[permission] Add PermissionVar model

Fix permission that allows users to create OAuth2 apps
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2025-06-21 09:58:23 +02:00 · 2022-10-10 19:37:51 +02:00 · 2022-08-29 11:21:45 +02:00
17 changed files with 423 additions and 221 deletions
--- a/apps/activity/fixtures/initial.json
+++ b/apps/activity/fixtures/initial.json
@ -6,7 +6,7 @@
            "name": "Pot",
            "manage_entries": true,
            "can_invite": true,
-            "guest_entry_fee": 1000
+            "guest_entry_fee": 500
        }
    },
    {
@ -28,25 +28,5 @@
            "can_invite": false,
            "guest_entry_fee": 0
        }
-    },
-    {
-        "model": "activity.activitytype",
-        "pk": 5,
-        "fields": {
-            "name": "Soir\u00e9e avec entrées",
-            "manage_entries": true,
-            "can_invite": false,
-            "guest_entry_fee": 0
-        }
-    },
-    {
-        "model": "activity.activitytype",
-        "pk": 7,
-        "fields": {
-            "name": "Soir\u00e9e avec invitations",
-            "manage_entries": true,
-            "can_invite": true,
-            "guest_entry_fee": 0
-        }
    }
 ]
--- a/apps/api/pagination.py
+++ b/apps/api/pagination.py
@ -1,5 +0,0 @@
-from rest_framework.pagination import PageNumberPagination
-
-class CustomPagination(PageNumberPagination):
-    page_size_query_param = 'page_size'
-
--- a/apps/note/static/note/js/consos.js
+++ b/apps/note/static/note/js/consos.js
@ -221,7 +221,7 @@ function consume (source, source_alias, dest, quantity, amount, reason, type, ca
    .done(function () {
      if (!isNaN(source.balance)) {
        const newBalance = source.balance - quantity * amount
-        if (newBalance <= -2000) {
+        if (newBalance <= -5000) {
          addMsg(interpolate(gettext('Warning, the transaction from the note %s succeed, ' +
              'but the emitter note %s is very negative.'), [source_alias, source_alias]), 'danger', 30000)
        } else if (newBalance < 0) {
--- a/apps/note/static/note/js/transfer.js
+++ b/apps/note/static/note/js/transfer.js
@ -314,7 +314,7 @@ $('#btn_transfer').click(function () {

          if (!isNaN(source.note.balance)) {
            const newBalance = source.note.balance - source.quantity * dest.quantity * amount
-            if (newBalance <= -2000) {
+            if (newBalance <= -5000) {
              addMsg(interpolate(gettext('Warning, the transaction of %s from the note %s to the note %s succeed, but the emitter note %s is very negative.'),
                  [pretty_money(source.quantity * dest.quantity * amount), source.name, dest.name, source.name]), 'danger', 10000)
              reset()
--- a/apps/permission/admin.py
+++ b/apps/permission/admin.py
@ -4,7 +4,7 @@
 from django.contrib import admin
 from note_kfet.admin import admin_site

-from .models import Permission, PermissionMask, Role
+from .models import Permission, PermissionVar, PermissionMask, Role


@admin.register(PermissionMask, site=admin_site)
@ -15,6 +15,14 @@ class PermissionMaskAdmin(admin.ModelAdmin):
    list_display = ('description', 'rank', )


+@admin.register(PermissionVar, site=admin_site)
+class PermissionVarAdmin(admin.ModelAdmin):
+    """
+    Admin customisation for PermissionVar
+    """
+    list_display = ('name', 'description',)
+
+
@admin.register(Permission, site=admin_site)
 class PermissionAdmin(admin.ModelAdmin):
    """
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
--- a/apps/permission/migrations/0002_club_not_required.py
+++ b/apps/permission/migrations/0002_club_not_required.py
@ -1,19 +0,0 @@
-# Generated by Django 2.2.28 on 2023-07-24 10:15
-
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('permission', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='role',
-            name='for_club',
-            field=models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.PROTECT, to='member.Club', verbose_name='for club'),
-        ),
-    ]
--- a/apps/permission/migrations/0002_permissionvar.py
+++ b/apps/permission/migrations/0002_permissionvar.py
@ -0,0 +1,22 @@
+# Generated by Django 2.2.28 on 2022-10-10 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('permission', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PermissionVar',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.SlugField(unique=True, verbose_name='name')),
+                ('query', models.TextField(verbose_name='query')),
+                ('description', models.CharField(blank=True, max_length=255, verbose_name='description')),
+            ],
+        ),
+    ]
--- a/apps/permission/models.py
+++ b/apps/permission/models.py
@ -118,6 +118,25 @@ class PermissionMask(models.Model):
        verbose_name_plural = _("permission masks")


