Treasurers can update any roles, not only the BDE-related

The note account must be active in order to have access to the Rest Framework API
A migration put the right role in the note account's memberships
2025-07-01 21:41:15 +02:00 · 2020-10-23 09:50:18 +02:00 · 2020-10-20 10:30:41 +02:00 · 2020-10-20 00:28:49 +02:00 · 2020-10-20 00:19:49 +02:00 · 2020-10-19 23:44:56 +02:00
10 changed files with 127 additions and 15 deletions
--- a/apps/member/migrations/0006_create_note_account_bde_membership.py
+++ b/apps/member/migrations/0006_create_note_account_bde_membership.py
@ -0,0 +1,50 @@
 import sys
 from django.db import migrations
 def give_note_account_permissions(apps, schema_editor):
    """
    Automatically manage the membership of the Note account.
    """
    User = apps.get_model("auth", "user")
    Membership = apps.get_model("member", "membership")
    Role = apps.get_model("permission", "role")
    note = User.objects.filter(username="note")
    if not note.exists():
        # We are in a test environment, don't log error message
        if len(sys.argv) > 1 and sys.argv[1] == 'test':
            return
        print("Warning: Note account was not found. The note account was not imported.")
        print("Make sure you have imported the NK15 database. The new import script handles correctly the permissions.")
        print("This migration will be ignored, you can re-run it if you forgot the note account or ignore it if you "
              "don't want this account.")
        return
    note = note.get()
    # Set for the two clubs a large expiration date and the correct role.
    for m in Membership.objects.filter(user_id=note.id).all():
        m.date_end = "3142-12-12"
        m.roles.set(Role.objects.filter(name="PC Kfet").all())
        m.save()
    # By default, the note account is only authorized to be logged from localhost.
    note.password = "ipbased$127.0.0.1"
    note.is_active = True
    note.save()
    # Ensure that the note of the account is disabled
    note.note.inactivity_reason = 'forced'
    note.note.is_active = False
    note.save()
 class Migration(migrations.Migration):
    dependencies = [
        ('member', '0005_remove_null_tag_on_charfields'),
        ('permission', '0001_initial'),
    ]
    operations = [
        migrations.RunPython(give_note_account_permissions),
    ]
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
@ -799,12 +799,12 @@
 				"member",
 				"membership"
 			],
-			"query": "{\"club\": [\"club\"]}",
+			"query": "{}",
 			"type": "change",
 			"mask": 3,
 			"field": "roles",
 			"permanent": false,
-			"description": "Modifier les rôles d'un adhérent d'un club"
+			"description": "Modifier les rôles d'une adhésion"
 		}
 	},
 	{
@ -2081,7 +2081,7 @@
 			],
 			"query": "{}",
 			"type": "change",
-			"mask": 1,
+			"mask": 2,
 			"field": "invalidity_reason",
 			"permanent": false,
 			"description": "Modifier la raison d'invalidité d'une transaction"
@ -3402,7 +3402,6 @@
 				135,
 				136,
 				137,
 				138,
 				139,
 				140,
 				143,
@ -3415,6 +3414,26 @@
 			]
 		}
 	},
 	{
 		"model": "permission.role",
 		"pk": 20,
 		"fields": {
 			"for_club": 2,
 			"name": "PC Kfet",
 			"permissions": [
 				6,
 				24,
 				25,
 				26,
 				27,
 				30,
 				150,
 				166,
 				167,
 				168
 			]
 		}
 	},
 	{
 		"model": "wei.weirole",
 		"pk": 12,
--- a/apps/registration/tables.py
+++ b/apps/registration/tables.py
@ -4,6 +4,8 @@
 import django_tables2 as tables
 from django.contrib.auth.models import User
 from treasury.models import SogeCredit
 class FutureUserTable(tables.Table):
    """
@ -21,6 +23,7 @@ class FutureUserTable(tables.Table):
        fields = ('last_name', 'first_name', 'username', 'email', )
        model = User
        row_attrs = {
-            'class': 'table-row',
+            'class': lambda record: 'table-row'
                                    + (' bg-warning' if SogeCredit.objects.filter(user=record).exists() else ''),
            'data-href': lambda record: record.pk
        }
--- a/apps/registration/views.py
+++ b/apps/registration/views.py
@ -235,7 +235,7 @@ class FutureUserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin,
        fee += 8000
        ctx["total_fee"] = "{:.02f}".format(fee / 100, )
-        ctx["declare_soge_account"] = True
+        ctx["declare_soge_account"] = SogeCredit.objects.filter(user=user).exists()
        return ctx
--- a/apps/scripts
+++ b/apps/scripts
--- a/apps/treasury/tables.py
+++ b/apps/treasury/tables.py
@ -147,4 +147,4 @@ class SogeCreditTable(tables.Table):
    class Meta:
        model = SogeCredit
-        fields = ('user', 'amount', 'valid', )
+        fields = ('user', 'user__last_name', 'user__first_name', 'amount', 'valid', )
--- a/apps/treasury/templates/treasury/sogecredit_detail.html
