From b3c2c7997555c22b8b2bcd31f6b18a916ee938e3 Mon Sep 17 00:00:00 2001 From: Krophil Date: Sun, 5 Feb 2017 15:22:52 +0100 Subject: [PATCH 01/14] small fix in canViewList --- core/views/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/views/__init__.py b/core/views/__init__.py index eaa08760..12c45c11 100644 --- a/core/views/__init__.py +++ b/core/views/__init__.py @@ -4,6 +4,7 @@ from django.shortcuts import render from django.http import HttpResponseForbidden, HttpResponseNotFound from django.core.exceptions import PermissionDenied, ObjectDoesNotExist, ImproperlyConfigured from django.views.generic.base import View +from django.db.models import Count from core.models import Group from core.views.forms import LoginForm @@ -110,7 +111,7 @@ class CanViewMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_view(o, request.user)] - if not l_id: + if ((not l_id) and self.get_queryset().count() != 0): raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): From 346e07f0a85295a3196b7bb0525431872570bbdd Mon Sep 17 00:00:00 2001 From: Krophil Date: Sun, 5 Feb 2017 15:50:42 +0100 Subject: [PATCH 02/14] fix permission for companies --- accounting/models.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/accounting/models.py b/accounting/models.py index 7338e907..8b0be338 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -45,6 +45,32 @@ class Company(models.Model): class Meta: verbose_name = _("company") + def is_owned_by(self, user): + """ + Method to see if that object can be edited by the given user + """ + if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): + return True + return False + + def can_be_edited_by(self, user): + """ + Method to see if that object can be edited by the given user + """ + for club in user.memberships.filter(end_date=None).all(): + if club and club.role == 7: + return True + return False + + def can_be_viewed_by(self, user): + """ + Method to see if that object can be viewed by the given user + """ + for club in user.memberships.filter(end_date=None).all(): + if club and club.role >= 7: + return True + return False + def get_absolute_url(self): return reverse('accounting:co_edit', kwargs={'co_id': self.id}) From c19e2d1cb08851b82d307d352783b281958d77ac Mon Sep 17 00:00:00 2001 From: Krophil Date: Sun, 5 Feb 2017 17:26:04 +0100 Subject: [PATCH 03/14] Several modifications in accounting --- accounting/models.py | 2 +- .../templates/accounting/bank_account_details.jinja | 3 ++- .../templates/accounting/club_account_details.jinja | 8 +++++++- accounting/templates/accounting/journal_details.jinja | 2 ++ accounting/templates/accounting/label_list.jinja | 7 ++++++- accounting/urls.py | 1 + accounting/views.py | 9 +++++++++ 7 files changed, 28 insertions(+), 4 deletions(-) diff --git a/accounting/models.py b/accounting/models.py index 8b0be338..6dbf56d8 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -218,7 +218,7 @@ class Operation(models.Model): journal = models.ForeignKey(GeneralJournal, related_name="operations", null=False, verbose_name=_("journal")) amount = CurrencyField(_('amount')) date = models.DateField(_('date')) - remark = models.CharField(_('comment'), max_length=128) + remark = models.CharField(_('comment'), max_length=128, default="", null=True, blank=True) mode = models.CharField(_('payment method'), max_length=255, choices=settings.SITH_ACCOUNTING_PAYMENT_METHOD) cheque_number = models.CharField(_('cheque number'), max_length=32, default="", null=True, blank=True) invoice = models.ForeignKey(SithFile, related_name='operations', verbose_name=_("invoice"), null=True, blank=True) diff --git a/accounting/templates/accounting/bank_account_details.jinja b/accounting/templates/accounting/bank_account_details.jinja index 076d2753..95981b1b 100644 --- a/accounting/templates/accounting/bank_account_details.jinja +++ b/accounting/templates/accounting/bank_account_details.jinja @@ -11,7 +11,7 @@

{% trans %}Bank account: {% endtrans %}{{ object.name }}

- {% if user.is_root and not object.club_accounts.exists() %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and not object.club_accounts.exists() %} {% trans %}Delete{% endtrans %} {% endif %}

