Forgot to import PermissionBackend

Add some security
Some corrections for report_frequency
2025-09-29 21:03:32 +02:00 · 2025-02-13 00:54:55 +01:00 · 2025-02-13 00:39:05 +01:00 · 2025-02-12 23:46:19 +01:00 · 2025-02-09 16:51:31 +01:00 · 2025-02-09 16:22:03 +01:00
6 changed files with 33 additions and 25 deletions
--- a/apps/activity/views.py
+++ b/apps/activity/views.py
@@ -329,7 +329,7 @@ class ActivityEntryView(LoginRequiredMixin, SingleTableMixin, TemplateView):
        context["noteuser_ctype"] = ContentType.objects.get_for_model(NoteUser).pk
        context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk
-        activities_open = Activity.objects.filter(open=True, activity_type__manage_entries=True).filter(
+        activities_open = Activity.objects.filter(open=True).filter(
            PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
        context["activities_open"] = [a for a in activities_open
                                      if PermissionBackend.check_perm(self.request,
--- a/apps/member/forms.py
+++ b/apps/member/forms.py
@@ -15,6 +15,7 @@ from django.utils.translation import gettext_lazy as _
 from note.models import NoteSpecial, Alias
 from note_kfet.inputs import Autocomplete, AmountInput
 from permission.models import PermissionMask, Role
 from permission.backends import PermissionBackend
 from PIL import Image, ImageSequence
 from .models import Profile, Club, Membership
@@ -44,10 +45,10 @@ class ProfileForm(forms.ModelForm):
    """
    A form for the extras field provided by the :model:`member.Profile` model.
    """
    # Remove widget=forms.HiddenInput() if you want to use report frequency.
    report_frequency = forms.IntegerField(required=False, initial=0, label=_("Report frequency"))
-    last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last report date"))
+    report_frequency = forms.IntegerField(required=False, initial=0, label=_("Statement frequency (in days)"))
    last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last statement date"))
    VSS_charter_read = forms.BooleanField(
        required=True,
@@ -67,6 +68,14 @@ class ProfileForm(forms.ModelForm):
        self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"})
        self.fields['promotion'].widget.attrs.update({"max": timezone.now().year})
    def clean(self):
        """Force the values of fields that the user does not have permission to modify.."""
        cleaned_data = super().clean()
        for field_name in self.fields.keys():
            if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", self.instance):
                cleaned_data[field_name] = getattr(self.instance, field_name)  # Force the old value
        return cleaned_data
    @transaction.atomic
    def save(self, commit=True):
        if not self.instance.section or (("department" in self.changed_data
--- a/apps/member/models.py
+++ b/apps/member/models.py
@@ -114,12 +114,12 @@ class Profile(models.Model):
    )
    report_frequency = models.PositiveSmallIntegerField(
-        verbose_name=_("report frequency (in days)"),
+        verbose_name=_("Statement frequency (in days)"),
        default=0,
    )
    last_report = models.DateTimeField(
-        verbose_name=_("last report date"),
+        verbose_name=_("Last statement date"),
        default=timezone.now,
    )
--- a/apps/member/views.py
+++ b/apps/member/views.py
@@ -75,21 +75,16 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
        profile_form = self.profile_form(instance=context['user_object'].profile,
                                         data=self.request.POST if self.request.POST else None)
        if not self.object.profile.report_frequency:
            del profile_form.fields["last_report"]
        fields_to_check = list(profile_form.fields.keys())
        fields_modifiable = False
