mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 22:23:23 +00:00
Merge branch 'subscriptions' into 'master'
Some selected club members can now make people subscribe and fix major security … Le bdf m'as demandé si c'était possible pour eux de faire des cotisations pour les nouveaux Je retire WIP quand j'ai la confirmation du bureau que je peux faire ça Par contre il j'y ai patché une grosse faille de sécurité : se mettre curieux à l'AE suffit à avoir tous les droits de board_member See merge request !91
This commit is contained in:
commit
e4e4eae11b
@ -139,10 +139,7 @@ class Club(models.Model):
|
|||||||
"""
|
"""
|
||||||
Method to see if that object can be edited by the given user
|
Method to see if that object can be edited by the given user
|
||||||
"""
|
"""
|
||||||
ms = self.get_membership_for(user)
|
return self.has_rights_in_club(user)
|
||||||
if ms is not None and ms.role > settings.SITH_MAXIMUM_FREE_ROLE:
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
def can_be_viewed_by(self, user):
|
def can_be_viewed_by(self, user):
|
||||||
"""
|
"""
|
||||||
@ -170,6 +167,10 @@ class Club(models.Model):
|
|||||||
Club._memberships[self.id][user.id] = m
|
Club._memberships[self.id][user.id] = m
|
||||||
return m
|
return m
|
||||||
|
|
||||||
|
def has_rights_in_club(self, user):
|
||||||
|
m = self.get_membership_for(user)
|
||||||
|
return m is not None and m.role > settings.SITH_MAXIMUM_FREE_ROLE
|
||||||
|
|
||||||
|
|
||||||
class Membership(models.Model):
|
class Membership(models.Model):
|
||||||
"""
|
"""
|
||||||
|
@ -300,7 +300,15 @@ class User(AbstractBaseUser):
|
|||||||
@cached_property
|
@cached_property
|
||||||
def is_board_member(self):
|
def is_board_member(self):
|
||||||
from club.models import Club
|
from club.models import Club
|
||||||
return Club.objects.filter(unix_name=settings.SITH_MAIN_CLUB['unix_name']).first().get_membership_for(self)
|
return Club.objects.filter(unix_name=settings.SITH_MAIN_CLUB['unix_name']).first().has_rights_in_club(self)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def can_create_subscription(self):
|
||||||
|
from club.models import Club
|
||||||
|
for club in Club.objects.filter(id__in=settings.SITH_CAN_CREATE_SUBSCRIPTIONS).all():
|
||||||
|
if club.has_rights_in_club(self):
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
@cached_property
|
@cached_property
|
||||||
def is_launderette_manager(self):
|
def is_launderette_manager(self):
|
||||||
@ -504,6 +512,10 @@ class AnonymousUser(AuthAnonymousUser):
|
|||||||
def __init__(self, request):
|
def __init__(self, request):
|
||||||
super(AnonymousUser, self).__init__()
|
super(AnonymousUser, self).__init__()
|
||||||
|
|
||||||
|
@property
|
||||||
|
def can_create_subscription(self):
|
||||||
|
return False
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def was_subscribed(self):
|
def was_subscribed(self):
|
||||||
return False
|
return False
|
||||||
|
@ -14,8 +14,10 @@
|
|||||||
<li><a href="{{ url('core:group_list') }}">{% trans %}Groups{% endtrans %}</a></li>
|
<li><a href="{{ url('core:group_list') }}">{% trans %}Groups{% endtrans %}</a></li>
|
||||||
<li><a href="{{ url('rootplace:merge') }}">{% trans %}Merge users{% endtrans %}</a></li>
|
<li><a href="{{ url('rootplace:merge') }}">{% trans %}Merge users{% endtrans %}</a></li>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) or user.is_root %}
|
{% if user.can_create_subscription or user.is_root %}
|
||||||
<li><a href="{{ url('subscription:subscription') }}">{% trans %}Subscriptions{% endtrans %}</a></li>
|
<li><a href="{{ url('subscription:subscription') }}">{% trans %}Subscriptions{% endtrans %}</a></li>
|
||||||
|
{% endif %}
|
||||||
|
{% if user.is_board_member or user.is_root %}
|
||||||
<li><a href="{{ url('subscription:stats') }}">{% trans %}Subscription stats{% endtrans %}</a></li>
|
<li><a href="{{ url('subscription:stats') }}">{% trans %}Subscription stats{% endtrans %}</a></li>
|
||||||
<li><a href="{{ url('club:club_new') }}">{% trans %}New club{% endtrans %}</a></li>
|
<li><a href="{{ url('club:club_new') }}">{% trans %}New club{% endtrans %}</a></li>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -408,6 +408,10 @@ SITH_PRODUCT_SUBSCRIPTION_ONE_SEMESTER = 1
|
|||||||
SITH_PRODUCT_SUBSCRIPTION_TWO_SEMESTERS = 2
|
SITH_PRODUCT_SUBSCRIPTION_TWO_SEMESTERS = 2
|
||||||
SITH_PRODUCTTYPE_SUBSCRIPTION = 2
|
SITH_PRODUCTTYPE_SUBSCRIPTION = 2
|
||||||
|
|
||||||
|
SITH_CAN_CREATE_SUBSCRIPTIONS = [
|
||||||
|
1,
|
||||||
|
]
|
||||||
|
|
||||||
# Subscription durations are in semestres
|
# Subscription durations are in semestres
|
||||||
# Be careful, modifying this parameter will need a migration to be applied
|
# Be careful, modifying this parameter will need a migration to be applied
|
||||||
SITH_SUBSCRIPTIONS = {
|
SITH_SUBSCRIPTIONS = {
|
||||||
|
@ -106,7 +106,7 @@ class NewSubscription(CreateView):
|
|||||||
|
|
||||||
def dispatch(self, request, *arg, **kwargs):
|
def dispatch(self, request, *arg, **kwargs):
|
||||||
res = super(NewSubscription, self).dispatch(request, *arg, **kwargs)
|
res = super(NewSubscription, self).dispatch(request, *arg, **kwargs)
|
||||||
if request.user.is_in_group(settings.SITH_MAIN_BOARD_GROUP):
|
if request.user.can_create_subscription:
|
||||||
return res
|
return res
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user