{% trans %}Infos{% endtrans %}

@@ -24,6 +24,7 @@ {% for c in object.club_accounts.all() %}
  • {{ c }} - {% trans %}Edit{% endtrans %} + - {% trans %}Delete{% endtrans %}
    • {% endfor %} diff --git a/accounting/templates/accounting/club_account_details.jinja b/accounting/templates/accounting/club_account_details.jinja index 333e3081..2b606a5f 100644 --- a/accounting/templates/accounting/club_account_details.jinja +++ b/accounting/templates/accounting/club_account_details.jinja @@ -15,7 +15,9 @@ {% if user.is_root and not object.journals.exists() %} {% trans %}Delete{% endtrans %} {% endif %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}

    {% trans %}New label{% endtrans %}

    + {% endif %}

    {% trans %}Label list{% endtrans %}

    {% if not object.has_open_journal() %}

    {% trans %}New journal{% endtrans %}

    @@ -52,7 +54,11 @@ {% trans %}No{% endtrans %} {% endif %} {% trans %}View{% endtrans %} - {% trans %}Edit{% endtrans %} + {% trans %}Edit{% endtrans %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %} + {% trans %}Delete{% endtrans %} + {% endif %} + {% endfor %} diff --git a/accounting/templates/accounting/journal_details.jinja b/accounting/templates/accounting/journal_details.jinja index e38dfe7d..6884884d 100644 --- a/accounting/templates/accounting/journal_details.jinja +++ b/accounting/templates/accounting/journal_details.jinja @@ -78,9 +78,11 @@ - {% endif %} + {% if o.journal.club_account.bank_account.name != "AE TI" and journal.club_account.bank_account.name != "TI" or user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %} {% if not o.journal.closed %} {% trans %}Edit{% endtrans %} {% endif %} + {% endif %} {% trans %}Generate{% endtrans %} diff --git a/accounting/templates/accounting/label_list.jinja b/accounting/templates/accounting/label_list.jinja index 9d35701b..9841fba6 100644 --- a/accounting/templates/accounting/label_list.jinja +++ b/accounting/templates/accounting/label_list.jinja @@ -12,13 +12,18 @@

