atomic
|
||||
def handle(self, *args, **options):
|
||||
file = options['file']
|
||||
head = file.readline().replace('\n', '')
|
||||
bus_names = head.split(';')
|
||||
bus_names = [name for name in bus_names if name]
|
||||
buses = []
|
||||
for name in bus_names:
|
||||
qs = Bus.objects.filter(name__iexact=name)
|
||||
if not qs.exists():
|
||||
raise ValueError(f"Bus '{name}' does not exist")
|
||||
buses.append(qs.get())
|
||||
|
||||
informations = {bus: CurrentSurvey.get_algorithm_class().get_bus_information(bus) for bus in buses}
|
||||
|
||||
for line in file:
|
||||
elem = line.split(';')
|
||||
word = elem[0]
|
||||
if word not in WORDS:
|
||||
raise ValueError(f"Word {word} is not used")
|
||||
|
||||
for i, bus in enumerate(buses):
|
||||
info = informations[bus]
|
||||
info.scores[word] = float(elem[i + 1].replace(',', '.'))
|
||||
|
||||
for bus, info in informations.items():
|
||||
info.save()
|
||||
bus.save()
|
||||
if options['verbosity'] > 0:
|
||||
self.stdout.write(f"Bus {bus.name} saved!")
|
||||
@ -5,7 +5,7 @@ from argparse import ArgumentParser, FileType
|
||||
from django.core.management import BaseCommand
|
||||
from django.db import transaction
|
||||
|
||||
from wei.forms import CurrentSurvey
|
||||
from ...forms import CurrentSurvey
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
@ -24,17 +24,31 @@ class Command(BaseCommand):
|
||||
sid = transaction.savepoint()
|
||||
|
||||
algorithm = CurrentSurvey.get_algorithm_class()()
|
||||
algorithm.run_algorithm()
|
||||
|
||||
try:
|
||||
from tqdm import tqdm
|
||||
del tqdm
|
||||
display_tqdm = True
|
||||
except ImportError:
|
||||
display_tqdm = False
|
||||
|
||||
algorithm.run_algorithm(display_tqdm=display_tqdm)
|
||||
|
||||
output = options['output']
|
||||
registrations = algorithm.get_registrations()
|
||||
per_bus = {bus: [r for r in registrations if r.information['selected_bus_pk'] == bus.pk]
|
||||
per_bus = {bus: [r for r in registrations if 'selected_bus_pk' in r.information
|
||||
and r.information['selected_bus_pk'] == bus.pk]
|
||||
for bus in algorithm.get_buses()}
|
||||
for bus, members in per_bus.items():
|
||||
output.write(bus.name + "\n")
|
||||
output.write("=" * len(bus.name) + "\n")
|
||||
_order = -1
|
||||
for r in members:
|
||||
output.write(r.user.username + "\n")
|
||||
survey = CurrentSurvey(r)
|
||||
for _order, (b, _score) in enumerate(survey.ordered_buses()):
|
||||
if b == bus:
|
||||
break
|
||||
output.write(f"{r.user.username} ({_order + 1})\n")
|
||||
output.write("\n")
|
||||
|
||||
if not options['doit']:
|
||||
|
||||
18
apps/wei/migrations/0003_bus_size.py
Normal file
18
apps/wei/migrations/0003_bus_size.py
Normal file
@ -0,0 +1,18 @@
|
||||
# Generated by Django 2.2.19 on 2021-08-25 21:25
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('wei', '0002_auto_20210313_1235'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='bus',
|
||||
name='size',
|
||||
field=models.IntegerField(default=50, verbose_name='seat count in the bus'),
|
||||
),
|
||||
]
|
||||
@ -7,6 +7,7 @@ from datetime import date
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import User
|
||||
from django.db import models
|
||||
from django.db.models import Q
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from phonenumber_field.modelfields import PhoneNumberField
|
||||
from member.models import Club, Membership
|
||||
@ -66,6 +67,11 @@ class Bus(models.Model):
|
||||
verbose_name=_("name"),
|
||||
)
|
||||
|
||||
size = models.IntegerField(
|
||||
verbose_name=_("seat count in the bus"),
|
||||
default=50,
|
||||
)
|
||||
|
||||
description = models.TextField(
|
||||
blank=True,
|
||||
default="",
|
||||
@ -91,7 +97,14 @@ class Bus(models.Model):
|
||||
"""
|
||||
Store information as a JSON string
|
||||
"""
|
||||
self.information_json = json.dumps(information)
|
||||
self.information_json = json.dumps(information, indent=2)
|
||||
|
||||
@property
|
||||
def suggested_first_year(self):
|
||||
registrations = WEIRegistration.objects.filter(Q(membership__isnull=True) | Q(membership__bus__isnull=True),
|
||||
first_year=True, wei=self.wei)
|
||||
registrations = [r for r in registrations if 'selected_bus_pk' in r.information]
|
||||
return sum(1 for r in registrations if r.information['selected_bus_pk'] == self.pk)
|
||||
|
||||
def __str__(self):
|
||||
return self.name
|
||||
@ -255,7 +268,34 @@ class WEIRegistration(models.Model):
|
||||
"""
|
||||
Store information as a JSON string
|
||||
"""
|
||||
self.information_json = json.dumps(information)
|
||||
self.information_json = json.dumps(information, indent=2)
|
||||
|
||||
@property
|
||||
def fee(self):
|
||||
bde = Club.objects.get(pk=1)
|
||||
kfet = Club.objects.get(pk=2)
|
||||
|
||||
kfet_member = Membership.objects.filter(
|
||||
club_id=kfet.id,
|
||||
user=self.user,
|
||||
date_start__gte=kfet.membership_start,
|
||||
).exists()
|
||||
bde_member = Membership.objects.filter(
|
||||
club_id=bde.id,
|
||||
user=self.user,
|
||||
date_start__gte=bde.membership_start,
|
||||
).exists()
|
||||
|
||||
fee = self.wei.membership_fee_paid if self.user.profile.paid \
|
||||
else self.wei.membership_fee_unpaid
|
||||
if not kfet_member:
|
||||
fee += kfet.membership_fee_paid if self.user.profile.paid \
|
||||
else kfet.membership_fee_unpaid
|
||||
if not bde_member:
|
||||
fee += bde.membership_fee_paid if self.user.profile.paid \
|
||||
else bde.membership_fee_unpaid
|
||||
|
||||
return fee
|
||||
|
||||
@property
|
||||
def is_validated(self):
|
||||
@ -332,8 +372,19 @@ class WEIMembership(Membership):
|
||||
# to treasurers.
|
||||
transaction.refresh_from_db()
|
||||
from treasury.models import SogeCredit
|
||||
soge_credit = SogeCredit.objects.get_or_create(user=self.user)[0]
|
||||
soge_credit, created = SogeCredit.objects.get_or_create(user=self.user)
|
||||
soge_credit.refresh_from_db()
|
||||
transaction.save()
|
||||
soge_credit.transactions.add(transaction)
|
||||
soge_credit.save()
|
||||
|
||||
soge_credit.update_transactions()
|
||||
soge_credit.save()
|
||||
|
||||
if soge_credit.valid and \
|
||||
soge_credit.credit_transaction.total != sum(tr.total for tr in soge_credit.transactions.all()):
|
||||
# The credit is already validated, but we add a new transaction (eg. for the WEI).
|
||||
# Then we invalidate the transaction, update the credit transaction amount
|
||||
# and re-validate the credit.
|
||||
soge_credit.validate(True)
|
||||
soge_credit.save()
|
||||
|
||||
@ -4,11 +4,12 @@
|
||||
from datetime import date
|
||||
|
||||
import django_tables2 as tables
|
||||
from django.db.models import Q
|
||||
from django.urls import reverse_lazy
|
||||
from django.utils.html import format_html
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django_tables2 import A
|
||||
from note_kfet.middlewares import get_current_authenticated_user
|
||||
from note_kfet.middlewares import get_current_request
|
||||
from permission.backends import PermissionBackend
|
||||
|
||||
from .models import WEIClub, WEIRegistration, Bus, BusTeam, WEIMembership
|
||||
@ -43,6 +44,7 @@ class WEIRegistrationTable(tables.Table):
|
||||
|
||||
edit = tables.LinkColumn(
|
||||
'wei:wei_update_registration',
|
||||
orderable=False,
|
||||
args=[A('pk')],
|
||||
verbose_name=_("Edit"),
|
||||
text=_("Edit"),
|
||||
@ -53,18 +55,14 @@ class WEIRegistrationTable(tables.Table):
|
||||
}
|
||||
}
|
||||
)
|
||||
validate = tables.LinkColumn(
|
||||
'wei:validate_registration',
|
||||
args=[A('pk')],
|
||||
|
||||
validate = tables.Column(
|
||||
verbose_name=_("Validate"),
|
||||
text=_("Validate"),
|
||||
orderable=False,
|
||||
accessor=A('pk'),
|
||||
attrs={
|
||||
'th': {
|
||||
'id': 'validate-membership-header'
|
||||
},
|
||||
'a': {
|
||||
'class': 'btn btn-success',
|
||||
'data-type': 'validate-membership'
|
||||
}
|
||||
}
|
||||
)
|
||||
@ -72,6 +70,7 @@ class WEIRegistrationTable(tables.Table):
|
||||
delete = tables.LinkColumn(
|
||||
'wei:wei_delete_registration',
|
||||
args=[A('pk')],
|
||||
orderable=False,
|
||||
verbose_name=_("delete"),
|
||||
text=_("Delete"),
|
||||
attrs={
|
||||
@ -87,7 +86,7 @@ class WEIRegistrationTable(tables.Table):
|
||||
|
||||
def render_validate(self, record):
|
||||
hasperm = PermissionBackend.check_perm(
|
||||
get_current_authenticated_user(), "wei.add_weimembership", WEIMembership(
|
||||
get_current_request(), "wei.add_weimembership", WEIMembership(
|
||||
club=record.wei,
|
||||
user=record.user,
|
||||
date_start=date.today(),
|
||||
@ -96,10 +95,26 @@ class WEIRegistrationTable(tables.Table):
|
||||
registration=record,
|
||||
)
|
||||
)
|
||||
return _("Validate") if hasperm else format_html("<span class='no-perm'></span>")
|
||||
if not hasperm:
|
||||
return format_html("<span class='no-perm'></span>")
|
||||
|
||||
url = reverse_lazy('wei:validate_registration', args=(record.pk,))
|
||||
text = _('Validate')
|
||||
if record.fee > record.user.note.balance and not record.soge_credit:
|
||||
btn_class = 'btn-secondary'
|
||||
tooltip = _("The user does not have enough money.")
|
||||
elif record.first_year:
|
||||
btn_class = 'btn-info'
|
||||
tooltip = _("The user is in first year. You may validate the credit, the algorithm will run later.")
|
||||
else:
|
||||
btn_class = 'btn-success'
|
||||
tooltip = _("The user has enough money, you can validate the registration.")