+class PermissionVar(models.Model):
+
+    name = models.SlugField(
+        unique=True,
+        blank=False,
+        verbose_name=_("name"),
+    )
+
+    query = models.TextField(
+        verbose_name=_("query"),
+    )
+
+    description = models.CharField(
+        max_length=255,
+        blank=True,
+        verbose_name=_("description"),
+    )
+
+
 class Permission(models.Model):

    PERMISSION_TYPES = [
@ -139,6 +158,7 @@ class Permission(models.Model):
    #  query -> ["AND", query, …]            AND multiple queries
    #         | ["OR", query, …]             OR multiple queries
    #         | ["NOT", query]               Opposite of query
+    #         | ["VAR", query]               A var name as defined in PermissionVar
    #  query -> {key: value, …}              A list of fields and values of a Q object
    #  key   -> string                       A field name
    #  value -> int | string | bool | null   Literal values
@ -150,6 +170,7 @@ class Permission(models.Model):
    #         | ["MUL", oper, …]             Multiply F objects or literals
    #         | int | string | bool | null   Literal values
    #         | ["F", string]                A field
+    #         | ["VAR", string]              A var name as defined in PermissionVar
    #
    # Examples:
    #  Q(is_superuser=True)  := {"is_superuser": true}
@ -215,6 +236,8 @@ class Permission(models.Model):
                return functools.reduce(operator.mul, [Permission.compute_f(oper, **kwargs) for oper in oper[1:]])
            elif oper[0] == 'F':
                return F(oper[1])
+            elif oper[0] == 'VAR':
+                return compute_f(json.loads(PermissionVar.objects.get(name=oper[1]).query), **kwargs)
            else:
                field = kwargs[oper[0]]
                for i in range(1, len(oper)):
@ -289,6 +312,8 @@ class Permission(models.Model):
                return functools.reduce(operator.or_, [Permission._about(query, **kwargs) for query in query[1:]])
            elif query[0] == 'NOT':
                return ~Permission._about(query[1], **kwargs)
+            elif query[0] == 'VAR':
+                return Permission._about(json.loads(PermissionVar.objects.get(name=query[1]).query), **kwargs)
            else:
                return Q(pk=F("pk")) if Permission.compute_param(query, **kwargs) else ~Q(pk=F("pk"))
        elif isinstance(query, dict):
@ -339,7 +364,6 @@ class Role(models.Model):
        "member.Club",
        verbose_name=_("for club"),
        on_delete=models.PROTECT,
-        blank=True,
        null=True,
        default=None,
    )
--- a/apps/treasury/models.py
+++ b/apps/treasury/models.py
@ -310,8 +310,8 @@ class SogeCredit(models.Model):
        amount = sum(transaction.total for transaction in self.transactions.all())
        if 'wei' in settings.INSTALLED_APPS:
            from wei.models import WEIMembership
-            if not WEIMembership.objects\
-                    .filter(club__weiclub__year=self.credit_transaction.created_at.year, user=self.user).exists():
+            if not WEIMembership.objects.filter(club__weiclub__year=datetime.date.today().year, user=self.user)\
+                    .exists():
                # 80 € for people that don't go to WEI
                amount += 8000
        return amount
@ -329,18 +329,17 @@ class SogeCredit(models.Model):
        bde_qs = Membership.objects.filter(user=self.user, club=bde, date_start__gte=bde.membership_start)
        kfet_qs = Membership.objects.filter(user=self.user, club=kfet, date_start__gte=kfet.membership_start)

