mirror of
https://github.com/ae-utbm/sith.git
synced 2026-04-11 05:05:25 +00:00
Compare commits
11 Commits
club-role
...
discord-au
| Author | SHA1 | Date | |
|---|---|---|---|
|
236ca1a4e4 | ||
|
|
ddcde11365 | ||
|
|
49cb21e18b | ||
|
|
26d12a0e6d | ||
|
|
db414fd884 | ||
|
|
9634f9779c | ||
|
|
e29112af55 | ||
|
|
5d29010a47 | ||
|
|
70ff74ee0a | ||
|
|
eebdce6635 | ||
|
|
1b898ebe1b |
@@ -17,6 +17,15 @@ class ApiClientAdmin(admin.ModelAdmin):
|
||||
"owner__nick_name",
|
||||
)
|
||||
autocomplete_fields = ("owner", "groups", "client_permissions")
|
||||
readonly_fields = ("hmac_key",)
|
||||
actions = ("reset_hmac_key",)
|
||||
|
||||
@admin.action(permissions=["change"], description=_("Reset HMAC key"))
|
||||
def reset_hmac_key(self, _request: HttpRequest, queryset: QuerySet[ApiClient]):
|
||||
objs = list(queryset)
|
||||
for obj in objs:
|
||||
obj.reset_hmac(commit=False)
|
||||
ApiClient.objects.bulk_update(objs, fields=["hmac_key"])
|
||||
|
||||
|
||||
@admin.register(ApiKey)
|
||||
|
||||
16
api/api.py
Normal file
16
api/api.py
Normal file
@@ -0,0 +1,16 @@
|
||||
from ninja_extra import ControllerBase, api_controller, route
|
||||
|
||||
from api.auth import ApiKeyAuth
|
||||
from api.schemas import ApiClientSchema
|
||||
|
||||
|
||||
@api_controller("/client")
|
||||
class ApiClientController(ControllerBase):
|
||||
@route.get(
|
||||
"/me",
|
||||
auth=[ApiKeyAuth()],
|
||||
response=ApiClientSchema,
|
||||
url_name="api-client-infos",
|
||||
)
|
||||
def get_client_info(self):
|
||||
return self.context.request.auth
|
||||
35
api/forms.py
Normal file
35
api/forms.py
Normal file
@@ -0,0 +1,35 @@
|
||||
from django import forms
|
||||
from django.forms import HiddenInput
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
|
||||
class ThirdPartyAuthForm(forms.Form):
|
||||
"""Form to complete to authenticate on the sith from a third-party app.
|
||||
|
||||
For the form to be valid, the user approve the EULA (french: CGU)
|
||||
and give its username from the third-party app.
|
||||
"""
|
||||
|
||||
cgu_accepted = forms.BooleanField(
|
||||
required=True,
|
||||
label=_("I have read and I accept the terms and conditions of use"),
|
||||
error_messages={
|
||||
"required": _("You must approve the terms and conditions of use.")
|
||||
},
|
||||
)
|
||||
is_username_valid = forms.BooleanField(
|
||||
required=True,
|
||||
error_messages={"required": _("You must confirm that this is your username.")},
|
||||
)
|
||||
client_id = forms.IntegerField(widget=HiddenInput())
|
||||
third_party_app = forms.CharField(widget=HiddenInput())
|
||||
privacy_link = forms.URLField(widget=HiddenInput())
|
||||
username = forms.CharField(widget=HiddenInput())
|
||||
callback_url = forms.URLField(widget=HiddenInput())
|
||||
signature = forms.CharField(widget=HiddenInput())
|
||||
|
||||
def __init__(self, *args, label_suffix: str = "", initial, **kwargs):
|
||||
super().__init__(*args, label_suffix=label_suffix, initial=initial, **kwargs)
|
||||
self.fields["is_username_valid"].label = _(
|
||||
"I confirm that %(username)s is my username on %(app)s"
|
||||
) % {"username": initial.get("username"), "app": initial.get("third_party_app")}
|
||||
19
api/migrations/0002_apiclient_hmac_key.py
Normal file
19
api/migrations/0002_apiclient_hmac_key.py
Normal file
@@ -0,0 +1,19 @@
|
||||
# Generated by Django 5.2.3 on 2025-10-26 10:15
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
import api.models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [("api", "0001_initial")]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name="apiclient",
|
||||
name="hmac_key",
|
||||
field=models.CharField(
|
||||
default=api.models.get_hmac_key, max_length=128, verbose_name="HMAC Key"
|
||||
),
|
||||
),
|
||||
]
|
||||
@@ -1,13 +1,20 @@
|
||||
import secrets
|
||||
from typing import Iterable
|
||||
|
||||
from django.contrib.auth.models import Permission
|
||||
from django.db import models
|
||||
from django.db.models import Q
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.utils.translation import pgettext_lazy
|
||||
|
||||
from core.models import Group, User
|
||||
|
||||
|
||||
def get_hmac_key():
|
||||
return secrets.token_hex(64)
|
||||
|
||||
|
||||