|
||||
|
||||
return format_html(f"<a class=\"btn {btn_class}\" data-type='validate-membership' data-toggle=\"tooltip\" "
|
||||
f"title=\"{tooltip}\" href=\"{url}\">{text}</a>")
|
||||
|
||||
def render_delete(self, record):
|
||||
hasperm = PermissionBackend.check_perm(get_current_authenticated_user(), "wei.delete_weimembership", record)
|
||||
hasperm = PermissionBackend.check_perm(get_current_request(), "wei.delete_weimembership", record)
|
||||
return _("Delete") if hasperm else format_html("<span class='no-perm'></span>")
|
||||
|
||||
class Meta:
|
||||
@ -108,7 +123,8 @@ class WEIRegistrationTable(tables.Table):
|
||||
}
|
||||
model = WEIRegistration
|
||||
template_name = 'django_tables2/bootstrap4.html'
|
||||
fields = ('user', 'user__first_name', 'user__last_name', 'first_year', 'caution_check',)
|
||||
fields = ('user', 'user__first_name', 'user__last_name', 'first_year', 'caution_check',
|
||||
'edit', 'validate', 'delete',)
|
||||
row_attrs = {
|
||||
'class': 'table-row',
|
||||
'id': lambda record: "row-" + str(record.pk),
|
||||
@ -154,6 +170,35 @@ class WEIMembershipTable(tables.Table):
|
||||
}
|
||||
|
||||
|
||||
class WEIRegistration1ATable(tables.Table):
|
||||
user = tables.LinkColumn(
|
||||
'wei:wei_bus_1A',
|
||||
args=[A('pk')],
|
||||
)
|
||||
|
||||
preferred_bus = tables.Column(
|
||||
verbose_name=_('preferred bus').capitalize,
|
||||
accessor='pk',
|
||||
orderable=False,
|
||||
)
|
||||
|
||||
def render_preferred_bus(self, record):
|
||||
information = record.information
|
||||
return information['selected_bus_name'] if 'selected_bus_name' in information else "—"
|
||||
|
||||
class Meta:
|
||||
attrs = {
|
||||
'class': 'table table-condensed table-striped table-hover'
|
||||
}
|
||||
model = WEIRegistration
|
||||
template_name = 'django_tables2/bootstrap4.html'
|
||||
fields = ('user', 'user__last_name', 'user__first_name', 'gender',
|
||||
'user__profile__department', 'preferred_bus', 'membership__bus', )
|
||||
row_attrs = {
|
||||
'class': lambda record: '' if 'selected_bus_pk' in record.information else 'bg-danger',
|
||||
}
|
||||
|
||||
|
||||
class BusTable(tables.Table):
|
||||
name = tables.LinkColumn(
|
||||
'wei:manage_bus',
|
||||
@ -230,3 +275,66 @@ class BusTeamTable(tables.Table):
|
||||
'id': lambda record: "row-" + str(record.pk),
|
||||
'data-href': lambda record: reverse_lazy('wei:manage_bus_team', args=(record.pk, ))
|
||||
}
|
||||
|
||||
|
||||
class BusRepartitionTable(tables.Table):
|
||||
name = tables.Column(
|
||||
verbose_name=_("name").capitalize,
|
||||
accessor='name',
|
||||
)
|
||||
|
||||
suggested_first_year = tables.Column(
|
||||
verbose_name=_("suggested first year").capitalize,
|
||||
accessor='pk',
|
||||
orderable=False,
|
||||
)
|
||||
|
||||
validated_first_year = tables.Column(
|
||||
verbose_name=_("validated first year").capitalize,
|
||||
accessor='pk',
|
||||
orderable=False,
|
||||
)
|
||||
|
||||
validated_staff = tables.Column(
|
||||
verbose_name=_("validated staff").capitalize,
|
||||
accessor='pk',
|
||||
orderable=False,
|
||||
)
|
||||
|
||||
size = tables.Column(
|
||||
verbose_name=_("seat count in the bus").capitalize,
|
||||
accessor='size',
|
||||
)
|
||||
|
||||
free_seats = tables.Column(
|
||||
verbose_name=_("free seats").capitalize,
|
||||
accessor='pk',
|
||||
orderable=False,
|
||||
)
|
||||
|
||||
def render_suggested_first_year(self, record):
|
||||
registrations = WEIRegistration.objects.filter(Q(membership__isnull=True) | Q(membership__bus__isnull=True),
|
||||
first_year=True, wei=record.wei)
|
||||
registrations = [r for r in registrations if 'selected_bus_pk' in r.information]
|
||||
return sum(1 for r in registrations if r.information['selected_bus_pk'] == record.pk)
|
||||
|
||||
def render_validated_first_year(self, record):
|
||||
return WEIRegistration.objects.filter(first_year=True, membership__bus=record).count()
|
||||
|
||||
def render_validated_staff(self, record):
|
||||
return WEIRegistration.objects.filter(first_year=False, membership__bus=record).count()
|
||||
|
||||
def render_free_seats(self, record):
|
||||
return record.size - self.render_validated_staff(record) - self.render_validated_first_year(record)
|
||||
|
||||
class Meta:
|
||||
attrs = {
|
||||
'class': 'table table-condensed table-striped table-hover'
|
||||
}
|
||||
models = Bus
|
||||
template_name = 'django_tables2/bootstrap4.html'
|
||||
fields = ('name', )
|
||||
row_attrs = {
|
||||
'class': 'table-row',
|
||||
'id': lambda record: "row-" + str(record.pk),
|
||||
}
|
||||
|
||||
20
apps/wei/templates/wei/1A_list.html
Normal file
20
apps/wei/templates/wei/1A_list.html
Normal file
@ -0,0 +1,20 @@
|
||||
{% extends "wei/base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load render_table from django_tables2 %}
|
||||
|
||||
{% block profile_content %}
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{% trans "Attribute first year members into buses" %}</h3>
|
||||
</div>
|
||||
|
||||
<div class="card-body">
|
||||
{% render_table bus_repartition_table %}
|
||||
<hr>
|
||||
<a href="{% url 'wei:wei_bus_1A_next' pk=club.pk %}" class="btn btn-block btn-success">{% trans "Start attribution!" %}</a>
|
||||
<hr>
|
||||
{% render_table table %}
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
88
apps/wei/templates/wei/attribute_bus_1A.html
Normal file
88
apps/wei/templates/wei/attribute_bus_1A.html
Normal file
@ -0,0 +1,88 @@
|
||||
{% extends "wei/base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block profile_content %}
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{% trans "Bus attribution" %}</h3>
|
||||
</div>
|
||||
|
||||
<div class="card-body">
|
||||
<dl class="row">
|
||||
<dt class="col-xl-6">{% trans 'user'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ object.user }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'last name'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ object.user.last_name }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'first name'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ object.user.first_name }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'gender'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ object.get_gender_display }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'department'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ object.user.profile.get_department_display }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'health issues'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ object.health_issues|default:"—" }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'suggested bus'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ survey.information.selected_bus_name }}</dd>
|
||||
</dl>
|
||||
|
||||
<div class="card">
|
||||
<div class="card-header">
|
||||
<button class="btn btn-link" data-toggle="collapse" data-target="#raw-survey">{% trans "View raw survey information" %}</button>
|
||||
</div>
|
||||
<div class="collapse" id="raw-survey">
|
||||
<dl class="row">
|
||||
{% for key, value in survey.registration.information.items %}
|
||||
<dt class="col-xl-6">{{ key }}</dt>
|
||||
<dd class="col-xl-6">{{ value }}</dd>
|
||||
{% endfor %}
|
||||
</dl>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<hr>
|
||||
|
||||
{% for bus, score in survey.ordered_buses %}
|
||||
<button class="btn btn-{% if bus.pk == survey.information.selected_bus_pk %}success{% else %}light{% endif %}" onclick="choose_bus({{ bus.pk }})">
|
||||
{{ bus }} ({{ score|floatformat:2 }}) : {{ bus.memberships.count }}+{{ bus.suggested_first_year }} / {{ bus.size }}
|
||||
</button>
|
||||
{% endfor %}
|
||||
|
||||
<a href="{% url 'wei:wei_1A_list' pk=object.wei.pk %}" class="btn btn-block btn-info">{% trans "Back to main list" %}</a>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block extrajavascript %}
|
||||
<script>
|
||||
function choose_bus(bus_id) {
|
||||
let valid_buses = [{% for bus, score in survey.ordered_buses %}{{ bus.pk }}, {% endfor %}];
|
||||
if (valid_buses.indexOf(bus_id) === -1) {
|
||||
console.log("Invalid chosen bus")
|
||||
return
|
||||
}
|
||||
|
||||
$.ajax({
|
||||
url: "/api/wei/membership/{{ object.membership.id }}/",
|
||||
type: "PATCH",
|
||||
dataType: "json",
|
||||
headers: {
|
||||
"X-CSRFTOKEN": CSRF_TOKEN
|
||||
},
|
||||
data: {
|
||||
bus: bus_id,
|
||||
}
|
||||
}).done(function () {
|
||||
window.location = "{% url 'wei:wei_bus_1A_next' pk=object.wei.pk %}"
|
||||
}).fail(function (xhr) {
|
||||
errMsg(xhr.responseJSON)
|
||||
})
|
||||
}
|
||||
</script>
|
||||
{% endblock %}
|
||||
@ -29,7 +29,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card">
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<a class="font-weight-bold">
|
||||
<i class="fa fa-bus"></i> {% trans "Teams" %}
|
||||
<svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
|
||||
</svg>
|
||||
{% trans "Teams" %}
|
||||
</a>
|
||||
</div>
|
||||
{% render_table teams %}
|
||||
@ -42,7 +45,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card">
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<a class="font-weight-bold">
|
||||
<i class="fa fa-bus"></i> {% trans "Members" %}
|
||||
<svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
|
||||
</svg>
|
||||
{% trans "Members" %}
|
||||
</a>
|
||||
</div>
|
||||
{% render_table memberships %}
|
||||
@ -51,7 +57,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<hr>
|
||||
|
||||
<a href="{% url 'wei:wei_memberships_bus_pdf' wei_pk=club.pk bus_pk=object.pk %}" data-turbolinks="false">
|
||||
<button class="btn btn-block btn-danger"><i class="fa fa-file-pdf-o"></i> {% trans "View as PDF" %}</button>
|
||||
<button class="btn btn-block btn-danger">
|
||||
<svg class="bi bi-file-pdf" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M5.523 12.424c.14-.082.293-.162.459-.238a7.878 7.878 0 0 1-.45.606c-.28.337-.498.516-.635.572a.266.266 0 0 1-.035.012.282.282 0 0 1-.026-.044c-.056-.11-.054-.216.04-.36.106-.165.319-.354.647-.548zm2.455-1.647c-.119.025-.237.05-.356.078a21.148 21.148 0 0 0 .5-1.05 12.045 12.045 0 0 0 .51.858c-.217.032-.436.07-.654.114zm2.525.939a3.881 3.881 0 0 1-.435-.41c.228.005.434.022.612.054.317.057.466.147.518.209a.095.095 0 0 1 .026.064.436.436 0 0 1-.06.2.307.307 0 0 1-.094.124.107.107 0 0 1-.069.015c-.09-.003-.258-.066-.498-.256zM8.278 6.97c-.04.244-.108.524-.2.829a4.86 4.86 0 0 1-.089-.346c-.076-.353-.087-.63-.046-.822.038-.177.11-.248.196-.283a.517.517 0 0 1 .145-.04c.013.03.028.092.032.198.005.122-.007.277-.038.465z"/>
|
||||
<path fill-rule="evenodd" d="M4 0h5.293A1 1 0 0 1 10 .293L13.707 4a1 1 0 0 1 .293.707V14a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2zm5.5 1.5v2a1 1 0 0 0 1 1h2l-3-3zM4.165 13.668c.09.18.23.343.438.419.207.075.412.04.58-.03.318-.13.635-.436.926-.786.333-.401.683-.927 1.021-1.51a11.651 11.651 0 0 1 1.997-.406c.3.383.61.713.91.95.28.22.603.403.934.417a.856.856 0 0 0 .51-.138c.155-.101.27-.247.354-.416.09-.181.145-.37.138-.563a.844.844 0 0 0-.2-.518c-.226-.27-.596-.4-.96-.465a5.76 5.76 0 0 0-1.335-.05 10.954 10.954 0 0 1-.98-1.686c.25-.66.437-1.284.52-1.794.036-.218.055-.426.048-.614a1.238 1.238 0 0 0-.127-.538.7.7 0 0 0-.477-.365c-.202-.043-.41 0-.601.077-.377.15-.576.47-.651.823-.073.34-.04.736.046 1.136.088.406.238.848.43 1.295a19.697 19.697 0 0 1-1.062 2.227 7.662 7.662 0 0 0-1.482.645c-.37.22-.699.48-.897.787-.21.326-.275.714-.08 1.103z"/>
|
||||
</svg>
|
||||
{% trans "View as PDF" %}
|
||||
</button>
|
||||
</a>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
@ -47,7 +47,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card">
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<a class="font-weight-bold">
|
||||
<i class="fa fa-bus"></i> {% trans "Teams" %}
|
||||
<svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
|
||||
</svg>
|
||||
{% trans "Teams" %}
|
||||
</a>
|
||||
</div>
|
||||
{% render_table memberships %}
|
||||
@ -57,7 +60,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
<a href="{% url 'wei:wei_memberships_team_pdf' wei_pk=club.pk bus_pk=object.bus.pk team_pk=object.pk %}"
|
||||
data-turbolinks="false">
|
||||
<button class="btn btn-block btn-danger"><i class="fa fa-file-pdf-o"></i> {% trans "View as PDF" %}</button>
|
||||
<button class="btn btn-block btn-danger">
|
||||
<svg class="bi bi-file-pdf" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M5.523 12.424c.14-.082.293-.162.459-.238a7.878 7.878 0 0 1-.45.606c-.28.337-.498.516-.635.572a.266.266 0 0 1-.035.012.282.282 0 0 1-.026-.044c-.056-.11-.054-.216.04-.36.106-.165.319-.354.647-.548zm2.455-1.647c-.119.025-.237.05-.356.078a21.148 21.148 0 0 0 .5-1.05 12.045 12.045 0 0 0 .51.858c-.217.032-.436.07-.654.114zm2.525.939a3.881 3.881 0 0 1-.435-.41c.228.005.434.022.612.054.317.057.466.147.518.209a.095.095 0 0 1 .026.064.436.436 0 0 1-.06.2.307.307 0 0 1-.094.124.107.107 0 0 1-.069.015c-.09-.003-.258-.066-.498-.256zM8.278 6.97c-.04.244-.108.524-.2.829a4.86 4.86 0 0 1-.089-.346c-.076-.353-.087-.63-.046-.822.038-.177.11-.248.196-.283a.517.517 0 0 1 .145-.04c.013.03.028.092.032.198.005.122-.007.277-.038.465z"/>
|
||||
<path fill-rule="evenodd" d="M4 0h5.293A1 1 0 0 1 10 .293L13.707 4a1 1 0 0 1 .293.707V14a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2zm5.5 1.5v2a1 1 0 0 0 1 1h2l-3-3zM4.165 13.668c.09.18.23.343.438.419.207.075.412.04.58-.03.318-.13.635-.436.926-.786.333-.401.683-.927 1.021-1.51a11.651 11.651 0 0 1 1.997-.406c.3.383.61.713.91.95.28.22.603.403.934.417a.856.856 0 0 0 .51-.138c.155-.101.27-.247.354-.416.09-.181.145-.37.138-.563a.844.844 0 0 0-.2-.518c-.226-.27-.596-.4-.96-.465a5.76 5.76 0 0 0-1.335-.05 10.954 10.954 0 0 1-.98-1.686c.25-.66.437-1.284.52-1.794.036-.218.055-.426.048-.614a1.238 1.238 0 0 0-.127-.538.7.7 0 0 0-.477-.365c-.202-.043-.41 0-.601.077-.377.15-.576.47-.651.823-.073.34-.04.736.046 1.136.088.406.238.848.43 1.295a19.697 19.697 0 0 1-1.062 2.227 7.662 7.662 0 0 0-1.482.645c-.37.22-.699.48-.897.787-.21.326-.275.714-.08 1.103z"/>
|
||||
</svg>
|
||||
{% trans "View as PDF" %}
|
||||
</button>
|
||||
</a>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
@ -48,7 +48,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card bg-white mb-3">
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<span class="font-weight-bold">
|
||||
<i class="fa fa-bus"></i> {% trans "Buses" %}
|
||||
<svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
|
||||
</svg>
|
||||
{% trans "Buses" %}
|
||||
</span>
|
||||
</div>
|
||||
{% render_table buses %}
|
||||
@ -60,7 +63,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card-header position-relative" id="clubListHeading">
|
||||
<a class="stretched-link font-weight-bold text-decoration-none"
|
||||
href="{% url "wei:wei_memberships" pk=club.pk %}">
|
||||
<i class="fa fa-users"></i> {% trans "Members of the WEI" %}
|
||||
<svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