    {% trans %}Back to club account{% endtrans %}

    + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}

    {% trans %}New label{% endtrans %}

    + {% endif %} {% if object.labels.all() %}

    {% trans %}Label list{% endtrans %}

    diff --git a/accounting/urls.py b/accounting/urls.py index 3255cb9d..2a3727fa 100644 --- a/accounting/urls.py +++ b/accounting/urls.py @@ -26,6 +26,7 @@ urlpatterns = [ url(r'^journal/create$', JournalCreateView.as_view(), name='journal_new'), url(r'^journal/(?P[0-9]+)$', JournalDetailView.as_view(), name='journal_details'), url(r'^journal/(?P[0-9]+)/edit$', JournalEditView.as_view(), name='journal_edit'), + url(r'^journal/(?P[0-9]+)/delete$', JournalDeleteView.as_view(), name='journal_delete'), url(r'^journal/(?P[0-9]+)/statement/nature$', JournalNatureStatementView.as_view(), name='journal_nature_statement'), url(r'^journal/(?P[0-9]+)/statement/person$', JournalPersonStatementView.as_view(), name='journal_person_statement'), url(r'^journal/(?P[0-9]+)/statement/accounting$', JournalAccountingStatementView.as_view(), name='journal_accounting_statement'), diff --git a/accounting/views.py b/accounting/views.py index c50b1f6b..8ea2c3c1 100644 --- a/accounting/views.py +++ b/accounting/views.py @@ -230,6 +230,15 @@ class JournalEditView(CanEditMixin, UpdateView): fields = ['name', 'start_date', 'end_date', 'club_account', 'closed'] template_name = 'core/edit.jinja' +class JournalDeleteView(CanEditPropMixin, DeleteView): + """ + Delete a club account (for the admins) + """ + model = GeneralJournal + pk_url_kwarg = "j_id" + template_name = 'core/delete_confirm.jinja' + success_url = reverse_lazy('accounting:club_details') + # Operation views From 92bc6cf96fd820cf230acebebab6c694662e8c96 Mon Sep 17 00:00:00 2001 From: klmp200 Date: Mon, 6 Feb 2017 16:50:11 +0100 Subject: [PATCH 04/14] Better club roles in settings --- sith/settings.py | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/sith/settings.py b/sith/settings.py index 24b0ea62..472e464a 100644 --- a/sith/settings.py +++ b/sith/settings.py @@ -423,17 +423,22 @@ SITH_SUBSCRIPTIONS = { # To be completed.... } -SITH_CLUB_ROLES = { - 10: _('President'), - 9: _('Vice-President'), - 7: _('Treasurer'), - 5: _('Communication supervisor'), - 4: _('Secretary'), - 3: _('IT supervisor'), - 2: _('Board member'), - 1: _('Active member'), - 0: _('Curious'), - } +SITH_CLUB_ROLES = {} + +SITH_CLUB_ROLES_ID = { + 'President': 10, + 'Vice-President': 9, + 'Treasurer': 7, + 'Communication supervisor': 5, + 'Secretary': 4, + 'IT supervisor': 3, + 'Board member': 2, + 'Active member': 1, + 'Curious': 0, +} + +for role in SITH_CLUB_ROLES_ID: + SITH_CLUB_ROLES[SITH_CLUB_ROLES_ID[role]] = _(role) # This corresponds to the maximum role a user can freely subscribe to # In this case, SITH_MAXIMUM_FREE_ROLE=1 means that a user can set himself as "Membre actif" or "Curieux", but not higher From 9152688efd997bcbd2495f81be2ad20b6a3dd018 Mon Sep 17 00:00:00 2001 From: Krophil Date: Mon, 6 Feb 2017 22:18:44 +0100 Subject: [PATCH 05/14] adaptations for settings and deletion checked --- accounting/models.py | 12 ++++++------ .../templates/accounting/bank_account_details.jinja | 2 ++ .../templates/accounting/club_account_details.jinja | 2 +- core/views/__init__.py | 6 +++--- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/accounting/models.py b/accounting/models.py index 6dbf56d8..7371bff0 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -58,7 +58,7 @@ class Company(models.Model): Method to see if that object can be edited by the given user """ for club in user.memberships.filter(end_date=None).all(): - if club and club.role == 7: + if club and club.role == settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -67,7 +67,7 @@ class Company(models.Model): Method to see if that object can be viewed by the given user """ for club in user.memberships.filter(end_date=None).all(): - if club and club.role >= 7: + if club and club.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -97,7 +97,7 @@ class BankAccount(models.Model): if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): return True m = self.club.get_membership_for(user) - if m is not None and m.role >= 7: + if m is not None and m.