class ApiClient(models.Model):
|
||||
name = models.CharField(_("name"), max_length=64)
|
||||
owner = models.ForeignKey(
|
||||
@@ -26,11 +33,10 @@ class ApiClient(models.Model):
|
||||
help_text=_("Specific permissions for this api client."),
|
||||
related_name="clients",
|
||||
)
|
||||
hmac_key = models.CharField(_("HMAC Key"), max_length=128, default=get_hmac_key)
|
||||
created_at = models.DateTimeField(auto_now_add=True)
|
||||
updated_at = models.DateTimeField(auto_now=True)
|
||||
|
||||
_perm_cache: set[str] | None = None
|
||||
|
||||
class Meta:
|
||||
verbose_name = _("api client")
|
||||
verbose_name_plural = _("api clients")
|
||||
@@ -38,33 +44,38 @@ class ApiClient(models.Model):
|
||||
def __str__(self):
|
||||
return self.name
|
||||
|
||||
@cached_property
|
||||
def all_permissions(self) -> set[str]:
|
||||
permissions = (
|
||||
Permission.objects.filter(
|
||||
Q(group__group__in=self.groups.all()) | Q(clients=self)
|
||||
)
|
||||
.values_list("content_type__app_label", "codename")
|
||||
.order_by()
|
||||
)
|
||||
return {f"{content_type}.{name}" for content_type, name in permissions}
|
||||
|
||||
def has_perm(self, perm: str):
|
||||
"""Return True if the client has the specified permission."""
|
||||
return perm in self.all_permissions
|
||||
|
||||
if self._perm_cache is None:
|
||||
group_permissions = (
|
||||
Permission.objects.filter(group__group__in=self.groups.all())
|
||||
.values_list("content_type__app_label", "codename")
|
||||
.order_by()
|
||||
)
|
||||
client_permissions = self.client_permissions.values_list(
|
||||
"content_type__app_label", "codename"
|
||||
).order_by()
|
||||
self._perm_cache = {
|
||||
f"{content_type}.{name}"
|
||||
for content_type, name in (*group_permissions, *client_permissions)
|
||||
}
|
||||
return perm in self._perm_cache
|
||||
|
||||
def has_perms(self, perm_list):
|
||||
"""
|
||||
Return True if the client has each of the specified permissions. If
|
||||
object is passed, check if the client has all required perms for it.
|
||||
"""
|
||||
def has_perms(self, perm_list: Iterable[str]) -> bool:
|
||||
"""Return True if the client has each of the specified permissions."""
|
||||
if not isinstance(perm_list, Iterable) or isinstance(perm_list, str):
|
||||
raise ValueError("perm_list must be an iterable of permissions.")
|
||||
return all(self.has_perm(perm) for perm in perm_list)
|
||||
|
||||
def reset_hmac(self, *, commit: bool = True) -> str:
|
||||
"""Reset and return the HMAC key for this client.
|
||||
|
||||
Args:
|
||||
commit: if True (the default), persist the new hmac in db.
|
||||
"""
|
||||
self.hmac_key = get_hmac_key()
|
||||
if commit:
|
||||
self.save()
|
||||
return self.hmac_key
|
||||
|
||||
|
||||
class ApiKey(models.Model):
|
||||
PREFIX_LENGTH = 5
|
||||
|
||||
23
api/schemas.py
Normal file
23
api/schemas.py
Normal file
@@ -0,0 +1,23 @@
|
||||
from ninja import ModelSchema, Schema
|
||||
from pydantic import Field, HttpUrl
|
||||
|
||||
from api.models import ApiClient
|
||||
from core.schemas import SimpleUserSchema
|
||||
|
||||
|
||||
class ApiClientSchema(ModelSchema):
|
||||
class Meta:
|
||||
model = ApiClient
|
||||
fields = ["id", "name"]
|
||||
|
||||
owner: SimpleUserSchema
|
||||
permissions: list[str] = Field(alias="all_permissions")
|
||||
|
||||
|
||||
class ThirdPartyAuthParamsSchema(Schema):
|
||||
client_id: int
|
||||
third_party_app: str
|
||||
privacy_link: HttpUrl
|
||||
username: str
|
||||
callback_url: HttpUrl
|
||||
signature: str
|
||||
32
api/templates/api/third_party/auth.jinja
vendored
Normal file
32
api/templates/api/third_party/auth.jinja
vendored
Normal file
@@ -0,0 +1,32 @@
|
||||
{% extends "core/base.jinja" %}
|
||||
|
||||
{% block content %}
|
||||
<form method="post">
|
||||
{% csrf_token %}
|
||||
<h3>{% trans %}Confidentiality{% endtrans %}</h3>
|
||||
<p>
|
||||
{% trans trimmed app=third_party_app %}
|
||||
By ticking this box and clicking on the send button, you
|
||||
acknowledge and agree to provide {{ app }} with your
|
||||
first name, last name, nickname and any other information
|
||||
that was the third party app was explicitly authorized to fetch
|
||||
and that it must have acknowledged to you, in a complete and accurate manner.