+++ b/apps/treasury/templates/treasury/sogecredit_detail.html
@ -11,8 +11,14 @@ SPDX-License-Identifier: GPL-3.0-or-later
    </div>
    <div class="card-body">
        <dl class="row">
-            <dt class="col-xl-6 text-right">{% trans 'user'|capfirst %}</dt>
+            <dt class="col-xl-6 text-right">{% trans 'last name'|capfirst %}</dt>
-            <dd class="col-xl-6"><a href="{% url 'member:user_detail' pk=object.user.pk %}">{{ object.user }}</a></dd>
+            <dd class="col-xl-6">{{ object.user.last_name }}</dd>
            <dt class="col-xl-6 text-right">{% trans 'first name'|capfirst %}</dt>
            <dd class="col-xl-6">{{ object.user.first_name }}</dd>
            <dt class="col-xl-6 text-right">{% trans 'username'|capfirst %}</dt>
            <dd class="col-xl-6"><a href="{% url 'member:user_detail' pk=object.user.pk %}">{{ object.user.username }}</a></dd>
            {% if "note.view_note_balance"|has_perm:object.user.note %}
            <dt class="col-xl-6 text-right">{% trans 'balance'|capfirst %}</dt>
--- a/note_kfet/middlewares.py
+++ b/note_kfet/middlewares.py
@ -2,12 +2,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 from django.conf import settings
 from django.contrib.auth import login
 from django.contrib.auth.models import AnonymousUser, User
 from django.contrib.sessions.backends.db import SessionStore
 from threading import local
 from django.contrib.sessions.backends.db import SessionStore
 USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
 SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
 IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
@ -78,6 +78,41 @@ class SessionMiddleware(object):
        return response
 class LoginByIPMiddleware(object):
    """
    Allow some users to be authenticated based on their IP address.
    For example, the "note" account should not be used elsewhere than the Kfet computer,
    and should not have any password.
    The password that is stored in database should be on the form "ipbased$my.public.ip.address".
    """
    def __init__(self, get_response):
        self.get_response = get_response
    def __call__(self, request):
        """
        If the user is not authenticated, get the used IP address
        and check if an user is authorized to be automatically logged with this address.
        If it is the case, the logging is performed with the full rights.
        """
        if not request.user.is_authenticated:
            if 'HTTP_X_REAL_IP' in request.META:
                ip = request.META.get('HTTP_X_REAL_IP')
            elif 'HTTP_X_FORWARDED_FOR' in request.META:
                ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
            else:
                ip = request.META.get('REMOTE_ADDR')
            qs = User.objects.filter(password=f"ipbased${ip}")
            if qs.exists():
                login(request, qs.get())
                session = request.session
                session["permission_mask"] = 42
                session.save()
        return self.get_response(request)
 class TurbolinksMiddleware(object):
    """
    Send the `Turbolinks-Location` header in response to a visit that was redirected,
--- a/note_kfet/settings/init.py
+++ b/note_kfet/settings/init.py
@ -49,9 +49,6 @@ try:
 except ImportError:
    pass
 if "logs" in INSTALLED_APPS:
    MIDDLEWARE += ('note_kfet.middlewares.SessionMiddleware',)
 if DEBUG:
    PASSWORD_HASHERS += ['member.hashers.DebugSuperuserBackdoor']
    if "debug_toolbar" in INSTALLED_APPS:
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@ -79,6 +79,8 @@ MIDDLEWARE = [
    'django.middleware.locale.LocaleMiddleware',
    'django.contrib.sites.middleware.CurrentSiteMiddleware',
    'django_htcpcp_tea.middleware.HTCPCPTeaMiddleware',
    'note_kfet.middlewares.SessionMiddleware',
    'note_kfet.middlewares.LoginByIPMiddleware',
    'note_kfet.middlewares.TurbolinksMiddleware',
 ]
Author	SHA1	Message	Date
Yohann D'ANELLO	91f784872c	Treasurers can update any roles, not only the BDE-related	2020-10-23 09:50:18 +02:00
Yohann D'ANELLO	58aa4983e3	The note account must be active in order to have access to the Rest Framework API	2020-10-20 10:30:41 +02:00
Yohann D'ANELLO	6cc3cf4174	A migration put the right role in the note account's memberships	2020-10-20 00:28:49 +02:00
Yohann D'ANELLO	2097e67321	Add permissions to PC Kfet	2020-10-20 00:19:49 +02:00
Yohann D'ANELLO	d773303d18	Add possibility to authenticate an account with its IP address	2020-10-19 23:44:56 +02:00
Yohann D'ANELLO	bf29efda0a	Display real user name in the Soge credits list/detail	2020-10-08 10:36:30 +02:00
Yohann D'ANELLO	3eced33082	Well, everyone doesn't want a secondary bank account	2020-10-07 17:43:28 +02:00
Yohann D'ANELLO	acb3fb4a91	Highlight future users that declared that they opened a bank account	2020-10-07 17:42:46 +02:00