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -129,7 +129,7 @@ class ClubAccount(models.Model): Method to see if that object can be edited by the given user """ m = self.club.get_membership_for(user) - if m and m.role == 7: + if m and m.role == settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -138,7 +138,7 @@ class ClubAccount(models.Model): Method to see if that object can be viewed by the given user """ m = self.club.get_membership_for(user) - if m and m.role >= 7: + if m and m.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -218,7 +218,7 @@ class Operation(models.Model): journal = models.ForeignKey(GeneralJournal, related_name="operations", null=False, verbose_name=_("journal")) amount = CurrencyField(_('amount')) date = models.DateField(_('date')) - remark = models.CharField(_('comment'), max_length=128, default="", null=True, blank=True) + remark = models.CharField(_('comment'), max_length=128, null=True, blank=True) mode = models.CharField(_('payment method'), max_length=255, choices=settings.SITH_ACCOUNTING_PAYMENT_METHOD) cheque_number = models.CharField(_('cheque number'), max_length=32, default="", null=True, blank=True) invoice = models.ForeignKey(SithFile, related_name='operations', verbose_name=_("invoice"), null=True, blank=True) diff --git a/accounting/templates/accounting/bank_account_details.jinja b/accounting/templates/accounting/bank_account_details.jinja index 95981b1b..cd968322 100644 --- a/accounting/templates/accounting/bank_account_details.jinja +++ b/accounting/templates/accounting/bank_account_details.jinja @@ -24,7 +24,9 @@ {% for c in object.club_accounts.all() %}
  • {{ c }} - {% trans %}Edit{% endtrans %} + {% if c.journals.count() == 0 %} - {% trans %}Delete{% endtrans %} + {% endif %}
    • {% endfor %} diff --git a/accounting/templates/accounting/club_account_details.jinja b/accounting/templates/accounting/club_account_details.jinja index 2b606a5f..08f22c2d 100644 --- a/accounting/templates/accounting/club_account_details.jinja +++ b/accounting/templates/accounting/club_account_details.jinja @@ -55,7 +55,7 @@ {% endif %} {% trans %}View{% endtrans %} {% trans %}Edit{% endtrans %} - {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and j.operations.count() == 0 %} {% trans %}Delete{% endtrans %} {% endif %} diff --git a/core/views/__init__.py b/core/views/__init__.py index 12c45c11..c0a613bc 100644 --- a/core/views/__init__.py +++ b/core/views/__init__.py @@ -67,7 +67,7 @@ class CanEditPropMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_edit_prop(o, request.user)] - if not l_id: + if not l_id and self.get_queryset().count() != 0: raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): @@ -89,7 +89,7 @@ class CanEditMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_edit(o, request.user)] - if not l_id: + if not l_id and self.get_queryset().count() != 0: raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): @@ -111,7 +111,7 @@ class CanViewMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_view(o, request.user)] - if ((not l_id) and self.get_queryset().count() != 0): + if not l_id and self.get_queryset().count() != 0: raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): From ebe76c83c7d546425d302cc5b92e2ec3886c5bca Mon Sep 17 00:00:00 2001 From: Krophil Date: Mon, 27 Feb 2017 01:09:50 +0100 Subject: [PATCH 06/14] fix permissions --- accounting/models.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/accounting/models.py b/accounting/models.py index 7371bff0..f4ea5c73 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -187,6 +187,16 @@ class GeneralJournal(models.Model): return True return False + def can_be_edited_by(self, user): + """ + Method to see if that object can be edited by the given user + """ + if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): + return True + if self.club_account.can_be_edited_by(user): + return True + return False + def can_be_viewed_by(self, user): return self.club_account.can_be_edited_by(user) @@ -291,7 +301,7 @@ class Operation(models.Model): if self.journal.closed: return False m = self.journal.club_account.club.get_membership_for(user) - if m is not None and m.role >= 7: + if m is not None and m.