<path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
|
||||
<path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
|
||||
</svg>
|
||||
{% trans "Members of the WEI" %}
|
||||
</a>
|
||||
</div>
|
||||
{% render_table member_list %}
|
||||
@ -72,7 +80,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card-header position-relative" id="historyListHeading">
|
||||
<a class="stretched-link font-weight-bold text-decoration-none" {% if "note.view_note"|has_perm:club.note %}
|
||||
href="{% url 'note:transactions' pk=club.note.pk %}" {% endif %}>
|
||||
<i class="fa fa-euro"></i> {% trans "Transaction history" %}
|
||||
<svg class="bi bi-euro" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M4 9.42h1.063C5.4 12.323 7.317 14 10.34 14c.622 0 1.167-.068 1.659-.185v-1.3c-.484.119-1.045.17-1.659.17-2.1 0-3.455-1.198-3.775-3.264h4.017v-.928H6.497v-.936c0-.11 0-.219.008-.329h4.078v-.927H6.618c.388-1.898 1.719-2.985 3.723-2.985.614 0 1.175.05 1.659.177V2.194A6.617 6.617 0 0 0 10.341 2c-2.928 0-4.82 1.569-5.244 4.3H4v.928h1.01v1.265H4v.928z"/>
|
||||
</svg>
|
||||
{% trans "Transaction history" %}
|
||||
</a>
|
||||
</div>
|
||||
<div id="history_list">
|
||||
@ -86,7 +97,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="card-header position-relative" id="historyListHeading">
|
||||
<a class="stretched-link font-weight-bold text-decoration-none"
|
||||
href="{% url 'wei:wei_registrations' pk=club.pk %}">
|
||||
<i class="fa fa-user-plus"></i> {% trans "Unvalidated registrations" %}
|
||||
<svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
<path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
|
||||
</svg>
|
||||
{% trans "Unvalidated registrations" %}
|
||||
</a>
|
||||
</div>
|
||||
<div id="history_list">
|
||||
@ -94,6 +109,10 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
{% if can_validate_1a %}
|
||||
<a href="{% url 'wei:wei_1A_list' pk=object.pk %}" class="btn btn-block btn-info">{% trans "Attribute buses" %}</a>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
||||
{% block extrajavascript %}
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
\usepackage{fontspec}
|
||||
\usepackage[margin=1.5cm]{geometry}
|
||||
\usepackage{longtable}
|
||||
|
||||
\begin{document}
|
||||
\begin{center}
|
||||
@ -19,7 +20,7 @@
|
||||
|
||||
\begin{center}
|
||||
\footnotesize
|
||||
\begin{tabular}{ccccccccc}
|
||||
\begin{longtable}{ccccccccc}
|
||||
\textbf{Nom} & \textbf{Prénom} & \textbf{Date de naissance} & \textbf{Genre} & \textbf{Section}
|
||||
& \textbf{Bus} & \textbf{Équipe} & \textbf{Rôles} \\
|
||||
{% for membership in memberships %}
|
||||
@ -27,20 +28,20 @@
|
||||
& {{ membership.registration.get_gender_display|safe }} & {{ membership.user.profile.section_generated|safe }} & {{ membership.bus.name|safe }}
|
||||
& {% if membership.team %}{{ membership.team.name|safe }}{% else %}--{% endif %} & {{ membership.roles.first|safe }} \\
|
||||
{% endfor %}
|
||||
\end{tabular}
|
||||
\end{longtable}
|
||||
\end{center}
|
||||
|
||||
\footnotesize
|
||||
Section = Année à l'ENS + code du département
|
||||
|
||||
\begin{center}
|
||||
\begin{tabular}{ccccccccc}
|
||||
\begin{longtable}{ccccccccc}
|
||||
\textbf{Code} & A0 & A1 & A2 & A'2 & A''2 & A3 & B1234 & B1 \\
|
||||
\textbf{Département} & Informatique & Maths & Physique & Physique appliquée & Chimie & Biologie & SAPHIRE & Mécanique \\
|
||||
\hline
|
||||
\textbf{Code} & B2 & B3 & B4 & C & D2 & D3 & E & EXT \\
|
||||
\textbf{Département} & Génie civil & Génie mécanique & EEA & Design & Éco-gestion & Sciences sociales & Anglais & Extérieur
|
||||
\end{tabular}
|
||||
\end{longtable}
|
||||
\end{center}
|
||||
|
||||
\end{document}
|
||||
|
||||
@ -53,7 +53,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<dd class="col-xl-6">{{ registration.first_year|yesno }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'gender'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ registration.gender }}</dd>
|
||||
<dd class="col-xl-6">{{ registration.get_gender_display }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans 'clothing cut'|capfirst %}</dt>
|
||||
<dd class="col-xl-6">{{ registration.clothing_cut }}</dd>
|
||||
|
||||
@ -28,7 +28,13 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
</a>
|
||||
<hr>
|
||||
<a href="{% url 'wei:wei_memberships_pdf' wei_pk=club.pk %}" data-turbolinks="false">
|
||||
<button class="btn btn-block btn-danger"><i class="fa fa-file-pdf-o"></i> {% trans "View as PDF" %}</button>
|
||||
<button class="btn btn-block btn-danger">
|
||||
<svg class="bi bi-file-pdf" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M5.523 12.424c.14-.082.293-.162.459-.238a7.878 7.878 0 0 1-.45.606c-.28.337-.498.516-.635.572a.266.266 0 0 1-.035.012.282.282 0 0 1-.026-.044c-.056-.11-.054-.216.04-.36.106-.165.319-.354.647-.548zm2.455-1.647c-.119.025-.237.05-.356.078a21.148 21.148 0 0 0 .5-1.05 12.045 12.045 0 0 0 .51.858c-.217.032-.436.07-.654.114zm2.525.939a3.881 3.881 0 0 1-.435-.41c.228.005.434.022.612.054.317.057.466.147.518.209a.095.095 0 0 1 .026.064.436.436 0 0 1-.06.2.307.307 0 0 1-.094.124.107.107 0 0 1-.069.015c-.09-.003-.258-.066-.498-.256zM8.278 6.97c-.04.244-.108.524-.2.829a4.86 4.86 0 0 1-.089-.346c-.076-.353-.087-.63-.046-.822.038-.177.11-.248.196-.283a.517.517 0 0 1 .145-.04c.013.03.028.092.032.198.005.122-.007.277-.038.465z"/>
|
||||
<path fill-rule="evenodd" d="M4 0h5.293A1 1 0 0 1 10 .293L13.707 4a1 1 0 0 1 .293.707V14a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V2a2 2 0 0 1 2-2zm5.5 1.5v2a1 1 0 0 0 1 1h2l-3-3zM4.165 13.668c.09.18.23.343.438.419.207.075.412.04.58-.03.318-.13.635-.436.926-.786.333-.401.683-.927 1.021-1.51a11.651 11.651 0 0 1 1.997-.406c.3.383.61.713.91.95.28.22.603.403.934.417a.856.856 0 0 0 .51-.138c.155-.101.27-.247.354-.416.09-.181.145-.37.138-.563a.844.844 0 0 0-.2-.518c-.226-.27-.596-.4-.96-.465a5.76 5.76 0 0 0-1.335-.05 10.954 10.954 0 0 1-.98-1.686c.25-.66.437-1.284.52-1.794.036-.218.055-.426.048-.614a1.238 1.238 0 0 0-.127-.538.7.7 0 0 0-.477-.365c-.202-.043-.41 0-.601.077-.377.15-.576.47-.651.823-.073.34-.04.736.046 1.136.088.406.238.848.43 1.295a19.697 19.697 0 0 1-1.062 2.227 7.662 7.662 0 0 0-1.482.645c-.37.22-.699.48-.897.787-.21.326-.275.714-.08 1.103z"/>
|
||||
</svg>
|
||||
{% trans "View as PDF" %}
|
||||
</button>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
109
apps/wei/tests/test_wei_algorithm_2021.py
Normal file
109
apps/wei/tests/test_wei_algorithm_2021.py
Normal file
@ -0,0 +1,109 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
import random
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from django.test import TestCase
|
||||
|
||||
from ..forms.surveys.wei2021 import WEIBusInformation2021, WEISurvey2021, WORDS, WEISurveyInformation2021
|
||||
from ..models import Bus, WEIClub, WEIRegistration
|
||||
|
||||
|
||||
class TestWEIAlgorithm(TestCase):
|
||||
"""
|
||||
Run some tests to ensure that the WEI algorithm is working well.
|
||||
"""
|
||||
fixtures = ('initial',)
|
||||
|
||||
def setUp(self):
|
||||
"""
|
||||
Create some test data, with one WEI and 10 buses with random score attributions.
|
||||
"""
|
||||
self.wei = WEIClub.objects.create(
|
||||
name="WEI 2021",
|
||||
email="wei2021@example.com",
|
||||
date_start='2021-09-17',
|
||||
date_end='2021-09-19',
|
||||
)
|
||||
|
||||
self.buses = []
|
||||
for i in range(10):
|
||||
bus = Bus.objects.create(wei=self.wei, name=f"Bus {i}", size=10)
|
||||
self.buses.append(bus)
|
||||
information = WEIBusInformation2021(bus)
|
||||
for word in WORDS:
|
||||
information.scores[word] = random.randint(0, 101)
|
||||
information.save()
|
||||
bus.save()
|
||||
|
||||
def test_survey_algorithm_small(self):
|
||||
"""
|
||||
There are only a few people in each bus, ensure that each person has its best bus
|
||||
"""
|
||||
# Add a few users
|
||||
for i in range(10):
|
||||
user = User.objects.create(username=f"user{i}")
|
||||
registration = WEIRegistration.objects.create(
|
||||
user=user,
|
||||
wei=self.wei,
|
||||
first_year=True,
|
||||
birth_date='2000-01-01',
|
||||
)
|
||||
information = WEISurveyInformation2021(registration)
|
||||
for j in range(1, 21):
|
||||
setattr(information, f'word{j}', random.choice(WORDS))
|
||||
information.step = 20
|
||||
information.save(registration)
|
||||
registration.save()
|
||||
|
||||
# Run algorithm
|
||||
WEISurvey2021.get_algorithm_class()().run_algorithm()
|
||||
|
||||
# Ensure that everyone has its first choice
|
||||
for r in WEIRegistration.objects.filter(wei=self.wei).all():
|
||||
survey = WEISurvey2021(r)
|
||||
preferred_bus = survey.ordered_buses()[0][0]
|
||||
chosen_bus = survey.information.get_selected_bus()
|
||||
self.assertEqual(preferred_bus, chosen_bus)
|
||||
|
||||
def test_survey_algorithm_full(self):
|
||||
"""
|
||||
Buses are full of first year people, ensure that they are happy
|
||||
"""
|
||||
# Add a lot of users
|
||||
for i in range(95):
|
||||
user = User.objects.create(username=f"user{i}")
|
||||
registration = WEIRegistration.objects.create(
|
||||
user=user,
|
||||
wei=self.wei,
|
||||
first_year=True,
|
||||
birth_date='2000-01-01',
|
||||
)
|
||||
information = WEISurveyInformation2021(registration)
|
||||
for j in range(1, 21):
|
||||
setattr(information, f'word{j}', random.choice(WORDS))
|
||||
information.step = 20
|
||||
information.save(registration)
|
||||
registration.save()
|
||||
|
||||
# Run algorithm
|
||||
WEISurvey2021.get_algorithm_class()().run_algorithm()
|
||||
|
||||
penalty = 0
|
||||
# Ensure that everyone seems to be happy
|
||||
# We attribute a penalty for each user that didn't have its first choice
|
||||
# The penalty is the square of the distance between the score of the preferred bus
|
||||
# and the score of the attributed bus
|
||||
# We consider it acceptable if the mean of this distance is lower than 5 %
|
||||
for r in WEIRegistration.objects.filter(wei=self.wei).all():
|
||||
survey = WEISurvey2021(r)
|
||||
chosen_bus = survey.information.get_selected_bus()
|
||||
buses = survey.ordered_buses()
|
||||
score = min(v for bus, v in buses if bus == chosen_bus)
|
||||
max_score = buses[0][1]
|
||||
penalty += (max_score - score) ** 2
|
||||
|
||||
self.assertLessEqual(max_score - score, 25) # Always less than 25 % of tolerance
|
||||
|
||||
self.assertLessEqual(penalty / 100, 25) # Tolerance of 5 %
|
||||
@ -12,7 +12,7 @@ from django.test import TestCase
|
||||
from django.urls import reverse
|
||||
from django.utils import timezone
|
||||
from member.models import Membership, Club
|
||||
from note.models import NoteClub, SpecialTransaction
|
||||
from note.models import NoteClub, SpecialTransaction, NoteUser
|
||||
from treasury.models import SogeCredit
|
||||
|
||||
from ..api.views import BusViewSet, BusTeamViewSet, WEIClubViewSet, WEIMembershipViewSet, WEIRegistrationViewSet, \
|
||||
@ -84,6 +84,13 @@ class TestWEIRegistration(TestCase):
|
||||
wei=self.wei,
|
||||
description="Test Bus",
|
||||
)
|
||||
|
||||
# Setup the bus
|
||||
bus_info = CurrentSurvey.get_algorithm_class().get_bus_information(self.bus)
|
||||
bus_info.scores["Jus de fruit"] = 70
|
||||
bus_info.save()
|
||||
self.bus.save()
|
||||
|
||||
self.team = BusTeam.objects.create(
|
||||
name="Test Team",
|
||||
bus=self.bus,
|
||||
@ -188,7 +195,9 @@ class TestWEIRegistration(TestCase):
|
||||
response = self.client.post(reverse("wei:add_bus", kwargs=dict(pk=self.wei.pk)), dict(
|
||||
wei=self.wei.id,
|
||||
name="Create Bus Test",
|
||||
size=50,
|
||||
description="This bus was created.",
|
||||
information_json="{}",
|
||||
))
|
||||
qs = Bus.objects.filter(name="Create Bus Test")
|
||||
self.assertTrue(qs.exists())
|
||||
@ -218,7 +227,9 @@ class TestWEIRegistration(TestCase):
|
||||
|
||||
response = self.client.post(reverse("wei:update_bus", kwargs=dict(pk=self.bus.pk)), dict(
|
||||
name="Update Bus Test",
|
||||
size=40,
|
||||
description="This bus was updated.",
|
||||
information_json="{}",
|
||||
))
|
||||
qs = Bus.objects.filter(name="Update Bus Test", id=self.bus.id)
|
||||
self.assertRedirects(response, reverse("wei:manage_bus", kwargs=dict(pk=self.bus.pk)), 302, 200)
|
||||
@ -291,6 +302,7 @@ class TestWEIRegistration(TestCase):
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
user = User.objects.create(username="toto", email="toto@example.com")
|
||||
NoteUser.objects.create(user=user)
|
||||
|
||||
# Try with an invalid form
|
||||
response = self.client.post(reverse("wei:wei_register_2A", kwargs=dict(wei_pk=self.wei.pk)), dict(
|
||||
@ -357,7 +369,7 @@ class TestWEIRegistration(TestCase):
|
||||
last_name="toto",
|
||||
bank="Société générale",
|
||||
))
|
||||
response = self.client.get(reverse("wei:wei_register_2A_myself", kwargs=dict(wei_pk=self.wei.pk)))
|
||||
response = self.client.get(reverse("wei:wei_register_2A", kwargs=dict(wei_pk=self.wei.pk)))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
# Check that if the WEI is started, we can't register anyone
|
||||
@ -373,10 +385,8 @@ class TestWEIRegistration(TestCase):
|
||||
response = self.client.get(reverse("wei:wei_register_1A", kwargs=dict(wei_pk=self.wei.pk)))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
response = self.client.get(reverse("wei:wei_register_1A_myself", kwargs=dict(wei_pk=self.wei.pk)))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
user = User.objects.create(username="toto", email="toto@example.com")
|
||||
NoteUser.objects.create(user=user)
|
||||
response = self.client.post(reverse("wei:wei_register_1A", kwargs=dict(wei_pk=self.wei.pk)), dict(
|
||||
user=user.id,
|
||||
soge_credit=True,
|
||||
@ -456,6 +466,24 @@ class TestWEIRegistration(TestCase):
|
||||
response = self.client.get(reverse("wei:wei_survey", kwargs=dict(pk=registration.pk)))
|
||||
self.assertRedirects(response, reverse("wei:wei_closed", kwargs=dict(pk=self.wei.pk)), 302, 200)
|
||||
|
||||
def test_register_myself(self):
|
||||
"""
|
||||
Try to register myself to the WEI, and check redirections.
|
||||
"""
|
||||
response = self.client.get(reverse('wei:wei_register_1A_myself', args=(self.wei.pk,)))
|
||||
self.assertRedirects(response, reverse('wei:wei_update_registration', args=(self.registration.pk,)))
|
||||
|
||||
response = self.client.get(reverse('wei:wei_register_2A_myself', args=(self.wei.pk,)))
|
||||
self.assertRedirects(response, reverse('wei:wei_update_registration', args=(self.registration.pk,)))
|
||||
|
||||
self.registration.delete()
|
||||
|
||||
response = self.client.get(reverse('wei:wei_register_1A_myself', args=(self.wei.pk,)))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
response = self.client.get(reverse('wei:wei_register_2A_myself', args=(self.wei.pk,)))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
def test_wei_survey_ended(self):
|
||||
"""
|
||||
Test display the end page of a survey.
