klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-01-21 06:21:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove UserIsRootMixin

Browse Source
This commit is contained in:
imperosol 2025-01-10 15:17:41 +01:00
parent 4d0d7adce1
commit 7ac41ac5cb
4 changed files with 14 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
club/views.py
View File

@ -25,6 +25,7 @@
import csv import csv
from django.conf import settings from django.conf import settings
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
from django.core.paginator import InvalidPage, Paginator from django.core.paginator import InvalidPage, Paginator
from django.db.models import Sum from django.db.models import Sum
@ -58,7 +59,6 @@ from core.views import (
DetailFormView, DetailFormView,
PageEditViewBase, PageEditViewBase,
TabedViewMixin, TabedViewMixin,
UserIsRootMixin,
) )
from counter.models import Selling from counter.models import Selling
@ -512,12 +512,13 @@ class MembershipSetOldView(CanEditMixin, DetailView):
) )
class MembershipDeleteView(UserIsRootMixin, DeleteView): class MembershipDeleteView(PermissionRequiredMixin, DeleteView):
"""Delete a membership (for admins only).""" """Delete a membership (for admins only)."""
model = Membership model = Membership
pk_url_kwarg = "membership_id" pk_url_kwarg = "membership_id"
template_name = "core/delete_confirm.jinja" template_name = "core/delete_confirm.jinja"
permission_required = "club.delete_membership"
def get_success_url(self): def get_success_url(self):
return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id}) return reverse_lazy("core:user_clubs", kwargs={"user_id": self.object.user.id})

4
core/templates/core/user_clubs.jinja
View File

@ -30,7 +30,7 @@
{% if m.can_be_edited_by(user) %} {% if m.can_be_edited_by(user) %}
<td><a href="{{ url('club:membership_set_old', membership_id=m.id) }}">{% trans %}Mark as old{% endtrans %}</a></td> <td><a href="{{ url('club:membership_set_old', membership_id=m.id) }}">{% trans %}Mark as old{% endtrans %}</a></td>
{% endif %} {% endif %}
{% if user.is_root %} {% if user.has_perm("club.delete_membership") %}
<td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td> <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
{% endif %} {% endif %}
</tr> </tr>
@ -59,7 +59,7 @@
<td>{{ m.description }}</td> <td>{{ m.description }}</td>
<td>{{ m.start_date }}</td> <td>{{ m.start_date }}</td>
<td>{{ m.end_date }}</td> <td>{{ m.end_date }}</td>
{% if user.is_root %} {% if user.has_perm("club.delete_membership") %}
<td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td> <td><a href="{{ url('club:membership_delete', membership_id=m.id) }}">{% trans %}Delete{% endtrans %}</a></td>
{% endif %} {% endif %}
</tr> </tr>

12
core/views/__init__.py
View File

@ -225,18 +225,6 @@ class CanViewMixin(GenericContentPermissionMixinBuilder):
permission_function = can_view permission_function = can_view
class UserIsRootMixin(GenericContentPermissionMixinBuilder):
"""Allow only root admins.
Raises:
PermissionDenied: if the user isn't root
"""
@staticmethod
def permission_function(obj: Any, user: User):
return user.is_root
class FormerSubscriberMixin(AccessMixin): class FormerSubscriberMixin(AccessMixin):
"""Check if the user was at least an old subscriber. """Check if the user was at least an old subscriber.

18
docs/tutorial/perms.md
View File

@ -154,7 +154,7 @@ Voici un exemple d'utilisation en reprenant l'objet Article crée précédemment
```python ```python
from django.views.generic import CreateView, ListView from django.views.generic import CreateView, ListView
from core.views import CanViewMixin, CanCreateMixin from core.auth.mixins import CanViewMixin, CanCreateMixin
from com.models import WeekmailArticle from com.models import WeekmailArticle
@ -172,14 +172,14 @@ class ArticlesCreateView(CanCreateMixin, CreateView):
Les mixins suivants sont implémentés : Les mixins suivants sont implémentés :
- [CanCreateMixin][core.views.CanCreateMixin] : l'utilisateur peut-il créer l'objet ? - [CanCreateMixin][core.auth.mixins.CanCreateMixin] : l'utilisateur peut-il créer l'objet ?
- [CanEditPropMixin][core.views.CanEditPropMixin] : l'utilisateur peut-il éditer les propriétés de l'objet ? - [CanEditPropMixin][core.auth.mixins.CanEditPropMixin] : l'utilisateur peut-il éditer les propriétés de l'objet ?
- [CanEditMixin][core.views.CanEditMixin] : L'utilisateur peut-il éditer l'objet ? - [CanEditMixin][core.auth.mixins.CanEditMixin] : L'utilisateur peut-il éditer l'objet ?
- [CanViewMixin][core.views.CanViewMixin] : L'utilisateur peut-il voir l'objet ? - [CanViewMixin][core.auth.mixins.CanViewMixin] : L'utilisateur peut-il voir l'objet ?
- [UserIsRootMixin][core.views.UserIsRootMixin] : L'utilisateur a-t-il les droit root ? - [FormerSubscriberMixin][core.auth.mixins.FormerSubscriberMixin] : L'utilisateur a-t-il déjà été cotisant ?
- [FormerSubscriberMixin][core.views.FormerSubscriberMixin] : L'utilisateur a-t-il déjà été cotisant ? - [PermissionOrAuthorRequiredMixin][core.auth.mixins.PermissionOrAuthorRequiredMixin] :
- [UserIsLoggedMixin][core.views.UserIsLoggedMixin] : L'utilisateur est-il connecté ? L'utilisateur a-t-il la permission requise, ou bien est-il l'auteur de l'objet
(à éviter ; préférez `LoginRequiredMixin`, fourni par Django) auquel on veut accéder ?
!!!danger "Performance" !!!danger "Performance"