klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2024-11-22 06:03:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Some permissions fixs and security for atomic vote

Browse Source
This commit is contained in:
Antoine Bartuccio 2016-12-26 23:30:13 +01:00
parent 729659e358
commit 2f2d5292de
4 changed files with 34 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
election/models.py
View File

@ -128,7 +128,7 @@ class Candidature(models.Model):
election_list = models.ForeignKey(ElectionList, related_name='candidatures', verbose_name=_('election list')) election_list = models.ForeignKey(ElectionList, related_name='candidatures', verbose_name=_('election list'))
def can_be_edited_by(self, user): def can_be_edited_by(self, user):
return (user == self.user) return (user == self.user) or user.can_edit(self.role.election)
def __str__(self): def __str__(self):
return "%s : %s" % (self.role.title, self.user.username) return "%s : %s" % (self.role.title, self.user.username)

2
election/templates/election/candidate_form.jinja
View File

@ -5,7 +5,7 @@
{% endblock %} {% endblock %}
{% block content %} {% block content %}
{%- if election.can_candidate(user) or user.can_edit(election) %} {%- if (election.can_candidate(user) and election.is_candidature_active) or (user.can_edit(election) and election.is_vote_editable) %}
<section class="election__add-candidature"> <section class="election__add-candidature">
<form action="{{ url('election:candidate', election_id=election.id) }}" method="post"> <form action="{{ url('election:candidate', election_id=election.id) }}" method="post">
{% csrf_token %} {% csrf_token %}

2
election/templates/election/election_detail.jinja
View File

@ -359,7 +359,7 @@ th {
</section> </section>
{%- endif %} {%- endif %}
<section class="election__add-elements"> <section class="election__add-elements">
{%- if election.can_candidate(user) or user.can_edit(election) %} {%- if (election.can_candidate(user) and election.is_candidature_active) or (user.can_edit(election) and election.is_vote_editable) %}
<a href="{{ url('election:candidate', election_id=object.id) }}">{% trans %}Candidate{% endtrans %}</a> <a href="{{ url('election:candidate', election_id=object.id) }}">{% trans %}Candidate{% endtrans %}</a>
{%- endif %} {%- endif %}
<a href="{{ url('election:create_list', election_id=object.id) }}">{% trans %}Add a new list{% endtrans %}</a> <a href="{{ url('election:create_list', election_id=object.id) }}">{% trans %}Add a new list{% endtrans %}</a>

44
election/views.py
View File

@ -5,6 +5,7 @@ from django.core.urlresolvers import reverse_lazy, reverse
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.forms.models import modelform_factory from django.forms.models import modelform_factory
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist, ImproperlyConfigured from django.core.exceptions import PermissionDenied, ObjectDoesNotExist, ImproperlyConfigured
from django.db import DataError, transaction
from django.forms import CheckboxSelectMultiple from django.forms import CheckboxSelectMultiple
from django.utils import timezone from django.utils import timezone
from django.conf import settings from django.conf import settings
@ -173,20 +174,21 @@ class VoteFormView(CanCreateMixin, FormView):
return super(VoteFormView, self).dispatch(request, *arg, **kwargs) return super(VoteFormView, self).dispatch(request, *arg, **kwargs)
def vote(self, election_data): def vote(self, election_data):
for role_title in election_data.keys(): with transaction.atomic():
# If we have a multiple choice field for role_title in election_data.keys():
if isinstance(election_data[role_title], QuerySet): # If we have a multiple choice field
if election_data[role_title].count() > 0: if isinstance(election_data[role_title], QuerySet):
vote = Vote(role=election_data[role_title].first().role) if election_data[role_title].count() > 0:
vote = Vote(role=election_data[role_title].first().role)
vote.save()
for el in election_data[role_title]:
vote.candidature.add(el)
# If we have a single choice
elif election_data[role_title] is not None:
vote = Vote(role=election_data[role_title].role)
vote.save() vote.save()
for el in election_data[role_title]: vote.candidature.add(election_data[role_title])
vote.candidature.add(el) self.election.voters.add(self.request.user)
# If we have a single choice
elif election_data[role_title] is not None:
vote = Vote(role=election_data[role_title].role)
vote.save()
vote.candidature.add(election_data[role_title])
self.election.voters.add(self.request.user)
def get_form_kwargs(self): def get_form_kwargs(self):
kwargs = super(VoteFormView, self).get_form_kwargs() kwargs = super(VoteFormView, self).get_form_kwargs()
@ -366,6 +368,22 @@ class ElectionUpdateView(CanEditMixin, UpdateView):
template_name = 'core/edit.jinja' template_name = 'core/edit.jinja'
pk_url_kwarg = 'election_id' pk_url_kwarg = 'election_id'
def get_initial(self):
init = {}
try:
init['start_date'] = self.object.start_date.strftime('%Y-%m-%d %H:%M:%S')
except:pass
try:
init['end_date'] = self.object.end_date.strftime('%Y-%m-%d %H:%M:%S')
except:pass
try:
init['start_candidature'] = self.object.start_candidature.strftime('%Y-%m-%d %H:%M:%S')
except:pass
try:
init['end_candidature'] = self.object.end_candidature.strftime('%Y-%m-%d %H:%M:%S')
except:pass
return init
def get_success_url(self, **kwargs): def get_success_url(self, **kwargs):
return reverse_lazy('election:detail', kwargs={'election_id': self.object.id}) return reverse_lazy('election:detail', kwargs={'election_id': self.object.id})