|
||||
@ -757,61 +785,6 @@ class TestDefaultWEISurvey(TestCase):
|
||||
self.assertEqual(CurrentSurvey.get_year(), 2021)
|
||||
|
||||
|
||||
class TestWEISurveyAlgorithm(TestCase):
|
||||
"""
|
||||
Run the WEI Algorithm.
|
||||
TODO: Improve this test with some test data once the algorithm will be implemented.
|
||||
"""
|
||||
fixtures = ("initial",)
|
||||
|
||||
def setUp(self) -> None:
|
||||
self.year = timezone.now().year
|
||||
self.wei = WEIClub.objects.create(
|
||||
name="Test WEI",
|
||||
email="gc.wei@example.com",
|
||||
parent_club_id=2,
|
||||
membership_fee_paid=12500,
|
||||
membership_fee_unpaid=5500,
|
||||
membership_start=date(self.year, 1, 1),
|
||||
membership_end=date(self.year, 12, 31),
|
||||
year=self.year,
|
||||
date_start=date.today() + timedelta(days=2),
|
||||
date_end=date(self.year, 12, 31),
|
||||
)
|
||||
NoteClub.objects.create(club=self.wei)
|
||||
self.bus = Bus.objects.create(
|
||||
name="Test Bus",
|
||||
wei=self.wei,
|
||||
description="Test Bus",
|
||||
)
|
||||
self.team = BusTeam.objects.create(
|
||||
name="Test Team",
|
||||
bus=self.bus,
|
||||
color=0xFFFFFF,
|
||||
description="Test Team",
|
||||
)
|
||||
|
||||
self.user = User.objects.create(username="toto")
|
||||
self.registration = WEIRegistration.objects.create(
|
||||
user_id=self.user.id,
|
||||
wei_id=self.wei.id,
|
||||
soge_credit=True,
|
||||
caution_check=True,
|
||||
birth_date=date(2000, 1, 1),
|
||||
gender="nonbinary",
|
||||
clothing_cut="male",
|
||||
clothing_size="XL",
|
||||
health_issues="I am a bot",
|
||||
emergency_contact_name="Pikachu",
|
||||
emergency_contact_phone="+33123456789",
|
||||
first_year=True,
|
||||
)
|
||||
CurrentSurvey(self.registration).save()
|
||||
|
||||
def test_survey_algorithm(self):
|
||||
CurrentSurvey.get_algorithm_class()().run_algorithm()
|
||||
|
||||
|
||||
class TestWeiAPI(TestAPI):
|
||||
def setUp(self) -> None:
|
||||
super().setUp()
|
||||
|
||||
@ -3,12 +3,11 @@
|
||||
|
||||
from django.urls import path
|
||||
|
||||
from .views import CurrentWEIDetailView, WEIListView, WEICreateView, WEIDetailView, WEIUpdateView,\
|
||||
WEIRegistrationsView, WEIMembershipsView, MemberListRenderView,\
|
||||
BusCreateView, BusManageView, BusUpdateView, BusTeamCreateView, BusTeamManageView, BusTeamUpdateView,\
|
||||
WEIRegister1AView, WEIRegister2AView, WEIUpdateRegistrationView, WEIDeleteRegistrationView,\
|
||||
WEIValidateRegistrationView, WEISurveyView, WEISurveyEndView, WEIClosedView
|
||||
|
||||
from .views import CurrentWEIDetailView, WEI1AListView, WEIListView, WEICreateView, WEIDetailView, WEIUpdateView, \
|
||||
WEIRegistrationsView, WEIMembershipsView, MemberListRenderView, \
|
||||
BusCreateView, BusManageView, BusUpdateView, BusTeamCreateView, BusTeamManageView, BusTeamUpdateView, \
|
||||
WEIAttributeBus1AView, WEIAttributeBus1ANextView, WEIRegister1AView, WEIRegister2AView, WEIUpdateRegistrationView, \
|
||||
WEIDeleteRegistrationView, WEIValidateRegistrationView, WEISurveyView, WEISurveyEndView, WEIClosedView
|
||||
|
||||
app_name = 'wei'
|
||||
urlpatterns = [
|
||||
@ -24,6 +23,7 @@ urlpatterns = [
|
||||
name="wei_memberships_bus_pdf"),
|
||||
path('detail/<int:wei_pk>/memberships/pdf/<int:bus_pk>/<int:team_pk>/', MemberListRenderView.as_view(),
|
||||
name="wei_memberships_team_pdf"),
|
||||
path('bus-1A/list/<int:pk>/', WEI1AListView.as_view(), name="wei_1A_list"),
|
||||
path('add-bus/<int:pk>/', BusCreateView.as_view(), name="add_bus"),
|
||||
path('manage-bus/<int:pk>/', BusManageView.as_view(), name="manage_bus"),
|
||||
path('update-bus/<int:pk>/', BusUpdateView.as_view(), name="update_bus"),
|
||||
@ -40,4 +40,6 @@ urlpatterns = [
|
||||
path('survey/<int:pk>/', WEISurveyView.as_view(), name="wei_survey"),
|
||||
path('survey/<int:pk>/end/', WEISurveyEndView.as_view(), name="wei_survey_end"),
|
||||
path('detail/<int:pk>/closed/', WEIClosedView.as_view(), name="wei_closed"),
|
||||
path('bus-1A/<int:pk>/', WEIAttributeBus1AView.as_view(), name="wei_bus_1A"),
|
||||
path('bus-1A/next/<int:pk>/', WEIAttributeBus1ANextView.as_view(), name="wei_bus_1A_next"),
|
||||
]
|
||||
|
||||
@ -7,14 +7,14 @@ import subprocess
|
||||
from datetime import date, timedelta
|
||||
from tempfile import mkdtemp
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.contrib.auth.models import User
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.db import transaction
|
||||
from django.db.models import Q, Count
|
||||
from django.db.models.functions.text import Lower
|
||||
from django.forms import HiddenInput
|
||||
from django.http import HttpResponse
|
||||
from django.http import HttpResponse, Http404
|
||||
from django.shortcuts import redirect
|
||||
from django.template.loader import render_to_string
|
||||
from django.urls import reverse_lazy
|
||||
@ -32,8 +32,10 @@ from permission.views import ProtectQuerysetMixin, ProtectedCreateView
|
||||
|
||||
from .forms.registration import WEIChooseBusForm
|
||||
from .models import WEIClub, WEIRegistration, WEIMembership, Bus, BusTeam, WEIRole
|
||||
from .forms import WEIForm, WEIRegistrationForm, BusForm, BusTeamForm, WEIMembershipForm, CurrentSurvey
|
||||
from .tables import WEITable, WEIRegistrationTable, BusTable, BusTeamTable, WEIMembershipTable
|
||||
from .forms import WEIForm, WEIRegistrationForm, BusForm, BusTeamForm, WEIMembership1AForm, \
|
||||
WEIMembershipForm, CurrentSurvey
|
||||
from .tables import BusRepartitionTable, BusTable, BusTeamTable, WEITable, WEIRegistrationTable, \
|
||||
WEIRegistration1ATable, WEIMembershipTable
|
||||
|
||||
|
||||
class CurrentWEIDetailView(LoginRequiredMixin, RedirectView):
|
||||
@ -57,7 +59,7 @@ class WEIListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context["can_create_wei"] = PermissionBackend.check_perm(self.request.user, "wei.add_weiclub", WEIClub(
|
||||
context["can_create_wei"] = PermissionBackend.check_perm(self.request, "wei.add_weiclub", WEIClub(
|
||||
name="",
|
||||
email="weiclub@example.com",
|
||||
year=0,
|
||||
@ -112,7 +114,7 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
club = context["club"]
|
||||
|
||||
club_transactions = Transaction.objects.all().filter(Q(source=club.note) | Q(destination=club.note)) \
|
||||
.filter(PermissionBackend.filter_queryset(self.request.user, Transaction, "view")) \
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Transaction, "view")) \
|
||||
.order_by('-created_at', '-id')
|
||||
history_table = HistoryTable(club_transactions, prefix="history-")
|
||||
history_table.paginate(per_page=20, page=self.request.GET.get('history-page', 1))
|
||||
@ -121,18 +123,18 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
club_member = WEIMembership.objects.filter(
|
||||
club=club,
|
||||
date_end__gte=date.today(),
|
||||
).filter(PermissionBackend.filter_queryset(self.request.user, WEIMembership, "view"))
|
||||
).filter(PermissionBackend.filter_queryset(self.request, WEIMembership, "view"))
|
||||
membership_table = WEIMembershipTable(data=club_member, prefix="membership-")
|
||||
membership_table.paginate(per_page=20, page=self.request.GET.get('membership-page', 1))
|
||||
context['member_list'] = membership_table
|
||||
|
||||
pre_registrations = WEIRegistration.objects.filter(
|
||||
PermissionBackend.filter_queryset(self.request.user, WEIRegistration, "view")).filter(
|
||||
PermissionBackend.filter_queryset(self.request, WEIRegistration, "view")).filter(
|
||||
membership=None,
|
||||
wei=club
|
||||
)
|
||||
pre_registrations_table = WEIRegistrationTable(data=pre_registrations, prefix="pre-registration-")
|
||||
pre_registrations_table.paginate(per_page=20, page=self.request.GET.get('membership-page', 1))
|
||||
pre_registrations_table.paginate(per_page=20, page=self.request.GET.get('pre-registration-page', 1))
|
||||
context['pre_registrations'] = pre_registrations_table
|
||||
|
||||
my_registration = WEIRegistration.objects.filter(wei=club, user=self.request.user)
|
||||
@ -142,7 +144,7 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
my_registration = None
|
||||
context["my_registration"] = my_registration
|
||||
|
||||
buses = Bus.objects.filter(PermissionBackend.filter_queryset(self.request.user, Bus, "view")) \
|
||||
buses = Bus.objects.filter(PermissionBackend.filter_queryset(self.request, Bus, "view")) \
|
||||
.filter(wei=self.object).annotate(count=Count("memberships")).order_by("name")
|
||||
bus_table = BusTable(data=buses, prefix="bus-")
|
||||
context['buses'] = bus_table
|
||||
@ -167,7 +169,7 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
emergency_contact_phone="No",
|
||||
)
|
||||
context["can_add_first_year_member"] = PermissionBackend \
|
||||
.check_perm(self.request.user, "wei.add_weiregistration", empty_fy_registration)
|
||||
.check_perm(self.request, "wei.add_weiregistration", empty_fy_registration)
|
||||
|
||||
# Check if the user has the right to create a registration of a random old member.
|
||||
empty_old_registration = WEIRegistration(
|
||||
@ -180,16 +182,20 @@ class WEIDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
emergency_contact_phone="No",
|
||||
)
|
||||
context["can_add_any_member"] = PermissionBackend \
|
||||
.check_perm(self.request.user, "wei.add_weiregistration", empty_old_registration)
|
||||
.check_perm(self.request, "wei.add_weiregistration", empty_old_registration)
|
||||
|
||||
empty_bus = Bus(
|
||||
wei=club,
|
||||
name="",
|
||||
)
|
||||
context["can_add_bus"] = PermissionBackend.check_perm(self.request.user, "wei.add_bus", empty_bus)
|
||||
context["can_add_bus"] = PermissionBackend.check_perm(self.request, "wei.add_bus", empty_bus)
|
||||
|
||||
context["not_first_year"] = WEIMembership.objects.filter(user=self.request.user).exists()
|
||||
|
||||
qs = WEIMembership.objects.filter(club=club, registration__first_year=True, bus__isnull=True)
|
||||
context["can_validate_1a"] = PermissionBackend.check_perm(
|
||||
self.request, "wei.change_weimembership_bus", qs.first()) if qs.exists() else False
|
||||
|
||||
return context
|
||||
|
||||
|
||||
@ -222,7 +228,7 @@ class WEIMembershipsView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableVi
|
||||
| Q(team__name__iregex=pattern)
|
||||
)
|
||||
|
||||
return qs[:20]
|
||||
return qs
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
@ -256,7 +262,7 @@ class WEIRegistrationsView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTable
|
||||
| Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern))
|
||||
)
|
||||
|
||||
return qs[:20]
|
||||
return qs
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
@ -344,6 +350,8 @@ class BusUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context["club"] = self.object.wei
|
||||
context["information"] = CurrentSurvey.get_algorithm_class().get_bus_information(self.object)
|
||||
self.object.save()
|
||||
return context
|
||||
|
||||
def get_form(self, form_class=None):
|
||||
@ -368,13 +376,13 @@ class BusManageView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
context["club"] = self.object.wei
|
||||
|
||||
bus = self.object
|
||||
teams = BusTeam.objects.filter(PermissionBackend.filter_queryset(self.request.user, BusTeam, "view")) \
|
||||
teams = BusTeam.objects.filter(PermissionBackend.filter_queryset(self.request, BusTeam, "view")) \
|
||||
.filter(bus=bus).annotate(count=Count("memberships")).order_by("name")
|
||||
teams_table = BusTeamTable(data=teams, prefix="team-")
|
||||
context["teams"] = teams_table
|
||||
|
||||
memberships = WEIMembership.objects.filter(PermissionBackend.filter_queryset(
|
||||
self.request.user, WEIMembership, "view")).filter(bus=bus)
|
||||
self.request, WEIMembership, "view")).filter(bus=bus)
|
||||
memberships_table = WEIMembershipTable(data=memberships, prefix="membership-")
|
||||
memberships_table.paginate(per_page=20, page=self.request.GET.get("membership-page", 1))
|
||||
context["memberships"] = memberships_table
|
||||
@ -467,7 +475,7 @@ class BusTeamManageView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
context["club"] = self.object.bus.wei
|
||||
|
||||
memberships = WEIMembership.objects.filter(PermissionBackend.filter_queryset(
|
||||
self.request.user, WEIMembership, "view")).filter(team=self.object)
|
||||
self.request, WEIMembership, "view")).filter(team=self.object)
|
||||
memberships_table = WEIMembershipTable(data=memberships, prefix="membership-")
|
||||
memberships_table.paginate(per_page=20, page=self.request.GET.get("membership-page", 1))
|
||||
context["memberships"] = memberships_table
|
||||
@ -485,9 +493,16 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
|
||||
def get_sample_object(self):
|
||||
wei = WEIClub.objects.get(pk=self.kwargs["wei_pk"])
|
||||
if "myself" in self.request.path:
|
||||
user = self.request.user
|
||||
else:
|
||||
# To avoid unique validation issues, we use an account that can't join the WEI.
|
||||
# In development mode, the note account may not exist, we use a random user (may fail)
|
||||
user = User.objects.get(username="note") \
|
||||
if User.objects.filter(username="note").exists() else User.objects.first()
|
||||
return WEIRegistration(
|
||||
wei=wei,
|
||||
user=self.request.user,
|
||||
user=user,
|
||||
first_year=True,
|
||||
birth_date="1970-01-01",
|
||||
gender="No",
|
||||
@ -501,6 +516,11 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
# We can't register someone once the WEI is started and before the membership start date
|
||||
if today >= wei.date_start or today < wei.membership_start:
|
||||
return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
|
||||
# Don't register twice
|
||||
if 'myself' in self.request.path and not self.request.user.is_anonymous \
|
||||
and WEIRegistration.objects.filter(wei=wei, user=self.request.user).exists():
|
||||
obj = WEIRegistration.objects.get(wei=wei, user=self.request.user)
|
||||
return redirect(reverse_lazy('wei:wei_update_registration', args=(obj.pk,)))
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
@ -536,6 +556,12 @@ class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
" participated to a WEI."))
