core: add UserIsRootMixin and an admin delete view for memberships

club/urls.py

@@ -91,6 +91,11 @@ urlpatterns = [
         MembershipSetOldView.as_view(),
         name="membership_set_old",
     ),
+    re_path(
+        r"^membership/(?P<membership_id>[0-9]+)/delete$",
+        MembershipDeleteView.as_view(),
+        name="membership_delete",
+    ),
     re_path(
         r"^(?P<club_id>[0-9]+)/poster$", PosterListView.as_view(), name="poster_list"
     ),

club/views.py

@@ -43,6 +43,7 @@ from core.views import (
     CanViewMixin,
     CanEditMixin,
     CanEditPropMixin,
+    UserIsRootMixin,
     TabedViewMixin,
     PageEditViewBase,
     DetailFormView,
@@ -493,6 +494,19 @@ class MembershipSetOldView(CanEditMixin, DetailView):
         )
 
 
+class MembershipDeleteView(UserIsRootMixin, DeleteView):
+    """
+    Delete a membership (for admins only)
+    """
+
+    model = Membership
+    pk_url_kwarg = "membership_id"
+    template_name = "core/delete_confirm.jinja"
+
+    def get_success_url(self):
+        return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})
+
+
 class ClubStatView(TemplateView):
     template_name = "club/stats.jinja"
 

core/templates/core/user_clubs.jinja

@@ -28,6 +28,9 @@
             {% if m.can_be_edited_by(user) %}
             <td><a href="{{ url('club:membership_set_old', membership_id=m.id) }}">{% trans %}Mark as old{% endtrans %}</a></td>
             {% endif %}
+            {% if user.is_root %}
+                <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
+            {% endif %}
         </tr>
     	{% endfor %}
     </tbody>
@@ -54,6 +57,9 @@
             <td>{{ m.description }}</td>
             <td>{{ m.start_date }}</td>
             <td>{{ m.end_date }}</td>
+            {% if user.is_root %}
+                <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
+            {% endif %}
         </tr>
     	{% endfor %}
     </tbody>

core/views/__init__.py

@@ -242,6 +242,16 @@ class CanViewMixin(GenericContentPermissionMixinBuilder):
     permission_function = can_view
 
 
+class UserIsRootMixin(GenericContentPermissionMixinBuilder):
+    """
+    This view check if the user is root
+
+    :raises: PermissionDenied
+    """
+
+    permission_function = lambda obj, user: user.is_root
+
+
 class FormerSubscriberMixin(View):
     """
     This view check if the user was at least an old subscriber

doc/overlay/rights.rst

@@ -87,7 +87,7 @@ Voici maintenant comment faire en définissant des fonctions personnalisées. Ce
         # Donne ou non les droits de vue de l'objet
         # Ici, l'objet n'est visible que par un utilisateur connecté
         def can_be_viewed_by(self, user):
-            return not user.user.is_anonymous
+            return not user.is_anonymous
 
 .. note::
 
@@ -154,5 +154,6 @@ Le système de permissions de propose plusieurs mixins différents, les voici da
 .. autoclass:: core.views.CanEditPropMixin
 .. autoclass:: core.views.CanEditMixin
 .. autoclass:: core.views.CanViewMixin
+.. autoclass:: core.views.UserIsRootMixin
 .. autoclass:: core.views.FormerSubscriberMixin
 .. autoclass:: core.views.UserIsLoggedMixin