|
||||
{% endtrans %}
|
||||
</p>
|
||||
<p class="margin-bottom">
|
||||
{% trans trimmed app=third_party_app, privacy_link=third_party_cgu, sith_cgu_link=sith_cgu %}
|
||||
The privacy policies of <a href="{{ privacy_link }}">{{ app }}</a>
|
||||
and of <a href="{{ sith_cgu_link }}">the Students' Association</a>
|
||||
applies as soon as the form is submitted.
|
||||
{% endtrans %}
|
||||
</p>
|
||||
<div class="row">{{ form.cgu_accepted }} {{ form.cgu_accepted.label_tag() }}</div>
|
||||
<br>
|
||||
<h3 class="margin-bottom">{% trans %}Confirmation of identity{% endtrans %}</h3>
|
||||
<div class="row margin-bottom">
|
||||
{{ form.is_username_valid }} {{ form.is_username_valid.label_tag() }}
|
||||
</div>
|
||||
{% for field in form.hidden_fields() %}{{ field }}{% endfor %}
|
||||
<input type="submit" class="btn btn-blue">
|
||||
</form>
|
||||
{% endblock %}
|
||||
24
api/tests/test_admin.py
Normal file
24
api/tests/test_admin.py
Normal file
@@ -0,0 +1,24 @@
|
||||
import pytest
|
||||
from django.contrib.admin import AdminSite
|
||||
from django.http import HttpRequest
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertNumQueries
|
||||
|
||||
from api.admin import ApiClientAdmin
|
||||
from api.models import ApiClient
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_reset_hmac_action():
|
||||
client_admin = ApiClientAdmin(ApiClient, AdminSite())
|
||||
api_clients = baker.make(ApiClient, _quantity=4, _bulk_create=True)
|
||||
old_hmac_keys = [c.hmac_key for c in api_clients]
|
||||
with assertNumQueries(2):
|
||||
qs = ApiClient.objects.filter(id__in=[c.id for c in api_clients[2:4]])
|
||||
client_admin.reset_hmac_key(HttpRequest(), qs)
|
||||
for c in api_clients:
|
||||
c.refresh_from_db()
|
||||
assert api_clients[0].hmac_key == old_hmac_keys[0]
|
||||
assert api_clients[1].hmac_key == old_hmac_keys[1]
|
||||
assert api_clients[2].hmac_key != old_hmac_keys[2]
|
||||
assert api_clients[3].hmac_key != old_hmac_keys[3]
|
||||
18
api/tests/test_api_client_controller.py
Normal file
18
api/tests/test_api_client_controller.py
Normal file
@@ -0,0 +1,18 @@
|
||||
import pytest
|
||||
from django.test import Client
|
||||
from django.urls import reverse
|
||||
from model_bakery import baker
|
||||
|
||||
from api.hashers import generate_key
|
||||
from api.models import ApiClient, ApiKey
|
||||
from api.schemas import ApiClientSchema
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_api_client_controller(client: Client):
|
||||
key, hashed = generate_key()
|
||||
api_client = baker.make(ApiClient)
|
||||
baker.make(ApiKey, client=api_client, hashed_key=hashed)
|
||||
res = client.get(reverse("api:api-client-infos"), headers={"X-APIKey": key})
|
||||
assert res.status_code == 200
|
||||
assert res.json() == ApiClientSchema.from_orm(api_client).model_dump()
|
||||
59
api/tests/test_client.py
Normal file
59
api/tests/test_client.py
Normal file
@@ -0,0 +1,59 @@
|
||||
import pytest
|
||||
from django.contrib.auth.models import Permission
|
||||
from django.test import TestCase
|
||||
from model_bakery import baker
|
||||
|
||||
from api.models import ApiClient
|
||||
from core.models import Group
|
||||
|
||||
|
||||
class TestClientPermissions(TestCase):
|
||||
@classmethod
|
||||
def setUpTestData(cls):
|
||||
cls.api_client = baker.make(ApiClient)
|
||||
cls.perms = baker.make(Permission, _quantity=10, _bulk_create=True)
|
||||
cls.api_client.groups.set(
|
||||
[
|
||||
baker.make(Group, permissions=cls.perms[0:3]),
|
||||
baker.make(Group, permissions=cls.perms[3:5]),
|
||||
]
|
||||
)
|
||||
cls.api_client.client_permissions.set(
|
||||
[cls.perms[3], cls.perms[5], cls.perms[6], cls.perms[7]]
|
||||
)
|
||||
|
||||
def test_all_permissions(self):
|
||||