|
||||
return self.form_invalid(form)
|
||||
|
||||
if 'treasury' in settings.INSTALLED_APPS:
|
||||
from treasury.models import SogeCredit
|
||||
form.instance.soge_credit = \
|
||||
form.instance.soge_credit \
|
||||
or SogeCredit.objects.filter(user=form.instance.user, credit_transaction__valid=False).exists()
|
||||
|
||||
return super().form_valid(form)
|
||||
|
||||
def get_success_url(self):
|
||||
@ -553,9 +579,16 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
|
||||
def get_sample_object(self):
|
||||
wei = WEIClub.objects.get(pk=self.kwargs["wei_pk"])
|
||||
if "myself" in self.request.path:
|
||||
user = self.request.user
|
||||
else:
|
||||
# To avoid unique validation issues, we use an account that can't join the WEI.
|
||||
# In development mode, the note account may not exist, we use a random user (may fail)
|
||||
user = User.objects.get(username="note") \
|
||||
if User.objects.filter(username="note").exists() else User.objects.first()
|
||||
return WEIRegistration(
|
||||
wei=wei,
|
||||
user=self.request.user,
|
||||
user=user,
|
||||
first_year=True,
|
||||
birth_date="1970-01-01",
|
||||
gender="No",
|
||||
@ -569,6 +602,11 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
# We can't register someone once the WEI is started and before the membership start date
|
||||
if today >= wei.date_start or today < wei.membership_start:
|
||||
return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
|
||||
# Don't register twice
|
||||
if 'myself' in self.request.path and not self.request.user.is_anonymous \
|
||||
and WEIRegistration.objects.filter(wei=wei, user=self.request.user).exists():
|
||||
obj = WEIRegistration.objects.get(wei=wei, user=self.request.user)
|
||||
return redirect(reverse_lazy('wei:wei_update_registration', args=(obj.pk,)))
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
@ -625,6 +663,12 @@ class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
form.instance.information = information
|
||||
form.instance.save()
|
||||
|
||||
if 'treasury' in settings.INSTALLED_APPS:
|
||||
from treasury.models import SogeCredit
|
||||
form.instance.soge_credit = \
|
||||
form.instance.soge_credit \
|
||||
or SogeCredit.objects.filter(user=form.instance.user, credit_transaction__valid=False).exists()
|
||||
|
||||
return super().form_valid(form)
|
||||
|
||||
def get_success_url(self):
|
||||
@ -653,26 +697,19 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
|
||||
context["club"] = self.object.wei
|
||||
|
||||
if self.object.is_validated:
|
||||
membership_form = WEIMembershipForm(instance=self.object.membership,
|
||||
data=self.request.POST if self.request.POST else None)
|
||||
for field_name, field in membership_form.fields.items():
|
||||
if not PermissionBackend.check_perm(
|
||||
self.request.user, "wei.change_membership_" + field_name, self.object.membership):
|
||||
field.widget = HiddenInput()
|
||||
del membership_form.fields["credit_type"]
|
||||
del membership_form.fields["credit_amount"]
|
||||
del membership_form.fields["first_name"]
|
||||
del membership_form.fields["last_name"]
|
||||
del membership_form.fields["bank"]
|
||||
membership_form = self.get_membership_form(instance=self.object.membership,
|
||||
data=self.request.POST)
|
||||
context["membership_form"] = membership_form
|
||||
elif not self.object.first_year and PermissionBackend.check_perm(
|
||||
self.request.user, "wei.change_weiregistration_information_json", self.object):
|
||||
self.request, "wei.change_weiregistration_information_json", self.object):
|
||||
information = self.object.information
|
||||
d = dict(
|
||||
bus=Bus.objects.filter(pk__in=information["preferred_bus_pk"]).all(),
|
||||
team=BusTeam.objects.filter(pk__in=information["preferred_team_pk"]).all(),
|
||||
roles=WEIRole.objects.filter(pk__in=information["preferred_roles_pk"]).all(),
|
||||
) if 'preferred_bus_pk' in information else dict()
|
||||
choose_bus_form = WEIChooseBusForm(
|
||||
self.request.POST if self.request.POST else dict(
|
||||
bus=Bus.objects.filter(pk__in=self.object.information["preferred_bus_pk"]).all(),
|
||||
team=BusTeam.objects.filter(pk__in=self.object.information["preferred_team_pk"]).all(),
|
||||
roles=WEIRole.objects.filter(pk__in=self.object.information["preferred_roles_pk"]).all(),
|
||||
)
|
||||
self.request.POST if self.request.POST else d
|
||||
)
|
||||
choose_bus_form.fields["bus"].queryset = Bus.objects.filter(wei=context["club"])
|
||||
choose_bus_form.fields["team"].queryset = BusTeam.objects.filter(bus__wei=context["club"])
|
||||
@ -688,21 +725,35 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
|
||||
def get_form(self, form_class=None):
|
||||
form = super().get_form(form_class)
|
||||
form.fields["user"].disabled = True
|
||||
if not self.object.first_year:
|
||||
# The auto-json-format may cause issues with the default field remove
|
||||
if not PermissionBackend.check_perm(self.request, 'wei.change_weiregistration_information_json', self.object):
|
||||
del form.fields["information_json"]
|
||||
return form
|
||||
|
||||
def get_membership_form(self, data=None, instance=None):
|
||||
membership_form = WEIMembershipForm(data if data else None, instance=instance)
|
||||
del membership_form.fields["credit_type"]
|
||||
del membership_form.fields["credit_amount"]
|
||||
del membership_form.fields["first_name"]
|
||||
del membership_form.fields["last_name"]
|
||||
del membership_form.fields["bank"]
|
||||
for field_name, _field in list(membership_form.fields.items()):
|
||||
if not PermissionBackend.check_perm(
|
||||
self.request, "wei.change_weimembership_" + field_name, self.object.membership):
|
||||
del membership_form.fields[field_name]
|
||||
return membership_form
|
||||
|
||||
@transaction.atomic
|
||||
def form_valid(self, form):
|
||||
# If the membership is already validated, then we update the bus and the team (and the roles)
|
||||
if form.instance.is_validated:
|
||||
membership_form = WEIMembershipForm(self.request.POST, instance=form.instance.membership)
|
||||
membership_form = self.get_membership_form(self.request.POST, form.instance.membership)
|
||||
if not membership_form.is_valid():
|
||||
return self.form_invalid(form)
|
||||
membership_form.save()
|
||||
# If it is not validated and if this is an old member, then we update the choices
|
||||
elif not form.instance.first_year and PermissionBackend.check_perm(
|
||||
self.request.user, "wei.change_weiregistration_information_json", self.object):
|
||||
self.request, "wei.change_weiregistration_information_json", self.object):
|
||||
choose_bus_form = WEIChooseBusForm(self.request.POST)
|
||||
if not choose_bus_form.is_valid():
|
||||
return self.form_invalid(form)
|
||||
@ -724,7 +775,7 @@ class WEIUpdateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Update
|
||||
survey = CurrentSurvey(self.object)
|
||||
if not survey.is_complete():
|
||||
return reverse_lazy("wei:wei_survey", kwargs={"pk": self.object.pk})
|
||||
if PermissionBackend.check_perm(self.request.user, "wei.add_weimembership", WEIMembership(
|
||||
if PermissionBackend.check_perm(self.request, "wei.add_weimembership", WEIMembership(
|
||||
club=self.object.wei,
|
||||
user=self.object.user,
|
||||
date_start=date.today(),
|
||||
@ -751,7 +802,7 @@ class WEIDeleteRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Delete
|
||||
if today > wei.membership_end:
|
||||
return redirect(reverse_lazy('wei:wei_closed', args=(wei.pk,)))
|
||||
|
||||
if not PermissionBackend.check_perm(self.request.user, "wei.delete_weiregistration", object):
|
||||
if not PermissionBackend.check_perm(self.request, "wei.delete_weiregistration", object):
|
||||
raise PermissionDenied(_("You don't have the right to delete this WEI registration."))
|
||||
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
@ -770,7 +821,6 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
Validate WEI Registration
|
||||
"""
|
||||
model = WEIMembership
|
||||
form_class = WEIMembershipForm
|
||||
extra_context = {"title": _("Validate WEI registration")}
|
||||
|
||||
def get_sample_object(self):
|
||||
@ -816,25 +866,22 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
date_start__gte=bde.membership_start,
|
||||
).exists()
|
||||
|
||||
fee = registration.wei.membership_fee_paid if registration.user.profile.paid \
|
||||
else registration.wei.membership_fee_unpaid
|
||||
if not context["kfet_member"]:
|
||||
fee += kfet.membership_fee_paid if registration.user.profile.paid \
|
||||
else kfet.membership_fee_unpaid
|
||||
if not context["bde_member"]:
|
||||
fee += bde.membership_fee_paid if registration.user.profile.paid \
|
||||
else bde.membership_fee_unpaid
|
||||
|
||||
context["fee"] = fee
|
||||
context["fee"] = registration.fee
|
||||
|
||||
form = context["form"]
|
||||
if registration.soge_credit:
|
||||
form.fields["credit_amount"].initial = fee
|
||||
form.fields["credit_amount"].initial = registration.fee
|
||||
else:
|
||||
form.fields["credit_amount"].initial = max(0, fee - registration.user.note.balance)
|
||||
form.fields["credit_amount"].initial = max(0, registration.fee - registration.user.note.balance)
|
||||
|
||||
return context
|
||||
|
||||
def get_form_class(self):
|
||||
registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
|
||||
if registration.first_year and 'sleected_bus_pk' not in registration.information:
|
||||
return WEIMembership1AForm
|
||||
return WEIMembershipForm
|
||||
|
||||
def get_form(self, form_class=None):
|
||||
form = super().get_form(form_class)
|
||||
registration = WEIRegistration.objects.get(pk=self.kwargs["pk"])
|
||||
@ -850,25 +897,27 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
form.fields["bank"].disabled = True
|
||||
form.fields["bank"].initial = "Société générale"
|
||||
|
||||
form.fields["bus"].widget.attrs["api_url"] = "/api/wei/bus/?wei=" + str(registration.wei.pk)
|
||||
if registration.first_year:
|
||||
# Use the results of the survey to fill initial data
|
||||
# A first year has no other role than "1A"
|
||||
del form.fields["roles"]
|
||||
survey = CurrentSurvey(registration)
|
||||
if survey.information.valid:
|
||||
form.fields["bus"].initial = survey.information.get_selected_bus()
|
||||
else:
|
||||
# Use the choice of the member to fill initial data
|
||||
information = registration.information
|
||||
if "preferred_bus_pk" in information and len(information["preferred_bus_pk"]) == 1:
|
||||
form["bus"].initial = Bus.objects.get(pk=information["preferred_bus_pk"][0])
|
||||
if "preferred_team_pk" in information and len(information["preferred_team_pk"]) == 1:
|
||||
form["team"].initial = BusTeam.objects.get(pk=information["preferred_team_pk"][0])
|
||||
if "preferred_roles_pk" in information:
|
||||
form["roles"].initial = WEIRole.objects.filter(
|
||||
Q(pk__in=information["preferred_roles_pk"]) | Q(name="Adhérent WEI")
|
||||
).all()
|
||||
if 'bus' in form.fields:
|
||||
# For 2A+ and hardcoded 1A
|
||||
form.fields["bus"].widget.attrs["api_url"] = "/api/wei/bus/?wei=" + str(registration.wei.pk)
|
||||
if registration.first_year:
|
||||
# Use the results of the survey to fill initial data
|
||||
# A first year has no other role than "1A"
|
||||
del form.fields["roles"]
|
||||
survey = CurrentSurvey(registration)
|
||||
if survey.information.valid:
|
||||
form.fields["bus"].initial = survey.information.get_selected_bus()
|
||||
else:
|
||||
# Use the choice of the member to fill initial data
|
||||
information = registration.information
|
||||
if "preferred_bus_pk" in information and len(information["preferred_bus_pk"]) == 1:
|
||||
form["bus"].initial = Bus.objects.get(pk=information["preferred_bus_pk"][0])
|
||||
if "preferred_team_pk" in information and len(information["preferred_team_pk"]) == 1:
|
||||
form["team"].initial = BusTeam.objects.get(pk=information["preferred_team_pk"][0])
|
||||
if "preferred_roles_pk" in information:
|
||||
form["roles"].initial = WEIRole.objects.filter(
|
||||
Q(pk__in=information["preferred_roles_pk"]) | Q(name="Adhérent WEI")
|
||||
).all()
|
||||
return form
|
||||
|
||||
@transaction.atomic
|
||||
@ -957,12 +1006,11 @@ class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||
membership.roles.set(WEIRole.objects.filter(name="1A").all())
|
||||
membership.save()
|
||||
|
||||
ret = super().form_valid(form)
|
||||
|
||||
membership.save()
|
||||
membership.refresh_from_db()
|
||||
membership.roles.add(WEIRole.objects.get(name="Adhérent WEI"))
|
||||
|
||||
return ret
|
||||
return super().form_valid(form)
|
||||
|
||||
def get_success_url(self):
|
||||
self.object.refresh_from_db()
|
||||
@ -1056,7 +1104,7 @@ class MemberListRenderView(LoginRequiredMixin, View):
|
||||
"""
|
||||
|
||||
def get_queryset(self, **kwargs):
|
||||
qs = WEIMembership.objects.filter(PermissionBackend.filter_queryset(self.request.user, WEIMembership, "view"))
|
||||
qs = WEIMembership.objects.filter(PermissionBackend.filter_queryset(self.request, WEIMembership, "view"))
|
||||
qs = qs.filter(club__pk=self.kwargs["wei_pk"]).order_by(
|
||||
Lower('bus__name'),
|
||||
Lower('team__name'),
|
||||
@ -1129,3 +1177,65 @@ class MemberListRenderView(LoginRequiredMixin, View):
|
||||
shutil.rmtree(tmp_dir)
|
||||
|
||||
return response
|
||||
|
||||
|
||||
class WEI1AListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableView):
|
||||
model = WEIRegistration
|
||||
template_name = "wei/1A_list.html"
|
||||
table_class = WEIRegistration1ATable
|
||||
extra_context = {"title": _("Attribute buses to first year members")}
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
self.club = WEIClub.objects.get(pk=self.kwargs["pk"])
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_queryset(self, filter_permissions=True, **kwargs):
|
||||
qs = super().get_queryset(filter_permissions, **kwargs)
|
||||
qs = qs.filter(first_year=True, membership__isnull=False)
|
||||
qs = qs.order_by('-membership__bus')
|
||||
return qs
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context['club'] = self.club
|
||||
context['bus_repartition_table'] = BusRepartitionTable(
|
||||
Bus.objects.filter(wei=self.club, size__gt=0)
|
||||
.filter(PermissionBackend.filter_queryset(self.request, Bus, "view"))
|
||||
.all())
|
||||
return context
|
||||
|
||||
|
||||
class WEIAttributeBus1AView(ProtectQuerysetMixin, DetailView):
|
||||
model = WEIRegistration
|
||||
template_name = "wei/attribute_bus_1A.html"
|
||||
extra_context = {"title": _("Attribute bus")}
|
||||
|
||||
def get_queryset(self, filter_permissions=True, **kwargs):
|
||||
qs = super().get_queryset(filter_permissions, **kwargs)
|
||||
qs = qs.filter(first_year=True)
|
||||
return qs
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
obj = self.get_object()
|
||||
if 'selected_bus_pk' not in obj.information:
|
||||
return redirect(reverse_lazy('wei:wei_survey', args=(obj.pk,)))
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context['club'] = self.object.wei
|
||||
context['survey'] = CurrentSurvey(self.object)
|
||||
return context
|
||||
|
||||
|
||||
class WEIAttributeBus1ANextView(LoginRequiredMixin, RedirectView):
|
||||
def get_redirect_url(self, *args, **kwargs):
|
||||
wei = WEIClub.objects.filter(pk=self.kwargs['pk'])
|
||||
if not wei.exists():
|
||||
raise Http404
|
||||
wei = wei.get()
|
||||
qs = WEIRegistration.objects.filter(wei=wei, membership__isnull=False, membership__bus__isnull=True)
|
||||
qs = qs.filter(information_json__contains='selected_bus_pk') # not perfect, but works...