-## Soge do not pay BDE and kfet memberships this year (2022-2023)
-#        if bde_qs.exists():
-#            m = bde_qs.get()
-#            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
-#                if m.transaction not in self.transactions.all():
-#                    self.transactions.add(m.transaction)
-#
-#        if kfet_qs.exists():
-#            m = kfet_qs.get()
-#            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
-#                if m.transaction not in self.transactions.all():
-#                    self.transactions.add(m.transaction)
+        if bde_qs.exists():
+            m = bde_qs.get()
+            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
+                if m.transaction not in self.transactions.all():
+                    self.transactions.add(m.transaction)
+
+        if kfet_qs.exists():
+            m = kfet_qs.get()
+            if MembershipTransaction.objects.filter(membership=m).exists():  # non-free membership
+                if m.transaction not in self.transactions.all():
+                    self.transactions.add(m.transaction)

        if 'wei' in settings.INSTALLED_APPS:
            from wei.models import WEIClub
--- a/apps/treasury/views.py
+++ b/apps/treasury/views.py
@ -108,7 +108,7 @@ class InvoiceListView(LoginRequiredMixin, SingleTableView):
            name="",
            address="",
        )
-        if not PermissionBackend.check_perm(self.request, "treasury.view_invoice", sample_invoice):
+        if not PermissionBackend.check_perm(self.request, "treasury.add_invoice", sample_invoice):
            raise PermissionDenied(_("You are not able to see the treasury interface."))
        return super().dispatch(request, *args, **kwargs)

--- a/apps/wei/forms/surveys/wei2022.py
+++ b/apps/wei/forms/surveys/wei2022.py
@ -14,17 +14,14 @@ from .base import WEISurvey, WEISurveyInformation, WEISurveyAlgorithm, WEIBusInf
 from ...models import WEIMembership

 WORDS = [
-	'ABBA', 'After', 'Alcoolique anonyme', 'Ambiance festive', 'Années 2000', 'Apéro', 'Art',
-	'Baby foot billard biere pong', 'BBQ', 'Before', 'Bière pong', 'Bon enfant', 'Calme', 'Canapé',
-	'Chanson paillarde', 'Chanson populaire', 'Chartreuse', 'Cheerleader', 'Chill', 'Choré',
-	'Cinéma', 'Cocktail', 'Comédie musicle', 'Commercial', 'Copaing', 'Danse', 'Dancefloor',
-	'Electro', 'Fanfare', 'Gin tonic', 'Inclusif', 'Jazz', "Jeux d'alcool", 'Jeux de carte',
-	'Jeux de rôle', 'Jeux de société', 'JUL', 'Jus de fruit', 'Kfet', 'Kleptomanie assurée',
-	'LGBTQ+', 'Livre', 'Morning beer', 'Musique', 'NAPS', 'Paillettes', 'Pastis', 'Paté Hénaff',
-	'Peluche', 'Pena baiona', "Peu d'alcool", 'Pilier de bar', 'PMU', 'Poulpe', 'Punch', 'Rap',
-	'Réveil', 'Rock', 'Rugby', 'Sandwich', 'Serge', 'Shot', 'Sociable', 'Spectacle', 'Techno',
-	'Techno house', 'Thérapie Taxi', 'Tradition kchanaises', 'Troisième mi-temps', 'Turn up',
-	'Vodka', 'Vodka pomme', 'Volley', 'Vomi stratégique'
+    '13 organisé', '3ième mi temps', 'Années 2000', 'Apéro', 'BBQ', 'BP', 'Beauf', 'Binge drinking', 'Bon enfant',
+    'Cartouche', 'Catacombes', 'Chansons paillardes', 'Chansons populaires', 'Chanteur', 'Chartreuse', 'Chill',
+    'Core', 'DJ', 'Dancefloor', 'Danse', 'David Guetta', 'Disco', 'Eau de vie', 'Électro', 'Escalade', 'Familial',
+    'Fanfare', 'Fracassage', 'Féria', 'Hard rock', 'Hoeggarden', 'House', 'Huit-six', 'IPA', 'Inclusif', 'Inferno',
+    'Introverti', 'Jager bomb', 'Jazz', 'Jeux d\'alcool', 'Jeux de rôles', 'Jeux vidéo', 'Jul', 'Jus de fruit',
+    'Karaoké', 'LGBTQI+', 'Lady Gaga', 'Loup garou', 'Morning beer', 'Métal', 'Nuit blanche', 'Ovalie', 'Psychedelic',
+    'Pétanque', 'Rave', 'Reggae', 'Rhum', 'Ricard', 'Rock', 'Rosé', 'Rétro', 'Séducteur', 'Techno', 'Thérapie taxi',
+    'Théâtre', 'Trap', 'Turn up', 'Underground', 'Volley', 'Wati B', 'Zinédine Zidane',
 ]