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -299,7 +309,12 @@ class Operation(models.Model): """ Method to see if that object can be edited by the given user """ - if self.is_owned_by(user): + if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): + return True + if self.journal.closed: + return False + m = self.journal.club_account.club.get_membership_for(user) + if m is not None and m.role == settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False From 554929b4ec0cbc37fe4f90675e74b90f3644d8d9 Mon Sep 17 00:00:00 2001 From: Krophil Date: Sun, 5 Feb 2017 15:22:52 +0100 Subject: [PATCH 07/14] small fix in canViewList --- core/views/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/views/__init__.py b/core/views/__init__.py index eaa08760..12c45c11 100644 --- a/core/views/__init__.py +++ b/core/views/__init__.py @@ -4,6 +4,7 @@ from django.shortcuts import render from django.http import HttpResponseForbidden, HttpResponseNotFound from django.core.exceptions import PermissionDenied, ObjectDoesNotExist, ImproperlyConfigured from django.views.generic.base import View +from django.db.models import Count from core.models import Group from core.views.forms import LoginForm @@ -110,7 +111,7 @@ class CanViewMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_view(o, request.user)] - if not l_id: + if ((not l_id) and self.get_queryset().count() != 0): raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): From 8133db804ef9fc678d74e1b5937b34071c55c4c2 Mon Sep 17 00:00:00 2001 From: Krophil Date: Sun, 5 Feb 2017 15:50:42 +0100 Subject: [PATCH 08/14] fix permission for companies --- accounting/models.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/accounting/models.py b/accounting/models.py index 7338e907..8b0be338 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -45,6 +45,32 @@ class Company(models.Model): class Meta: verbose_name = _("company") + def is_owned_by(self, user): + """ + Method to see if that object can be edited by the given user + """ + if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): + return True + return False + + def can_be_edited_by(self, user): + """ + Method to see if that object can be edited by the given user + """ + for club in user.memberships.filter(end_date=None).all(): + if club and club.role == 7: + return True + return False + + def can_be_viewed_by(self, user): + """ + Method to see if that object can be viewed by the given user + """ + for club in user.memberships.filter(end_date=None).all(): + if club and club.role >= 7: + return True + return False + def get_absolute_url(self): return reverse('accounting:co_edit', kwargs={'co_id': self.id}) From 1acac17d7ec7c8e7dabf9adc2ad75a42c4beccee Mon Sep 17 00:00:00 2001 From: Krophil Date: Sun, 5 Feb 2017 17:26:04 +0100 Subject: [PATCH 09/14] Several modifications in accounting --- accounting/models.py | 2 +- .../templates/accounting/bank_account_details.jinja | 3 ++- .../templates/accounting/club_account_details.jinja | 8 +++++++- accounting/templates/accounting/journal_details.jinja | 2 ++ accounting/templates/accounting/label_list.jinja | 7 ++++++- accounting/urls.py | 1 + accounting/views.py | 9 +++++++++ 7 files changed, 28 insertions(+), 4 deletions(-) diff --git a/accounting/models.py b/accounting/models.py index 8b0be338..6dbf56d8 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -218,7 +218,7 @@ class Operation(models.Model): journal = models.ForeignKey(GeneralJournal, related_name="operations", null=False, verbose_name=_("journal")) amount = CurrencyField(_('amount')) date = models.DateField(_('date')) - remark = models.CharField(_('comment'), max_length=128) + remark = models.CharField(_('comment'), max_length=128, default="", null=True, blank=True) mode = models.CharField(_('payment method'), max_length=255, choices=settings.SITH_ACCOUNTING_PAYMENT_METHOD) cheque_number = models.CharField(_('cheque number'), max_length=32, default="", null=True, blank=True) invoice = models.ForeignKey(SithFile, related_name='operations', verbose_name=_("invoice"), null=True, blank=True) diff --git a/accounting/templates/accounting/bank_account_details.jinja b/accounting/templates/accounting/bank_account_details.jinja index 076d2753..95981b1b 100644 --- a/accounting/templates/accounting/bank_account_details.jinja +++ b/accounting/templates/accounting/bank_account_details.jinja @@ -11,7 +11,7 @@