|
||||
if qs.exists():
|
||||
return reverse_lazy('wei:wei_bus_1A', args=(qs.first().pk, ))
|
||||
return reverse_lazy('wei:wei_1A_list', args=(wei.pk, ))
|
||||
|
||||
@ -5,19 +5,10 @@ L'authentification `OAuth2 <https://fr.wikipedia.org/wiki/OAuth>`_ est supporté
|
||||
Note Kfet. Elle offre l'avantage non seulement d'identifier les utilisateurs, mais aussi
|
||||
de transmettre des informations à un service tiers tels que des informations personnelles,
|
||||
le solde de la note ou encore les adhésions de l'utilisateur, en l'avertissant sur
|
||||
quelles données sont effectivement collectées.
|
||||
quelles données sont effectivement collectées. Ainsi, il est possible de développer des
|
||||
appplications tierces qui peuvent se baser sur les données de la Note Kfet ou encore
|
||||
faire des transactions.
|
||||
|
||||
.. danger::
|
||||
L'implémentation actuelle ne permet pas de choisir quels droits on offre. Se connecter
|
||||
par OAuth2 offre actuellement exactement les mêmes permissions que l'on n'aurait
|
||||
normalement, avec le masque le plus haut, y compris en écriture.
|
||||
|
||||
Faites alors très attention lorsque vous vous connectez à un service tiers via OAuth2,
|
||||
et contrôlez bien exactement ce que l'application fait de vos données, à savoir si
|
||||
elle ignore bien tout ce dont elle n'a pas besoin.
|
||||
|
||||
À l'avenir, la fenêtre d'authentification pourra vous indiquer clairement quels
|
||||
paramètres sont collectés.
|
||||
|
||||
Configuration du serveur
|
||||
------------------------
|
||||
@ -44,7 +35,15 @@ l'authentification OAuth2. On adapte alors la configuration pour permettre cela
|
||||
...
|
||||
}
|
||||
|
||||
On ajoute les routes dans ``urls.py`` :
|
||||
On a ensuite besoin de définir nos propres scopes afin d'avoir des permissions fines :
|
||||
|
||||
.. code:: python
|
||||
|
||||
OAUTH2_PROVIDER = {
|
||||
'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
|
||||
}
|
||||
|
||||
On ajoute enfin les routes dans ``urls.py`` :
|
||||
|
||||
.. code:: python
|
||||
|
||||
@ -58,8 +57,7 @@ L'OAuth2 est désormais prêt à être utilisé.
|
||||
Configuration client
|
||||
--------------------
|
||||
|
||||
Contrairement au `CAS <cas>`_, n'importe qui peut en théorie créer une application OAuth2.
|
||||
En théorie, car pour l'instant les permissions ne leur permettent pas.
|
||||
Contrairement au `CAS <cas>`_, n'importe qui peut créer une application OAuth2.
|
||||
|
||||
Pour créer une application, il faut se rendre à la page
|
||||
`/o/applications/ <https://note.crans.org/o/applications/>`_. Dans ``client type``,
|
||||
@ -72,14 +70,30 @@ Il vous suffit de donner à votre application :
|
||||
|
||||
* L'identifiant client (client-ID)
|
||||
* La clé secrète
|
||||
* Les scopes : sous-ensemble de ``[read, write]`` (ignoré pour l'instant, cf premier paragraphe)
|
||||
* Les scopes, qui peuvent être récupérées sur cette page : `<https://note.crans.org/permission/scopes/>`_
|
||||
* L'URL d'autorisation : `<https://note.crans.org/o/authorize/>`_
|
||||
* L'URL d'obtention de jeton : `<https://note.crans.org/o/token/>`_
|
||||
* L'URL de récupération des informations de l'utilisateur : `<https://note.crans.org/api/me/>`_
|
||||
* Si besoin, l'URL de récupération des informations de l'utilisateur : `<https://note.crans.org/api/me/>`_
|
||||
|
||||
N'hésitez pas à consulter la page `<https://note.crans.org/api/me/>`_ pour s'imprégner
|
||||
du format renvoyé.
|
||||
|
||||
.. warning::
|
||||
|
||||
Un petit mot sur les scopes : tel qu'implémenté, une scope est une permission unitaire
|
||||
(telle que décrite dans le modèle ``Permission``) associée à un club. Ainsi, un jeton
|
||||
a accès à une scope si et seulement si le/la propriétaire du jeton dispose d'une adhésion
|
||||
courante dans le club lié à la scope qui lui octroie cette permission.
|
||||
|
||||
Par exemple, un jeton pourra avoir accès à la permission de créer des transactions en lien
|
||||
avec un club si et seulement si le propriétaire du jeton est trésorier du club.
|
||||
|
||||
La vérification des droits du propriétaire est faite systématiquement, afin de ne pas
|
||||
faire confiance au jeton en cas de droits révoqués à son propriétaire.
|
||||
|
||||
Vous pouvez donc contrôler le plus finement possible les permissions octroyées à vos
|
||||
jetons.
|
||||
|
||||
Avec Django-allauth
|
||||
###################
|
||||
|
||||
@ -131,3 +145,97 @@ alors autant le faire via un shell python :
|
||||
Si vous avez bien configuré ``django-allauth``, vous êtes désormais prêts par à vous
|
||||
connecter via la note :) Par défaut, nom, prénom, pseudo et adresse e-mail sont
|
||||
récupérés. Les autres données sont stockées mais inutilisées.
|
||||
|
||||
|
||||
Application personnalisée
|
||||
#########################
|
||||
|
||||
Ce modèle vous permet de créer vos propres applications à interfacer avec la Note Kfet.
|
||||
|
||||
Commencez par créer une application : `<https://note.crans.org/o/applications/register>`_.
|
||||
Dans ``Client type``, choisissez ``Confidential`` si des informations confidentielles sont
|
||||
amenées à transiter, sinon ``public``. Choisissez ``Authorization code`` dans
|
||||
``Authorization grant type``.
|
||||
|
||||
Dans ``Redirect uris``, vous devez insérer l'ensemble des URL autorisées à être redirigées
|
||||
à la suite d'une autorisation OAuth2. La première URL entrée sera l'URL par défaut dans le
|
||||
cas où elle n'est pas explicitement indiquée lors de l'autorisation.
|
||||
|
||||
.. note::
|
||||
|
||||
À des fins de tests, il est possible de laisser `<http://localhost/>`_ pour faire des
|
||||
appels à la main en récupérant le jeton d'autorisation.
|
||||
|
||||
Lorsqu'un client veut s'authentifier via la Note Kfet, il va devoir accéder à une page
|
||||
d'authentification. La page d'autorisation est `<https://note.crans.org/o/authorize/>`_,
|
||||
c'est sur cette page qu'il faut rediriger les utilisateurs. Il faut mettre en paramètre GET :
|
||||
|
||||
* ``client_id`` : l'identifiant client de l'application (public) ;
|
||||
* ``response_type`` : mettre ``code`` ;
|
||||
* ``scope`` : l'ensemble des scopes demandés, séparés par des espaces. Ces scopes peuvent
|
||||
être récupérés sur la page `<https://note.crans.org/permission/scopes/>`_.
|
||||
* ``redirect_uri`` : l'URL sur laquelle rediriger qui récupérera le code d'accès. Doit être
|
||||
autorisée par l'application. À des fins de test, peut être `<http://localhost/>`_.
|
||||
* ``state`` : optionnel, peut être utilisé pour permettre au client de détecter des requêtes
|
||||
provenant d'autres sites.
|
||||
|
||||
Sur cette page, les permissions demandées seront listées, et l'utilisateur aura le choix
|
||||
d'accepter ou non. Dans les deux cas, l'utilisateur sera redirigée vers ``redirect_uri``,
|
||||
avec pour paramètre GET soit le message d'erreur, soit un paramètre ``code`` correspondant
|
||||
au code d'autorisation.
|
||||
|
||||
Une fois ce code d'autorisation récupéré, il faut désormais récupérer le jeton d'accès.
|
||||
Il faut pour cela aller sur l'URL `<https://note.crans.org/o/token/>`_, effectuer une
|
||||
requête POST avec pour arguments :
|
||||
|
||||
* ``client_id`` ;
|
||||
* ``client_secret`` ;
|
||||
* ``grant_type`` : mettre ``authorization_code`` ;
|
||||
* ``code`` : le code généré.
|
||||
|
||||
À noter que le code fourni n'est disponible que pendant quelques secondes.
|
||||
|
||||
À des fins de tests, on peut envoyer la requête avec ``curl`` :
|
||||
|
||||
.. code:: bash
|
||||
|
||||
curl -X POST https://note.crans.org/o/token/ -d "client_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&grant_type=authorization_code&code=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
|
||||
Le serveur renverra si tout se passe bien une réponse JSON :
|
||||
|
||||
.. code:: json
|
||||
|
||||
{
|
||||
"access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
|
||||
"expires_in": 36000,
|
||||
"token_type": "Bearer",
|
||||
"scope": "1_1 1_2",
|
||||
"refresh_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
}
|
||||
|
||||
On note donc 2 jetons différents : un d'accès et un de rafraîchissement. Le jeton d'accès
|
||||
est celui qui sera donné à l'API pour s'authentifier, et qui expire au bout de quelques
|
||||
heures.
|
||||
|
||||
Il suffit désormais d'ajouter l'en-tête ``Authorization: Bearer ACCESS_TOKEN`` pour se
|
||||
connecter à la note grâce à ce jeton d'accès.
|
||||
|
||||
Pour tester :
|
||||
|
||||
.. code:: bash
|
||||
|
||||
curl https://note.crans.org/api/me -H "Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
|
||||
En cas d'expiration de ce jeton d'accès, il est possible de le renouveler grâce au jeton
|
||||
de rafraichissement à usage unique. Il suffit pour cela de refaire une requête sur la page
|
||||
`<https://note.crans.org/o/token/>`_ avec pour paramètres :
|
||||
|
||||
* ``client_id`` ;
|
||||
* ``client_secret`` ;
|
||||
* ``grant_type`` : mettre ``refresh_token`` ;
|
||||
* ``refresh_token`` : le jeton de rafraîchissement.
|
||||
|
||||
Le serveur vous fournira alors une nouvelle paire de jetons, comme précédemment.
|
||||
À noter qu'un jeton de rafraîchissement est à usage unique.
|
||||
|
||||
N'hésitez pas à vous renseigner sur OAuth2 pour plus d'informations.
