mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 14:13:21 +00:00
Merge branch 'subscriptions' into 'master'
Some selected club members can now make people subscribe and fix major security … Le bdf m'as demandé si c'était possible pour eux de faire des cotisations pour les nouveaux Je retire WIP quand j'ai la confirmation du bureau que je peux faire ça Par contre il j'y ai patché une grosse faille de sécurité : se mettre curieux à l'AE suffit à avoir tous les droits de board_member See merge request !91
This commit is contained in:
commit
e4e4eae11b
@ -139,10 +139,7 @@ class Club(models.Model):
|
||||
"""
|
||||
Method to see if that object can be edited by the given user
|
||||
"""
|
||||
ms = self.get_membership_for(user)
|
||||
if ms is not None and ms.role > settings.SITH_MAXIMUM_FREE_ROLE:
|
||||
return True
|
||||
return False
|
||||
return self.has_rights_in_club(user)
|
||||
|
||||
def can_be_viewed_by(self, user):
|
||||
"""
|
||||
@ -170,6 +167,10 @@ class Club(models.Model):
|
||||
Club._memberships[self.id][user.id] = m
|
||||
return m
|
||||
|
||||
def has_rights_in_club(self, user):
|
||||
m = self.get_membership_for(user)
|
||||
return m is not None and m.role > settings.SITH_MAXIMUM_FREE_ROLE
|
||||
|
||||
|
||||
class Membership(models.Model):
|
||||
"""
|
||||
|
@ -300,7 +300,15 @@ class User(AbstractBaseUser):
|
||||
@cached_property
|
||||
def is_board_member(self):
|
||||
from club.models import Club
|
||||
return Club.objects.filter(unix_name=settings.SITH_MAIN_CLUB['unix_name']).first().get_membership_for(self)
|
||||
return Club.objects.filter(unix_name=settings.SITH_MAIN_CLUB['unix_name']).first().has_rights_in_club(self)
|
||||
|
||||
@cached_property
|
||||
def can_create_subscription(self):
|
||||
from club.models import Club
|
||||
for club in Club.objects.filter(id__in=settings.SITH_CAN_CREATE_SUBSCRIPTIONS).all():
|
||||
if club.has_rights_in_club(self):
|
||||
return True
|
||||
return False
|
||||
|
||||
@cached_property
|
||||
def is_launderette_manager(self):
|
||||
@ -504,6 +512,10 @@ class AnonymousUser(AuthAnonymousUser):
|
||||
def __init__(self, request):
|
||||
super(AnonymousUser, self).__init__()
|
||||
|
||||
@property
|
||||
def can_create_subscription(self):
|
||||
return False
|
||||
|
||||
@property
|
||||
def was_subscribed(self):
|
||||
return False
|
||||
|
@ -14,8 +14,10 @@
|
||||
<li><a href="{{ url('core:group_list') }}">{% trans %}Groups{% endtrans %}</a></li>
|
||||
<li><a href="{{ url('rootplace:merge') }}">{% trans %}Merge users{% endtrans %}</a></li>
|
||||
{% endif %}
|
||||
{% if user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) or user.is_root %}
|
||||
{% if user.can_create_subscription or user.is_root %}
|
||||
<li><a href="{{ url('subscription:subscription') }}">{% trans %}Subscriptions{% endtrans %}</a></li>
|
||||
{% endif %}
|
||||
{% if user.is_board_member or user.is_root %}
|
||||
<li><a href="{{ url('subscription:stats') }}">{% trans %}Subscription stats{% endtrans %}</a></li>
|
||||
<li><a href="{{ url('club:club_new') }}">{% trans %}New club{% endtrans %}</a></li>
|
||||
{% endif %}
|
||||
|
@ -408,6 +408,10 @@ SITH_PRODUCT_SUBSCRIPTION_ONE_SEMESTER = 1
|
||||
SITH_PRODUCT_SUBSCRIPTION_TWO_SEMESTERS = 2
|
||||
SITH_PRODUCTTYPE_SUBSCRIPTION = 2
|
||||
|
||||
SITH_CAN_CREATE_SUBSCRIPTIONS = [
|
||||
1,
|
||||
]
|
||||
|
||||
# Subscription durations are in semestres
|
||||
# Be careful, modifying this parameter will need a migration to be applied
|
||||
SITH_SUBSCRIPTIONS = {
|
||||
|
@ -106,7 +106,7 @@ class NewSubscription(CreateView):
|
||||
|
||||
def dispatch(self, request, *arg, **kwargs):
|
||||
res = super(NewSubscription, self).dispatch(request, *arg, **kwargs)
|
||||
if request.user.is_in_group(settings.SITH_MAIN_BOARD_GROUP):
|
||||
if request.user.can_create_subscription:
|
||||
return res
|
||||
raise PermissionDenied
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user