    {% trans %}Bank account: {% endtrans %}{{ object.name }}

    - {% if user.is_root and not object.club_accounts.exists() %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and not object.club_accounts.exists() %} {% trans %}Delete{% endtrans %} {% endif %}

    {% trans %}Infos{% endtrans %}

    @@ -24,6 +24,7 @@ {% for c in object.club_accounts.all() %}
  • {{ c }} - {% trans %}Edit{% endtrans %} + - {% trans %}Delete{% endtrans %}
    • {% endfor %} diff --git a/accounting/templates/accounting/club_account_details.jinja b/accounting/templates/accounting/club_account_details.jinja index 333e3081..2b606a5f 100644 --- a/accounting/templates/accounting/club_account_details.jinja +++ b/accounting/templates/accounting/club_account_details.jinja @@ -15,7 +15,9 @@ {% if user.is_root and not object.journals.exists() %} {% trans %}Delete{% endtrans %} {% endif %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}

    {% trans %}New label{% endtrans %}

    + {% endif %}

    {% trans %}Label list{% endtrans %}

    {% if not object.has_open_journal() %}

    {% trans %}New journal{% endtrans %}

    @@ -52,7 +54,11 @@ {% trans %}No{% endtrans %} {% endif %} {% trans %}View{% endtrans %} - {% trans %}Edit{% endtrans %} + {% trans %}Edit{% endtrans %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %} + {% trans %}Delete{% endtrans %} + {% endif %} + {% endfor %} diff --git a/accounting/templates/accounting/journal_details.jinja b/accounting/templates/accounting/journal_details.jinja index e38dfe7d..6884884d 100644 --- a/accounting/templates/accounting/journal_details.jinja +++ b/accounting/templates/accounting/journal_details.jinja @@ -78,9 +78,11 @@ - {% endif %} + {% if o.journal.club_account.bank_account.name != "AE TI" and journal.club_account.bank_account.name != "TI" or user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %} {% if not o.journal.closed %} {% trans %}Edit{% endtrans %} {% endif %} + {% endif %} {% trans %}Generate{% endtrans %} diff --git a/accounting/templates/accounting/label_list.jinja b/accounting/templates/accounting/label_list.jinja index 9d35701b..9841fba6 100644 --- a/accounting/templates/accounting/label_list.jinja +++ b/accounting/templates/accounting/label_list.jinja @@ -12,13 +12,18 @@

