core: add UserIsRootMixin and an admin delete view for memberships

2024-11-21 21:53:30 +00:00 · 2019-11-24 19:23:43 +01:00 · 2019-11-24 19:23:43 +01:00 · 5c8fa1b9e7
commit 5c8fa1b9e7
parent d82679e3d7
5 changed files with 37 additions and 1 deletions
--- a/club/urls.py
+++ b/club/urls.py
@ -91,6 +91,11 @@ urlpatterns = [
        MembershipSetOldView.as_view(),
        name="membership_set_old",
    ),
+    re_path(
+        r"^membership/(?P<membership_id>[0-9]+)/delete$",
+        MembershipDeleteView.as_view(),
+        name="membership_delete",
+    ),
    re_path(
        r"^(?P<club_id>[0-9]+)/poster$", PosterListView.as_view(), name="poster_list"
    ),
--- a/club/views.py
+++ b/club/views.py
@ -43,6 +43,7 @@ from core.views import (
    CanViewMixin,
    CanEditMixin,
    CanEditPropMixin,
+    UserIsRootMixin,
    TabedViewMixin,
    PageEditViewBase,
    DetailFormView,
@ -493,6 +494,19 @@ class MembershipSetOldView(CanEditMixin, DetailView):
        )


+class MembershipDeleteView(UserIsRootMixin, DeleteView):
+    """
+    Delete a membership (for admins only)
+    """
+
+    model = Membership
+    pk_url_kwarg = "membership_id"
+    template_name = "core/delete_confirm.jinja"
+
+    def get_success_url(self):
+        return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})
+
+
 class ClubStatView(TemplateView):
    template_name = "club/stats.jinja"

--- a/core/templates/core/user_clubs.jinja
+++ b/core/templates/core/user_clubs.jinja
@ -28,6 +28,9 @@
            {% if m.can_be_edited_by(user) %}
            <td><a href="{{ url('club:membership_set_old', membership_id=m.id) }}">{% trans %}Mark as old{% endtrans %}</a></td>
            {% endif %}
+            {% if user.is_root %}
+                <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
+            {% endif %}
        </tr>
    	{% endfor %}
    </tbody>
@ -54,6 +57,9 @@
            <td>{{ m.description }}</td>
            <td>{{ m.start_date }}</td>
            <td>{{ m.end_date }}</td>
+            {% if user.is_root %}
+                <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
+            {% endif %}
        </tr>
    	{% endfor %}
    </tbody>
--- a/core/views/init.py
+++ b/core/views/init.py
@ -242,6 +242,16 @@ class CanViewMixin(GenericContentPermissionMixinBuilder):
    permission_function = can_view


+class UserIsRootMixin(GenericContentPermissionMixinBuilder):
+    """
+    This view check if the user is root
+
+    :raises: PermissionDenied
+    """
+
+    permission_function = lambda obj, user: user.is_root
+
+
 class FormerSubscriberMixin(View):
    """
    This view check if the user was at least an old subscriber
--- a/doc/overlay/rights.rst
+++ b/doc/overlay/rights.rst
@ -87,7 +87,7 @@ Voici maintenant comment faire en définissant des fonctions personnalisées. Ce
        # Donne ou non les droits de vue de l'objet
        # Ici, l'objet n'est visible que par un utilisateur connecté
        def can_be_viewed_by(self, user):
-            return not user.user.is_anonymous
+            return not user.is_anonymous

 .. note::

@ -154,5 +154,6 @@ Le système de permissions de propose plusieurs mixins différents, les voici da
 .. autoclass:: core.views.CanEditPropMixin
 .. autoclass:: core.views.CanEditMixin
 .. autoclass:: core.views.CanViewMixin
+.. autoclass:: core.views.UserIsRootMixin
 .. autoclass:: core.views.FormerSubscriberMixin
 .. autoclass:: core.views.UserIsLoggedMixin