        # Delete the fields for which the user does not have the permission to modify
        for field_name in fields_to_check:
            if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile):
                profile_form.fields[field_name].widget = forms.HiddenInput()
            else:
                fields_modifiable = True
        if fields_modifiable:
        context['profile_form'] = profile_form
        return context
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@@ -127,7 +127,7 @@
                "auth",
                "user"
            ],
-            "query": "[\"AND\", {\"pk\": [\"user\", \"pk\"]}, {\"memberships__club__parent_club__isnull\": true}]",
+            "query": "{\"pk\": [\"user\", \"pk\"]}",
            "type": "change",
            "mask": 1,
            "field": "last_login",
@@ -3885,15 +3885,19 @@
        "pk": 247,
        "fields": {
            "model": [
-                "activity",
+                "member",
-                "guest"
+                "profile"
            ],
-            "query": "{\"activity__organizer\": [\"club\"]}",
+            "query": "{}",
            "type": "view",
-            "mask": 2,
+            "mask": 3,
-            "field": "",
+            "field": [
                "ml_events_registration",
                "ml_art_registration",
                "ml_sport_registration"
            ],
            "permanent": false,
-            "description": "Voir les personnes invitées aux événements organisés par son club"
+            "description": "Voir les abonnements aux Newsletters de n'importe quel profil"
        }
    },
    {
--- a/locale/fr/LC_MESSAGES/django.po
+++ b/locale/fr/LC_MESSAGES/django.po
@@ -794,11 +794,11 @@ msgid "Permission mask"
 msgstr "Masque de permissions"
 #: apps/member/forms.py:46
-msgid "Report frequency"
+msgid "Statement frequency (in days)"
 msgstr "Fréquence des relevés (en jours)"
 #: apps/member/forms.py:48
-msgid "Last report date"
+msgid "Last statement date"
 msgstr "Date de dernier relevé"
 #: apps/member/forms.py:52
@@ -1044,12 +1044,12 @@ msgstr ""
 "artistiques sur le campus (1 mail par semaine)"
 #: apps/member/models.py:117
-msgid "report frequency (in days)"
+msgid "Statement frequency (in days)"
-msgstr "fréquence des relevés (en jours)"
+msgstr "Fréquence des relevés (en jours)"
 #: apps/member/models.py:122
-msgid "last report date"
+msgid "Last statement date"
-msgstr "date de dernier relevé"
+msgstr "Date de dernier relevé"
 #: apps/member/models.py:127
 msgid "email confirmed"
Author	SHA1	Message	Date
thomasl	238ba78f4f	Forgot to import PermissionBackend	2025-02-13 00:54:55 +01:00
thomasl	0ec771b5ee	Add some security	2025-02-13 00:39:05 +01:00
thomasl	c841fb6068	Some corrections for report_frequency	2025-02-12 23:46:19 +01:00
quark	f6649f155a	linters	2025-02-09 16:51:31 +01:00
thomasl	5707abf9e2	Update file views.py	2025-02-09 16:22:03 +01:00
thomasl	056c4029f8	Update file views.py	2025-02-09 16:19:26 +01:00
thomasl	bfd865b3e3	Update file views.py	2025-02-09 16:14:28 +01:00
thomasl	6ceb43cb66	Update file views.py	2025-02-09 16:07:30 +01:00
thomasl	9635004520	Update file views.py	2025-02-09 15:56:12 +01:00
thomasl	05e21ed229	Update file views.py	2025-02-09 15:51:05 +01:00
thomasl	b2ccc4aede	Update file views.py	2025-02-09 15:50:13 +01:00
thomasl	6229652dea	Update file views.py	2025-02-09 15:47:32 +01:00
thomasl	eee87dcf13	Update file views.py	2025-02-09 15:42:20 +01:00
thomasl	bcf21507e5	Update file views.py	2025-02-09 15:39:08 +01:00
thomasl	6127ced143	Update file views.py	2025-02-09 15:33:37 +01:00
thomasl	f63e5dcb5a	Update file views.py	2025-02-09 15:26:39 +01:00
thomasl	73aa0098bf	Update file views.py	2025-02-09 15:20:03 +01:00
thomasl	694a5c7bd8	Update file initial.json	2025-02-09 13:05:10 +01:00
thomasl	a4480258d7	Update file initial.json	2025-02-09 12:45:46 +01:00