    {% trans %}Back to club account{% endtrans %}

    + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %}

    {% trans %}New label{% endtrans %}

    + {% endif %} {% if object.labels.all() %}

    {% trans %}Label list{% endtrans %}

    diff --git a/accounting/urls.py b/accounting/urls.py index 3255cb9d..2a3727fa 100644 --- a/accounting/urls.py +++ b/accounting/urls.py @@ -26,6 +26,7 @@ urlpatterns = [ url(r'^journal/create$', JournalCreateView.as_view(), name='journal_new'), url(r'^journal/(?P[0-9]+)$', JournalDetailView.as_view(), name='journal_details'), url(r'^journal/(?P[0-9]+)/edit$', JournalEditView.as_view(), name='journal_edit'), + url(r'^journal/(?P[0-9]+)/delete$', JournalDeleteView.as_view(), name='journal_delete'), url(r'^journal/(?P[0-9]+)/statement/nature$', JournalNatureStatementView.as_view(), name='journal_nature_statement'), url(r'^journal/(?P[0-9]+)/statement/person$', JournalPersonStatementView.as_view(), name='journal_person_statement'), url(r'^journal/(?P[0-9]+)/statement/accounting$', JournalAccountingStatementView.as_view(), name='journal_accounting_statement'), diff --git a/accounting/views.py b/accounting/views.py index c50b1f6b..8ea2c3c1 100644 --- a/accounting/views.py +++ b/accounting/views.py @@ -230,6 +230,15 @@ class JournalEditView(CanEditMixin, UpdateView): fields = ['name', 'start_date', 'end_date', 'club_account', 'closed'] template_name = 'core/edit.jinja' +class JournalDeleteView(CanEditPropMixin, DeleteView): + """ + Delete a club account (for the admins) + """ + model = GeneralJournal + pk_url_kwarg = "j_id" + template_name = 'core/delete_confirm.jinja' + success_url = reverse_lazy('accounting:club_details') + # Operation views From 6c8671c160360863eac073db9463bfe54aa448bc Mon Sep 17 00:00:00 2001 From: klmp200 Date: Mon, 6 Feb 2017 16:50:11 +0100 Subject: [PATCH 10/14] Better club roles in settings --- sith/settings.py | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/sith/settings.py b/sith/settings.py index 24b0ea62..472e464a 100644 --- a/sith/settings.py +++ b/sith/settings.py @@ -423,17 +423,22 @@ SITH_SUBSCRIPTIONS = { # To be completed.... } -SITH_CLUB_ROLES = { - 10: _('President'), - 9: _('Vice-President'), - 7: _('Treasurer'), - 5: _('Communication supervisor'), - 4: _('Secretary'), - 3: _('IT supervisor'), - 2: _('Board member'), - 1: _('Active member'), - 0: _('Curious'), - } +SITH_CLUB_ROLES = {} + +SITH_CLUB_ROLES_ID = { + 'President': 10, + 'Vice-President': 9, + 'Treasurer': 7, + 'Communication supervisor': 5, + 'Secretary': 4, + 'IT supervisor': 3, + 'Board member': 2, + 'Active member': 1, + 'Curious': 0, +} + +for role in SITH_CLUB_ROLES_ID: + SITH_CLUB_ROLES[SITH_CLUB_ROLES_ID[role]] = _(role) # This corresponds to the maximum role a user can freely subscribe to # In this case, SITH_MAXIMUM_FREE_ROLE=1 means that a user can set himself as "Membre actif" or "Curieux", but not higher From 95775d3b9bef34f1046ecb1dea0b09b8ad766b9c Mon Sep 17 00:00:00 2001 From: Krophil Date: Mon, 6 Feb 2017 22:18:44 +0100 Subject: [PATCH 11/14] adaptations for settings and deletion checked --- accounting/models.py | 12 ++++++------ .../templates/accounting/bank_account_details.jinja | 2 ++ .../templates/accounting/club_account_details.jinja | 2 +- core/views/__init__.py | 6 +++--- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/accounting/models.py b/accounting/models.py index 6dbf56d8..7371bff0 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -58,7 +58,7 @@ class Company(models.Model): Method to see if that object can be edited by the given user """ for club in user.memberships.filter(end_date=None).all(): - if club and club.role == 7: + if club and club.role == settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -67,7 +67,7 @@ class Company(models.Model): Method to see if that object can be viewed by the given user """ for club in user.memberships.filter(end_date=None).all(): - if club and club.role >= 7: + if club and club.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -97,7 +97,7 @@ class BankAccount(models.Model): if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): return True m = self.club.get_membership_for(user) - if m is not None and m.role >= 7: + if m is not None and m.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -129,7 +129,7 @@ class ClubAccount(models.Model): Method to see if that object can be edited by the given user """ m = self.club.get_membership_for(user) - if m and m.role == 7: + if m and m.role == settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -138,7 +138,7 @@ class ClubAccount(models.Model): Method to see if that object can be viewed by the given user """ m = self.club.get_membership_for(user) - if m and m.role >= 7: + if m and m.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -218,7 +218,7 @@ class Operation(models.Model): journal = models.ForeignKey(GeneralJournal, related_name="operations", null=False, verbose_name=_("journal")) amount = CurrencyField(_('amount')) date = models.DateField(_('date')) - remark = models.CharField(_('comment'), max_length=128, default="", null=True, blank=True) + remark = models.CharField(_('comment'), max_length=128, null=True, blank=True) mode = models.CharField(_('payment method'), max_length=255, choices=settings.SITH_ACCOUNTING_PAYMENT_METHOD) cheque_number = models.CharField(_('cheque number'), max_length=32, default="", null=True, blank=True) invoice = models.ForeignKey(SithFile, related_name='operations', verbose_name=_("invoice"), null=True, blank=True) diff --git a/accounting/templates/accounting/bank_account_details.jinja b/accounting/templates/accounting/bank_account_details.jinja index 95981b1b..cd968322 100644 --- a/accounting/templates/accounting/bank_account_details.jinja +++ b/accounting/templates/accounting/bank_account_details.jinja @@ -24,7 +24,9 @@ {% for c in object.club_accounts.all() %}
