mirror of
https://github.com/ae-utbm/sith.git
synced 2025-07-11 04:19:25 +00:00
[FIX] Correction de bugs (#617)
* Fix #600 * Fix #602 * Fixes & améliorations du nouveau CSS (#616) * Fix #604 * should fix #605 * Fix #608 * Update core/views/site.py Co-Authored-By: thomas girod <56346771+imperosol@users.noreply.github.com> * Added back the permission denied * Should fix #609 * Fix failing test when 2 user are merged * Should fix #610 * Should fix #627 * Should fix #109 Block les URLs suivantes lorsque le fichier se trouve dans le dir `profiles` ou `SAS` : - `/file/<id>/` - `/file/<id>/[delete|prop|edit]` > Les urls du SAS restent accessiblent pour les roots & les admins SAS > Les urls de profiles sont uniquement accessiblent aux roots * Fix root dir of SAS being unnaccessible for sas admins ⚠️ need to edit the SAS directory & save it (no changes required in sas directory properties) * Remove overwritten code * Should fix duplicated albums in user profile (wtf) * Fix typo * Extended profiles picture access to board members * Should fix #607 * Fix keyboard navigation not working properly * Fix user tagged pictures section inside python rather than in the template * Update utils.py * Apply suggested changes * Fix #604 * Fix #608 * Added back the permission denied * Should fix duplicated albums in user profile (wtf) * Fix user tagged pictures section inside python rather than in the template * Apply suggested changes --------- Co-authored-by: thomas girod <56346771+imperosol@users.noreply.github.com>
This commit is contained in:
@ -919,6 +919,36 @@ class SithFile(models.Model):
|
||||
class Meta:
|
||||
verbose_name = _("file")
|
||||
|
||||
def can_be_managed_by(self, user: User) -> bool:
|
||||
"""
|
||||
Tell if the user can manage the file (edit, delete, etc.) or not.
|
||||
Apply the following rules:
|
||||
- If the file is not in the SAS nor in the profiles directory, it can be "managed" by anyone -> return True
|
||||
- If the file is in the SAS, only the SAS admins (or roots) can manage it -> return True if the user is in the SAS admin group or is a root
|
||||
- If the file is in the profiles directory, only the roots can manage it -> return True if the user is a root
|
||||
|
||||
:returns: True if the file is managed by the SAS or within the profiles directory, False otherwise
|
||||
"""
|
||||
|
||||
# If the file is not in the SAS nor in the profiles directory, it can be "managed" by anyone
|
||||
profiles_dir = SithFile.objects.filter(name="profiles").first()
|
||||
if not self.is_in_sas and not profiles_dir in self.get_parent_list():
|
||||
return True
|
||||
|
||||
# If the file is in the SAS, only the SAS admins (or roots) can manage it
|
||||
if self.is_in_sas and (
|
||||
user.is_in_group(settings.SITH_GROUP_SAS_ADMIN_ID) or user.is_root
|
||||
):
|
||||
return True
|
||||
|
||||
# If the file is in the profiles directory, only the roots can manage it
|
||||
if profiles_dir in self.get_parent_list() and (
|
||||
user.is_root or user.is_board_member
|
||||
):
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def is_owned_by(self, user):
|
||||
if user.is_anonymous:
|
||||
return False
|
||||
@ -996,7 +1026,7 @@ class SithFile(models.Model):
|
||||
|
||||
def save(self, *args, **kwargs):
|
||||
sas = SithFile.objects.filter(id=settings.SITH_SAS_ROOT_DIR_ID).first()
|
||||
self.is_in_sas = sas in self.get_parent_list()
|
||||
self.is_in_sas = sas in self.get_parent_list() or self == sas
|
||||
copy_rights = False
|
||||
if self.id is None:
|
||||
copy_rights = True
|
||||
@ -1130,12 +1160,6 @@ class SithFile(models.Model):
|
||||
|
||||
return Album.objects.filter(id=self.id).first()
|
||||
|
||||
def __str__(self):
|
||||
if self.is_folder:
|
||||
return _("Folder: ") + self.name
|
||||
else:
|
||||
return _("File: ") + self.name
|
||||
|
||||
def get_parent_list(self):
|
||||
l = []
|
||||
p = self.parent
|
||||
|
Reference in New Issue
Block a user