--- a/docs/apps/permission.rst
+++ b/docs/apps/permission.rst
@ -118,13 +118,13 @@ Exemples
         {"F": [
           "ADD",
           ["F", "source__balance"],
-           2000]
+           5000]
         }
       }
    ]

-  | si la destination est la note du club dont on est membre et si le montant est inférieur au solde de la source + 20 €,
-    autrement dit le solde final est au-dessus de -20 €.
+  | si la destination est la note du club dont on est membre et si le montant est inférieur au solde de la source + 50 €,
+    autrement dit le solde final est au-dessus de -50 €.


 Masques de permissions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -83,6 +83,13 @@ Je suis trésorier d'un club, qu'ai-je le droit de faire ?
   bien sûr permis pour faciliter des transferts. Tout abus de droits constaté
   pourra mener à des sanctions prises par le bureau du BDE.

+.. warning::
+   Une fonctionnalité pour permettre de gérer plus proprement les remboursements
+   entre amis est en cours de développement. Temporairement et pour des raisons
+   de confort, les trésoriers de clubs ont le droit de prélever n'importe quelle
+   adhérente vers n'importe quelle autre note adhérente, tant que la source ne
+   descend pas sous ``- 50 €``. Ces droits seront retirés d'ici quelques semaines.
+

 Je suis trésorier d'un club, je n'arrive pas à voir le solde du club / faire des transactions
 ---------------------------------------------------------------------------------------------------
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@ -252,7 +252,7 @@ REST_FRAMEWORK = {
        'rest_framework.authentication.TokenAuthentication',
        'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
    ],
-    'DEFAULT_PAGINATION_CLASS': 'apps.api.pagination.CustomPagination',
+    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 20,
 }

--- a/note_kfet/static/js/base.js
+++ b/note_kfet/static/js/base.js
@ -96,7 +96,7 @@ function displayStyle (note) {
  if (!note) { return '' }
  const balance = note.balance
  var css = ''
-  if (balance < -2000) { css += ' text-danger bg-dark' } 
+  if (balance < -5000) { css += ' text-danger bg-dark' } 
  else if (balance < -1000) { css += ' text-danger' } 
  else if (balance < 0) { css += ' text-warning' }
  if (!note.email_confirmed) { css += ' bg-primary' }
--- a/note_kfet/templates/registration/signup.html
+++ b/note_kfet/templates/registration/signup.html
@ -23,11 +23,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
            {% csrf_token %}
            {{ form|crispy }}
            {{ profile_form|crispy }}
-            {% comment "Soge not for membership (only WEI)" %} {{ soge_form|crispy }} {% endcomment %}
+            {{ soge_form|crispy }}
            <button class="btn btn-success" type="submit">
                {% trans "Sign up" %}
            </button>
        </form>
    </div>
 </div>
-{% endblock %}
+{% endblock %}
Author	SHA1	Message	Date
Benjamin Graillot	17be896a99	[permission] Add PermissionVar model	2022-10-10 19:37:51 +02:00
Yohann D'ANELLO	a69573ccdb	Fix permission that allows users to create OAuth2 apps Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>	2022-08-29 11:21:45 +02:00