  • {{ c }} - {% trans %}Edit{% endtrans %} + {% if c.journals.count() == 0 %} - {% trans %}Delete{% endtrans %} + {% endif %}
    • {% endfor %} diff --git a/accounting/templates/accounting/club_account_details.jinja b/accounting/templates/accounting/club_account_details.jinja index 2b606a5f..08f22c2d 100644 --- a/accounting/templates/accounting/club_account_details.jinja +++ b/accounting/templates/accounting/club_account_details.jinja @@ -55,7 +55,7 @@ {% endif %} {% trans %}View{% endtrans %} {% trans %}Edit{% endtrans %} - {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) %} + {% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) and j.operations.count() == 0 %} {% trans %}Delete{% endtrans %} {% endif %} diff --git a/core/views/__init__.py b/core/views/__init__.py index 12c45c11..c0a613bc 100644 --- a/core/views/__init__.py +++ b/core/views/__init__.py @@ -67,7 +67,7 @@ class CanEditPropMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_edit_prop(o, request.user)] - if not l_id: + if not l_id and self.get_queryset().count() != 0: raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): @@ -89,7 +89,7 @@ class CanEditMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_edit(o, request.user)] - if not l_id: + if not l_id and self.get_queryset().count() != 0: raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): @@ -111,7 +111,7 @@ class CanViewMixin(View): except: pass # If we get here, it's a ListView l_id = [o.id for o in self.get_queryset() if can_view(o, request.user)] - if ((not l_id) and self.get_queryset().count() != 0): + if not l_id and self.get_queryset().count() != 0: raise PermissionDenied self._get_queryset = self.get_queryset def get_qs(self2): From 8329a19cc26a10359e5902caf398d906483e2891 Mon Sep 17 00:00:00 2001 From: Krophil Date: Mon, 27 Feb 2017 01:09:50 +0100 Subject: [PATCH 12/14] fix permissions --- accounting/models.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/accounting/models.py b/accounting/models.py index 7371bff0..f4ea5c73 100644 --- a/accounting/models.py +++ b/accounting/models.py @@ -187,6 +187,16 @@ class GeneralJournal(models.Model): return True return False + def can_be_edited_by(self, user): + """ + Method to see if that object can be edited by the given user + """ + if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): + return True + if self.club_account.can_be_edited_by(user): + return True + return False + def can_be_viewed_by(self, user): return self.club_account.can_be_edited_by(user) @@ -291,7 +301,7 @@ class Operation(models.Model): if self.journal.closed: return False m = self.journal.club_account.club.get_membership_for(user) - if m is not None and m.role >= 7: + if m is not None and m.role >= settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False @@ -299,7 +309,12 @@ class Operation(models.Model): """ Method to see if that object can be edited by the given user """ - if self.is_owned_by(user): + if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): + return True + if self.journal.closed: + return False + m = self.journal.club_account.club.get_membership_for(user) + if m is not None and m.role == settings.SITH_CLUB_ROLES_ID['Treasurer']: return True return False From 0bf457de50f47782d0adccea4019b731f10ecc29 Mon Sep 17 00:00:00 2001 From: klmp200 Date: Sat, 11 Mar 2017 11:57:20 +0100 Subject: [PATCH 13/14] Hiding some already forbidden stuff --- accounting/templates/accounting/co_list.jinja | 2 ++ 1 file changed, 2 insertions(+) diff --git a/accounting/templates/accounting/co_list.jinja b/accounting/templates/accounting/co_list.jinja index 0cfbca70..e40ee2d8 100644 --- a/accounting/templates/accounting/co_list.jinja +++ b/accounting/templates/accounting/co_list.jinja @@ -5,7 +5,9 @@ {% endblock %} {% block content %} +{% if user.is_in_group(settings.SITH_GROUP_ACCOUNTING_ADMIN_ID) or user.is_root %}

    {% trans %}Create new company{% endtrans %}

    +{% endif %}
    From 5932aad9fa3b9d09c4b7b2fea7d5e6d5a7ef1f48 Mon Sep 17 00:00:00 2001 From: Krophil Date: Sun, 12 Mar 2017 20:33:17 +0100 Subject: [PATCH 14/14] Improve journal removing --- accounting/views.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/accounting/views.py b/accounting/views.py index 8ea2c3c1..51808632 100644 --- a/accounting/views.py +++ b/accounting/views.py @@ -239,6 +239,12 @@ class JournalDeleteView(CanEditPropMixin, DeleteView): template_name = 'core/delete_confirm.jinja' success_url = reverse_lazy('accounting:club_details') + def dispatch(self, request, *args, **kwargs): + self.object = self.get_object() + if self.object.operations.count() == 0: + return super(JournalDeleteView, self).dispatch(request, *args, **kwargs) + else: + raise PermissionDenied # Operation views