|
||||
|
||||
@ -23,7 +23,7 @@ Sur un Ubuntu/Debian :
|
||||
$ sudo apt update
|
||||
$ sudo apt install --no-install-recommends -y \
|
||||
python3-setuptools python3-venv python3-dev \
|
||||
texlive-xetex gettext libjs-bootstrap4 fonts-font-awesome git
|
||||
texlive-xetex gettext libjs-bootstrap4 git
|
||||
|
||||
Pour Arch Linux :
|
||||
|
||||
|
||||
@ -62,7 +62,7 @@ plus propre. On peut donc installer tout ce dont on a besoin, depuis buster-back
|
||||
$ sudo apt update
|
||||
$ sudo apt install -t buster-backports --no-install-recommends \
|
||||
gettext git ipython3 \ # Dépendances basiques
|
||||
fonts-font-awesome libjs-bootstrap4 \ # Pour l'affichage web
|
||||
libjs-bootstrap4 \ # Pour l'affichage web
|
||||
python3-bs4 python3-django python3-django-crispy-forms python3-django-extensions \
|
||||
python3-django-filters python3-django-oauth-toolkit python3-django-polymorphic \
|
||||
python3-djangorestframework python3-memcache python3-phonenumbers \
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -6,7 +6,6 @@ from django.contrib.admin import AdminSite
|
||||
from django.contrib.sites.admin import Site, SiteAdmin
|
||||
|
||||
from member.views import CustomLoginView
|
||||
from .middlewares import get_current_session
|
||||
|
||||
|
||||
class StrongAdminSite(AdminSite):
|
||||
@ -14,8 +13,7 @@ class StrongAdminSite(AdminSite):
|
||||
"""
|
||||
Authorize only staff that have the correct permission mask
|
||||
"""
|
||||
session = get_current_session()
|
||||
return request.user.is_active and request.user.is_staff and session.get("permission_mask", -1) >= 42
|
||||
return request.user.is_active and request.user.is_staff and request.session.get("permission_mask", -1) >= 42
|
||||
|
||||
def login(self, request, extra_context=None):
|
||||
return CustomLoginView.as_view()(request)
|
||||
|
||||
@ -1,43 +1,23 @@
|
||||
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import login
|
||||
from django.contrib.auth.models import AnonymousUser, User
|
||||
from django.contrib.sessions.backends.db import SessionStore
|
||||
|
||||
from threading import local
|
||||
|
||||
USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
|
||||
SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
|
||||
IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import login
|
||||
from django.contrib.auth.models import User
|
||||
|
||||
REQUEST_ATTR_NAME = getattr(settings, 'LOCAL_REQUEST_ATTR_NAME', '_current_request')
|
||||
|
||||
_thread_locals = local()
|
||||
|
||||
|
||||
def _set_current_user_and_ip(user=None, session=None, ip=None):
|
||||
setattr(_thread_locals, USER_ATTR_NAME, user)
|
||||
setattr(_thread_locals, SESSION_ATTR_NAME, session)
|
||||
setattr(_thread_locals, IP_ATTR_NAME, ip)
|
||||
def _set_current_request(request=None):
|
||||
setattr(_thread_locals, REQUEST_ATTR_NAME, request)
|
||||
|
||||
|
||||
def get_current_user() -> User:
|
||||
return getattr(_thread_locals, USER_ATTR_NAME, None)
|
||||
|
||||
|
||||
def get_current_session() -> SessionStore:
|
||||
return getattr(_thread_locals, SESSION_ATTR_NAME, None)
|
||||
|
||||
|
||||
def get_current_ip() -> str:
|
||||
return getattr(_thread_locals, IP_ATTR_NAME, None)
|
||||
|
||||
|
||||
def get_current_authenticated_user():
|
||||
current_user = get_current_user()
|
||||
if isinstance(current_user, AnonymousUser):
|
||||
return None
|
||||
return current_user
|
||||
def get_current_request():
|
||||
return getattr(_thread_locals, REQUEST_ATTR_NAME, None)
|
||||
|
||||
|
||||
class SessionMiddleware(object):
|
||||
@ -49,8 +29,6 @@ class SessionMiddleware(object):
|
||||
self.get_response = get_response
|
||||
|
||||
def __call__(self, request):
|
||||
user = request.user
|
||||
|
||||
# If we authenticate through a token to connect to the API, then we query the good user
|
||||
if 'HTTP_AUTHORIZATION' in request.META and request.path.startswith("/api"):
|
||||
token = request.META.get('HTTP_AUTHORIZATION')
|
||||
@ -60,20 +38,14 @@ class SessionMiddleware(object):
|
||||
if Token.objects.filter(key=token).exists():
|
||||
token_obj = Token.objects.get(key=token)
|
||||
user = token_obj.user
|
||||
request.user = user
|
||||
session = request.session
|
||||
session["permission_mask"] = 42
|
||||
session.save()
|
||||
|
||||
if 'HTTP_X_REAL_IP' in request.META:
|
||||
ip = request.META.get('HTTP_X_REAL_IP')
|
||||
elif 'HTTP_X_FORWARDED_FOR' in request.META:
|
||||
ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
|
||||
else:
|
||||
ip = request.META.get('REMOTE_ADDR')
|
||||
|
||||
_set_current_user_and_ip(user, request.session, ip)
|
||||
_set_current_request(request)
|
||||
response = self.get_response(request)
|
||||
_set_current_user_and_ip(None, None, None)
|
||||
_set_current_request(None)
|
||||
|
||||
return response
|
||||
|
||||
@ -103,7 +75,7 @@ class LoginByIPMiddleware(object):
|
||||
else:
|
||||
ip = request.META.get('REMOTE_ADDR')
|
||||
|
||||
qs = User.objects.filter(password=f"ipbased${ip}")
|
||||
qs = User.objects.filter(password__iregex=f"ipbased\\$.*\\^{ip}\\$.*")
|
||||
if qs.exists():
|
||||
login(request, qs.get())
|
||||
session = request.session
|
||||
|
||||
@ -245,6 +245,11 @@ REST_FRAMEWORK = {
|
||||
'PAGE_SIZE': 20,
|
||||
}
|
||||
|
||||
# OAuth2 Provider
|
||||
OAUTH2_PROVIDER = {
|
||||
'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
|
||||
}
|
||||
|
||||
# Take control on how widget templates are sourced
|
||||
# See https://docs.djangoproject.com/en/2.2/ref/forms/renderers/#templatessetting
|
||||
FORM_RENDERER = 'django.forms.renderers.TemplatesSetting'
|
||||
|
||||
@ -7,8 +7,8 @@
|
||||
* @returns {string}
|
||||
*/
|
||||
function pretty_money (value) {
|
||||
if (value % 100 === 0) { return (value < 0 ? '- ' : '') + Math.round(Math.abs(value) / 100) + ' €' } else {
|
||||
return (value < 0 ? '- ' : '') + Math.round(Math.abs(value) / 100) + '.' +
|
||||
if (value % 100 === 0) { return (value < 0 ? '- ' : '') + Math.floor(Math.abs(value) / 100) + ' €' } else {
|
||||
return (value < 0 ? '- ' : '') + Math.floor(Math.abs(value) / 100) + '.' +
|
||||
(Math.abs(value) % 100 < 10 ? '0' : '') + (Math.abs(value) % 100) + ' €'
|
||||
}
|
||||
}
|
||||
@ -96,7 +96,11 @@ function displayStyle (note) {
|
||||
if (!note) { return '' }
|
||||
const balance = note.balance
|
||||
var css = ''
|
||||
if (balance < -5000) { css += ' text-danger bg-dark' } else if (balance < -1000) { css += ' text-danger' } else if (balance < 0) { css += ' text-warning' } else if (!note.email_confirmed) { css += ' text-white bg-primary' } else if (!note.is_active || (note.membership && note.membership.date_end < new Date().toISOString())) { css += 'text-white bg-info' }
|
||||
if (balance < -5000) { css += ' text-danger bg-dark' }
|
||||
else if (balance < -1000) { css += ' text-danger' }
|
||||
else if (balance < 0) { css += ' text-warning' }
|
||||
if (!note.email_confirmed) { css += ' bg-primary' }
|
||||
else if (!note.is_active || (note.membership && note.membership.date_end < new Date().toISOString())) { css += ' bg-info' }
|
||||
return css
|
||||
}
|
||||
|
||||
@ -377,11 +381,11 @@ function de_validate (id, validated, resourcetype) {
|
||||
* @param callback Function to call
|
||||
* @param wait Debounced milliseconds
|
||||
*/
|
||||
function debounce (callback, wait) {
|
||||
let timeout
|
||||
let debounce_timeout
|
||||
function debounce (callback, wait=500) {
|
||||
return (...args) => {
|
||||
const context = this
|
||||
clearTimeout(timeout)
|
||||
timeout = setTimeout(() => callback.apply(context, args), wait)
|
||||
clearTimeout(debounce_timeout)
|
||||
debounce_timeout = setTimeout(() => callback.apply(context, args), wait)
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,9 +24,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<meta name="msapplication-config" content="{% static "favicon/browserconfig.xml" %}">
|
||||
<meta name="theme-color" content="#ffffff">
|
||||
|
||||
{# Bootstrap, Font Awesome and custom CSS #}
|
||||
{# Load CSS #}
|
||||
<link rel="stylesheet" href="{% static "bootstrap4/css/bootstrap.min.css" %}">
|
||||
<link rel="stylesheet" href="{% static "font-awesome/css/font-awesome.min.css" %}">
|
||||
<link rel="stylesheet" href="{% static "css/custom.css" %}">
|
||||
|
||||
{# JQuery, Bootstrap and Turbolinks JavaScript #}
|
||||
@ -64,54 +63,101 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% if "note.transactiontemplate"|not_empty_model_list %}
|
||||
<li class="nav-item">
|
||||
{% url 'note:consos' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-coffee"></i> {% trans 'Consumptions' %}</a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-mug" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M1 2a1 1 0 0 1 1-1h11a1 1 0 0 1 1 1v1h.5A1.5 1.5 0 0 1 16 4.5v7a1.5 1.5 0 0 1-1.5 1.5h-.55a2.5 2.5 0 0 1-2.45 2h-8A2.5 2.5 0 0 1 1 12.5V2zm13 10h.5a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.5-.5H14v8z"/>
|
||||
</svg>
|
||||
{% trans 'Consumptions' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if user.is_authenticated and user|is_member:"Kfet" %}
|
||||
<li class="nav-item">
|
||||
{% url 'note:transfer' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-exchange"></i> {% trans 'Transfer' %} </a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-exchange" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path fill-rule="evenodd" d="M1 11.5a.5.5 0 0 0 .5.5h11.793l-3.147 3.146a.5.5 0 0 0 .708.708l4-4a.5.5 0 0 0 0-.708l-4-4a.5.5 0 0 0-.708.708L13.293 11H1.5a.5.5 0 0 0-.5.5zm14-7a.5.5 0 0 1-.5.5H2.707l3.147 3.146a.5.5 0 1 1-.708.708l-4-4a.5.5 0 0 1 0-.708l4-4a.5.5 0 1 1 .708.708L2.707 4H14.5a.5.5 0 0 1 .5.5z"/>
|
||||
</svg>
|
||||
{% trans 'Transfer' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "auth.user"|model_list_length >= 2 %}
|
||||
<li class="nav-item">
|
||||
{% url 'member:user_list' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-user"></i> {% trans 'Users' %}</a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-user" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
</svg>
|
||||
{% trans 'Users' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "member.club"|not_empty_model_list %}
|
||||
<li class="nav-item">
|
||||
{% url 'member:club_list' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-users"></i> {% trans 'Clubs' %}</a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-users" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7 14s-1 0-1-1 1-4 5-4 5 3 5 4-1 1-1 1H7zm4-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
<path fill-rule="evenodd" d="M5.216 14A2.238 2.238 0 0 1 5 13c0-1.355.68-2.75 1.936-3.72A6.325 6.325 0 0 0 5 9c-4 0-5 3-5 4s1 1 1 1h4.216z"/>
|
||||
<path d="M4.5 8a2.5 2.5 0 1 0 0-5 2.5 2.5 0 0 0 0 5z"/>
|
||||
</svg>
|
||||
{% trans 'Clubs' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "activity.activity"|not_empty_model_list %}
|
||||
<li class="nav-item">
|
||||
{% url 'activity:activity_list' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-calendar"></i> {% trans 'Activities' %}</a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-calendar" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M3.5 0a.5.5 0 0 1 .5.5V1h8V.5a.5.5 0 0 1 1 0V1h1a2 2 0 0 1 2 2v11a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2V5h16V4H0V3a2 2 0 0 1 2-2h1V.5a.5.5 0 0 1 .5-.5z"/>
|
||||
</svg>
|
||||
{% trans 'Activities' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "treasury.invoice"|not_empty_model_list %}
|
||||
<li class="nav-item">
|
||||
{% url 'treasury:invoice_list' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-credit-card"></i> {% trans 'Treasury' %}</a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-credit-card" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M0 4a2 2 0 0 1 2-2h12a2 2 0 0 1 2 2v1H0V4zm0 3v5a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V7H0zm3 2h1a1 1 0 0 1 1 1v1a1 1 0 0 1-1 1H3a1 1 0 0 1-1-1v-1a1 1 0 0 1 1-1z"/>
|
||||
</svg>
|
||||
{% trans 'Treasury' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if "wei.weiclub"|not_empty_model_list %}
|
||||
<li class="nav-item">
|
||||
{% url 'wei:current_wei_detail' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-bus"></i> {% trans 'WEI' %}</a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-signpost" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M7.293.707A1 1 0 0 0 7 1.414V4H2a1 1 0 0 0-1 1v4a1 1 0 0 0 1 1h5v6h2v-6h3.532a1 1 0 0 0 .768-.36l1.933-2.32a.5.5 0 0 0 0-.64L13.3 4.36a1 1 0 0 0-.768-.36H9V1.414A1 1 0 0 0 7.293.707z"/>
|
||||
</svg>
|
||||
{% trans 'WEI' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if request.user.is_authenticated %}
|
||||
<li class="nav-item">
|
||||
{% url 'permission:rights' as url %}
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}"><i class="fa fa-balance-scale"></i> {% trans 'Rights' %}</a>
|
||||
<a class="nav-link {% if request.path_info == url %}active{% endif %}" href="{{ url }}">
|
||||
<svg class="bi bi-shield" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path fill-rule="evenodd" d="M8 0c-.69 0-1.843.265-2.928.56-1.11.3-2.229.655-2.887.87a1.54 1.54 0 0 0-1.044 1.262c-.596 4.477.787 7.795 2.465 9.99a11.777 11.777 0 0 0 2.517 2.453c.386.273.744.482 1.048.625.28.132.581.24.829.24s.548-.108.829-.24a7.159 7.159 0 0 0 1.048-.625 11.775 11.775 0 0 0 2.517-2.453c1.678-2.195 3.061-5.513 2.465-9.99a1.541 1.541 0 0 0-1.044-1.263 62.467 62.467 0 0 0-2.887-.87C9.843.266 8.69 0 8 0zm0 5a1.5 1.5 0 0 1 .5 2.915l.385 1.99a.5.5 0 0 1-.491.595h-.788a.5.5 0 0 1-.49-.595l.384-1.99A1.5 1.5 0 0 1 8 5z"/>
|
||||
</svg>
|
||||
{% trans 'Rights' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if request.user.is_staff and ""|has_perm:user %}
|
||||
<li class="nav-item">
|
||||
<a data-turbolinks="false" class="nav-link" href="{% url 'admin:index' %}"><i class="fa fa-cogs"></i> {% trans 'Admin' %}</a>
|
||||
<a data-turbolinks="false" class="nav-link" href="{% url 'admin:index' %}">
|
||||
<svg class="bi bi-cog" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M9.405 1.05c-.413-1.4-2.397-1.4-2.81 0l-.1.34a1.464 1.464 0 0 1-2.105.872l-.31-.17c-1.283-.698-2.686.705-1.987 1.987l.169.311c.446.82.023 1.841-.872 2.105l-.34.1c-1.4.413-1.4 2.397 0 2.81l.34.1a1.464 1.464 0 0 1 .872 2.105l-.17.31c-.698 1.283.705 2.686 1.987 1.987l.311-.169a1.464 1.464 0 0 1 2.105.872l.1.34c.413 1.4 2.397 1.4 2.81 0l.1-.34a1.464 1.464 0 0 1 2.105-.872l.31.17c1.283.698 2.686-.705 1.987-1.987l-.169-.311a1.464 1.464 0 0 1 .872-2.105l.34-.1c1.4-.413 1.4-2.397 0-2.81l-.34-.1a1.464 1.464 0 0 1-.872-2.105l.17-.31c.698-1.283-.705-2.686-1.987-1.987l-.311.169a1.464 1.464 0 0 1-2.105-.872l-.1-.34zM8 10.93a2.929 2.929 0 1 1 0-5.86 2.929 2.929 0 0 1 0 5.858z"/>
|
||||
</svg>
|
||||
{% trans 'Admin' %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
@ -119,16 +165,25 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% if request.user.is_authenticated %}
|
||||
<li class="dropdown">
|
||||
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
|
||||
<i class="fa fa-user"></i>
|
||||
<svg class="bi bi-user" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
</svg>
|
||||
<span id="user_balance">{{ request.user.username }} ({{ request.user.note.balance | pretty_money }})</span>
|
||||
</a>
|
||||
<div class="dropdown-menu dropdown-menu-right"
|
||||
aria-labelledby="navbarDropdownMenuLink">
|
||||
<a class="dropdown-item" href="{% url 'member:user_detail' pk=request.user.pk %}">
|
||||
<i class="fa fa-user"></i> {% trans "My account" %}
|
||||
<svg class="bi bi-user" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M3 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H3zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
</svg>
|
||||
{% trans "My account" %}
|
||||
</a>
|
||||
<a class="dropdown-item" href="{% url 'logout' %}">
|
||||
<i class="fa fa-sign-out"></i> {% trans "Log out" %}
|
||||
<svg class="bi bi-signout" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path fill-rule="evenodd" d="M10 12.5a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-9a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v2a.5.5 0 0 0 1 0v-2A1.5 1.5 0 0 0 9.5 2h-8A1.5 1.5 0 0 0 0 3.5v9A1.5 1.5 0 0 0 1.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-2a.5.5 0 0 0-1 0v2z"/>
|
||||
<path fill-rule="evenodd" d="M15.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 0 0-.708.708L14.293 7.5H5.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
|
||||
</svg>
|
||||
{% trans "Log out" %}
|
||||
</a>
|
||||
</div>
|
||||
</li>
|
||||
@ -136,14 +191,22 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% if request.path != "/registration/signup/" %}
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="{% url 'registration:signup' %}">
|
||||
<i class="fa fa-user-plus"></i> {% trans "Sign up" %}
|
||||
<svg class="bi bi-user-plus" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path d="M1 14s-1 0-1-1 1-4 6-4 6 3 6 4-1 1-1 1H1zm5-6a3 3 0 1 0 0-6 3 3 0 0 0 0 6z"/>
|
||||
<path fill-rule="evenodd" d="M13.5 5a.5.5 0 0 1 .5.5V7h1.5a.5.5 0 0 1 0 1H14v1.5a.5.5 0 0 1-1 0V8h-1.5a.5.5 0 0 1 0-1H13V5.5a.5.5 0 0 1 .5-.5z"/>
|
||||
</svg>
|
||||
{% trans "Sign up" %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if request.path != "/accounts/login/" %}
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="{% url 'login' %}">
|
||||
<i class="fa fa-sign-in"></i> {% trans "Log in" %}
|
||||
<svg class="bi bi-login" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16">
|
||||
<path fill-rule="evenodd" d="M6 3.5a.5.5 0 0 1 .5-.5h8a.5.5 0 0 1 .5.5v9a.5.5 0 0 1-.5.5h-8a.5.5 0 0 1-.5-.5v-2a.5.5 0 0 0-1 0v2A1.5 1.5 0 0 0 6.5 14h8a1.5 1.5 0 0 0 1.5-1.5v-9A1.5 1.5 0 0 0 14.5 2h-8A1.5 1.5 0 0 0 5 3.5v2a.5.5 0 0 0 1 0v-2z"/>
|
||||
<path fill-rule="evenodd" d="M11.854 8.354a.5.5 0 0 0 0-.708l-3-3a.5.5 0 1 0-.708.708L10.293 7.5H1.5a.5.5 0 0 0 0 1h8.793l-2.147 2.146a.5.5 0 0 0 .708.708l3-3z"/>
|
||||
</svg>
|
||||
{% trans "Log in" %}
|
||||
</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
@ -159,10 +222,6 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<div class="alert alert-danger">
|
||||
{% trans "You are not a BDE member anymore. Please renew your membership if you want to use the note." %}
|
||||
</div>
|
||||
{% elif not user|is_member:"Kfet" %}
|
||||
<div class="alert alert-warning">
|
||||
{% trans "You are not a Kfet member, so you can't use your note account." %}
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
{% if not user.profile.email_confirmed %}
|
||||
@ -174,8 +233,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% if user.sogecredit and not user.sogecredit.valid %}
|
||||
<div class="alert alert-info">
|
||||
{% blocktrans trimmed %}
|
||||
You declared that you opened a bank account in the Société générale. The bank did not validate the creation of the account to the BDE,
|
||||
so the registration bonus of 80 € is not credited and the membership is not paid yet.
|
||||
You declared that you opened a bank account in the Société générale. The bank did not validate
|
||||
the creation of the account to the BDE, so the membership and the WEI are not paid yet.
|
||||
This verification procedure may last a few days.
|
||||
Please make sure that you go to the end of the account creation.
|
||||
{% endblocktrans %}
|
||||
@ -197,6 +256,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<span class="text-muted mr-1">
|
||||
<a href="mailto:{{ "CONTACT_EMAIL" | getenv }}"
|
||||
class="text-muted">{% trans "Contact us" %}</a> —
|
||||
<a href="mailto:{{ "SUPPORT_EMAIL" | getenv }}"
|
||||
class="text-muted">{% trans "Technical Support" %}</a> —
|
||||
</span>
|
||||
{% csrf_token %}
|
||||
<select title="language" name="language"
|
||||
|
||||
@ -0,0 +1,24 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{% trans "Are you sure to delete the application" %} {{ application.name }}?</h3>
|
||||
</div>
|
||||
<div class="card-footer text-center">
|
||||
|
||||
<form method="post" action="{% url 'oauth2_provider:delete' application.pk %}">
|
||||
{% csrf_token %}
|
||||
|
||||
<div class="control-group">
|
||||
<div class="controls">
|
||||
<a class="btn btn-secondary btn-large" href="{% url "oauth2_provider:list" %}">{% trans "Cancel" %}</a>
|
||||
<input type="submit" class="btn btn-large btn-danger" name="allow" value="{% trans "Delete" %}"/>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock content %}
|
||||
42
note_kfet/templates/oauth2_provider/application_detail.html
Normal file
42
note_kfet/templates/oauth2_provider/application_detail.html
Normal file
@ -0,0 +1,42 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{{ application.name }}</h3>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<dl class="row">
|
||||
<dt class="col-xl-6">{% trans "Client id" %}</dt>
|
||||
<dd class="col-xl-6"><input class="form-control" type="text" value="{{ application.client_id }}" readonly></dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans "Client secret" %}</dt>
|
||||
<dd class="col-xl-6"><input class="form-control" type="text" value="****************************************************************" readonly></dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans "Client type" %}</dt>
|
||||
<dd class="col-xl-6">{{ application.client_type }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans "Authorization Grant Type" %}</dt>
|
||||
<dd class="col-xl-6">{{ application.authorization_grant_type }}</dd>
|
||||
|
||||
<dt class="col-xl-6">{% trans "Redirect Uris" %}</dt>
|
||||
<dd class="col-xl-6"><textarea class="form-control" readonly>{{ application.redirect_uris }}</textarea></dd>
|
||||
</dl>
|
||||
|
||||
<div class="alert alert-info">
|
||||
{% url 'permission:scopes' as scopes_url %}
|
||||
{% blocktrans trimmed %}
|
||||
You can go <a href="{{ scopes_url }}">here</a> to generate authorization link templates and convert
|
||||
permissions to scope numbers with the permissions that you want to grant for your application.
|
||||
{% endblocktrans %}
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div class="card-footer text-center">
|
||||
<a class="btn btn-secondary" href="{% url "oauth2_provider:list" %}">{% trans "Go Back" %}</a>
|
||||
<a class="btn btn-primary" href="{% url "oauth2_provider:update" application.id %}">{% trans "Edit" %}</a>
|
||||
<a class="btn btn-danger" href="{% url "oauth2_provider:delete" application.id %}">{% trans "Delete" %}</a>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock content %}
|
||||
30
note_kfet/templates/oauth2_provider/application_form.html
Normal file
30
note_kfet/templates/oauth2_provider/application_form.html
Normal file
@ -0,0 +1,30 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load crispy_forms_filters %}
|
||||
|
||||
{% block content %}
|
||||
<form class="form-horizontal" method="post" action="{% block app-form-action-url %}{% url 'oauth2_provider:update' application.id %}{% endblock app-form-action-url %}">
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3 class="block-center-heading">
|
||||
{% block app-form-title %}
|
||||
{% trans "Edit application" %} {{ application.name }}
|
||||
{% endblock app-form-title %}
|
||||
</h3>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
{% csrf_token %}
|
||||
{{ form|crispy }}
|
||||
</div>
|
||||
<div class="card-footer text-center control-group">
|
||||
<div class="controls">
|
||||
<a class="btn btn-secondary" href="{% block app-form-back-url %}{% url "oauth2_provider:detail" application.id %}{% endblock app-form-back-url %}">
|
||||
{% trans "Go Back" %}
|
||||
</a>
|
||||
<button type="submit" class="btn btn-primary">Save</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
{% endblock %}
|
||||
34
note_kfet/templates/oauth2_provider/application_list.html
Normal file
34
note_kfet/templates/oauth2_provider/application_list.html
Normal file
@ -0,0 +1,34 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{% trans "Your applications" %}</h3>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="alert alert-info">
|
||||
{% blocktrans trimmed %}
|
||||
You can find on this page the list of the applications that you already registered.
|
||||
{% endblocktrans %}
|
||||
</div>
|
||||
|
||||
{% if applications %}
|
||||
<ul>
|
||||
{% for application in applications %}
|
||||
<li><a href="{{ application.get_absolute_url }}">{{ application.name }}</a></li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% else %}
|
||||
<p>
|
||||
{% trans "No applications defined" %}.
|
||||
<a href="{% url 'oauth2_provider:register' %}">{% trans "Click here" %}</a> {% trans "if you want to register a new one" %}.
|
||||
</p>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div class="card-footer text-center">
|
||||
<a class="btn btn-success" href="{% url "oauth2_provider:register" %}">{% trans "New Application" %}</a>
|
||||
<a class="btn btn-secondary" href="{% url "oauth2_provider:authorized-token-list" %}">{% trans "Authorized Tokens" %}</a>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock content %}
|
||||
@ -0,0 +1,9 @@
|
||||
{% extends "oauth2_provider/application_form.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block app-form-title %}{% trans "Register a new application" %}{% endblock app-form-title %}
|
||||
|
||||
{% block app-form-action-url %}{% url 'oauth2_provider:register' %}{% endblock app-form-action-url %}
|
||||
|
||||
{% block app-form-back-url %}{% url "oauth2_provider:list" %}"{% endblock app-form-back-url %}
|
||||
49
note_kfet/templates/oauth2_provider/authorize.html
Normal file
49
note_kfet/templates/oauth2_provider/authorize.html
Normal file
@ -0,0 +1,49 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load crispy_forms_filters %}
|
||||
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<div class="card-header text-center">
|
||||
<h3>{% trans "Authorize" %} {{ application.name }} ?</h3>
|
||||
</div>
|
||||
{% if not error %}
|
||||
<form id="authorizationForm" method="post">
|
||||
<div class="card-body">
|
||||
<p>{% trans "Application requires following permissions:" %}</p>
|
||||
|
||||
<ul>
|
||||
{% for scope in scopes_descriptions %}
|
||||
<li>{{ scope }}</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
|
||||
{% csrf_token %}
|
||||
{{ form|crispy }}
|
||||
</div>
|
||||
<div class="card-footer text-center">
|
||||
<div class="control-group">
|
||||
<div class="controls">
|
||||
<input type="submit" class="btn btn-large btn-danger" value="{% trans "Cancel" %}"/>
|
||||
<input type="submit" class="btn btn-large btn-primary" name="allow" value="{% trans "Authorize" %}"/>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
{% else %}
|
||||
<div class="card-body">
|
||||
<h2>{% trans "Error:" %} {{ error.error }}</h2>
|
||||
<p>{{ error.description }}</p>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block extrajavascript %}
|
||||
<script>
|
||||
{# Small hack to have the remove the allow checkbox and replace it with the button #}
|
||||
{# Django oauth toolkit does simply not render the wdiget since it is not hidden, and create directly the button #}
|
||||
document.getElementById('div_id_allow').parentElement.remove()
|
||||
</script>
|
||||
{% endblock %}
|
||||
29
note_kfet/templates/oauth2_provider/authorized-oob.html
Normal file
29
note_kfet/templates/oauth2_provider/authorized-oob.html
Normal file
@ -0,0 +1,29 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
|
||||
{% block title %}
|
||||
Success code={{code}}
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<h3 class="card-header text-center">
|
||||
{% if not error %}
|
||||
{% trans "Success" %}
|
||||
{% else %}
|
||||
{% trans "Error:" %} {{ error.error }}
|
||||
{% endif %}
|
||||
</h3>
|
||||
|
||||
<div class="card-body">
|
||||
{% if not error %}
|
||||
<p>{% trans "Please return to your application and enter this code:" %}</p>
|
||||
|
||||
<p><code>{{ code }}</code></p>
|
||||
{% else %}
|
||||
<p>{{ error.description }}</p>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@ -0,0 +1,16 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<form action="" method="post">
|
||||
{% csrf_token %}
|
||||
<h3 class="card-header text-center">
|
||||
{% trans "Are you sure you want to delete this token?" %}
|
||||
</h3>
|
||||
<div class="card-footer text-center">
|
||||
<input type="submit" value="{% trans "Delete" %}" />
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
27
note_kfet/templates/oauth2_provider/authorized-tokens.html
Normal file
27
note_kfet/templates/oauth2_provider/authorized-tokens.html
Normal file
@ -0,0 +1,27 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<div class="card">
|
||||
<h3 class="card-header text-center">
|
||||
{% trans "Tokens" %}
|
||||
</h3>
|
||||
<div class="card-body">
|
||||
<ul>
|
||||
{% for authorized_token in authorized_tokens %}
|
||||
<li>
|
||||
{{ authorized_token.application }}
|
||||
(<a href="{% url 'oauth2_provider:authorized-token-delete' authorized_token.pk %}">revoke</a>)
|
||||
</li>
|
||||
<ul>
|
||||
{% for scope_name, scope_description in authorized_token.scopes.items %}
|
||||
<li>{{ scope_name }}: {{ scope_description }}</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% empty %}
|
||||
<li>{% trans "There are no authorized tokens yet." %}</li>
|
||||
{% endfor %}
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@ -35,8 +35,9 @@ urlpatterns = [
|
||||
path('coffee/', include('django_htcpcp_tea.urls')),
|
||||
]
|
||||
|
||||
# During development, serve media files
|
||||
# During development, serve static and media files
|
||||
if settings.DEBUG:
|
||||
urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
|
||||
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
|
||||
|
||||
if "oauth2_provider" in settings.INSTALLED_APPS:
|
||||
|
||||
@ -19,11 +19,11 @@ class IndexView(LoginRequiredMixin, RedirectView):
|
||||
user = self.request.user
|
||||
|
||||
# The account note will have the consumption page as default page
|
||||
if not PermissionBackend.check_perm(user, "auth.view_user", user):
|
||||
if not PermissionBackend.check_perm(self.request, "auth.view_user", user):
|
||||
return reverse("note:consos")
|
||||
|
||||
# People that can see the alias BDE are Kfet members
|
||||
if PermissionBackend.check_perm(user, "alias.view_alias", Alias.objects.get(name="BDE")):
|
||||
if PermissionBackend.check_perm(self.request, "alias.view_alias", Alias.objects.get(name="BDE")):
|
||||
return reverse("note:transfer")
|
||||
|
||||
# Non-Kfet members will don't see the transfer page, but their profile page
|
||||
|
||||
@ -4,14 +4,14 @@ django-bootstrap-datepicker-plus~=3.0.5
|
||||
django-cas-server~=1.2.0
|
||||
django-colorfield~=0.3.2
|
||||
django-crispy-forms~=1.7.2
|
||||
django-extensions~=2.1.4
|
||||
django-filter~=2.1.0
|
||||
django-extensions>=2.1.4
|
||||
django-filter~=2.1
|
||||
django-htcpcp-tea~=0.3.1
|
||||
django-mailer~=2.0.1
|
||||
django-oauth-toolkit~=1.3.3
|
||||
django-phonenumber-field~=5.0.0
|
||||
django-polymorphic~=2.0.3
|
||||
djangorestframework~=3.9.0
|
||||
django-polymorphic>=2.0.3,<3.0.0
|
||||
djangorestframework>=3.9.0,<3.13.0
|
||||
django-rest-polymorphic~=0.1.9
|
||||
django-tables2~=2.3.1
|
||||
python-memcached~=1.59
|
||||
|
||||
Reference in New Issue
Block a user