assert self.api_client.all_permissions == {
|
||||
f"{p.content_type.app_label}.{p.codename}" for p in self.perms[0:8]
|
||||
}
|
||||
|
||||
def test_has_perm(self):
|
||||
assert self.api_client.has_perm(
|
||||
f"{self.perms[1].content_type.app_label}.{self.perms[1].codename}"
|
||||
)
|
||||
assert not self.api_client.has_perm(
|
||||
f"{self.perms[9].content_type.app_label}.{self.perms[9].codename}"
|
||||
)
|
||||
|
||||
def test_has_perms(self):
|
||||
assert self.api_client.has_perms(
|
||||
[
|
||||
f"{self.perms[1].content_type.app_label}.{self.perms[1].codename}",
|
||||
f"{self.perms[2].content_type.app_label}.{self.perms[2].codename}",
|
||||
]
|
||||
)
|
||||
assert not self.api_client.has_perms(
|
||||
[
|
||||
f"{self.perms[1].content_type.app_label}.{self.perms[1].codename}",
|
||||
f"{self.perms[9].content_type.app_label}.{self.perms[9].codename}",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_reset_hmac_key():
|
||||
client = baker.make(ApiClient)
|
||||
original_key = client.hmac_key
|
||||
client.reset_hmac(commit=True)
|
||||
assert len(client.hmac_key) == len(original_key)
|
||||
assert client.hmac_key != original_key
|
||||
114
api/tests/test_third_party_auth.py
Normal file
114
api/tests/test_third_party_auth.py
Normal file
@@ -0,0 +1,114 @@
|
||||
from unittest import mock
|
||||
from unittest.mock import Mock
|
||||
|
||||
from django.db.models import Max
|
||||
from django.test import TestCase
|
||||
from django.urls import reverse
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertRedirects
|
||||
|
||||
from api.models import ApiClient, get_hmac_key
|
||||
from core.baker_recipes import subscriber_user
|
||||
from core.schemas import UserProfileSchema
|
||||
from core.utils import hmac_hexdigest
|
||||
|
||||
|
||||
def mocked_post(*, ok: bool):
|
||||
class MockedResponse(Mock):
|
||||
@property
|
||||
def ok(self):
|
||||
return ok
|
||||
|
||||
def mocked():
|
||||
return MockedResponse()
|
||||
|
||||
return mocked
|
||||
|
||||
|
||||
class TestThirdPartyAuth(TestCase):
|
||||
@classmethod
|
||||
def setUpTestData(cls):
|
||||
cls.user = subscriber_user.make()
|
||||
cls.api_client = baker.make(ApiClient)
|
||||
|
||||
def setUp(self):
|
||||
self.query = {
|
||||
"client_id": self.api_client.id,
|
||||
"third_party_app": "app",
|
||||
"privacy_link": "https://foobar.fr/",
|
||||
"username": "bibou",
|
||||
"callback_url": "https://callback.fr/",
|
||||
}
|
||||
self.query["signature"] = hmac_hexdigest(self.api_client.hmac_key, self.query)
|
||||
self.callback_data = {
|
||||
"user": UserProfileSchema.from_orm(self.user).model_dump()
|
||||
}
|
||||
self.callback_data["signature"] = hmac_hexdigest(
|
||||
self.api_client.hmac_key, self.callback_data["user"]
|
||||
)
|
||||
|
||||
def test_auth_ok(self):
|
||||
self.client.force_login(self.user)
|
||||
res = self.client.get(reverse("api-link:third-party-auth", query=self.query))
|
||||
assert res.status_code == 200
|
||||
with mock.patch("requests.post", new_callable=mocked_post(ok=True)) as mocked:
|
||||
res = self.client.post(
|
||||
reverse("api-link:third-party-auth"),
|
||||
data={"cgu_accepted": True, "is_username_valid": True, **self.query},
|
||||
)
|
||||
mocked.assert_called_once_with(
|
||||
self.query["callback_url"], json=self.callback_data
|
||||
)
|
||||
assertRedirects(
|
||||
res,
|
||||
reverse("api-link:third-party-auth-result", kwargs={"result": "success"}),
|
||||
)
|
||||
|
||||
def test_callback_error(self):
|
||||
"""Test that the user see the failure page if the callback request failed."""
|
||||
self.client.force_login(self.user)
|
||||
with mock.patch("requests.post", new_callable=mocked_post(ok=False)) as mocked:
|
||||
res = self.client.post(
|
||||
reverse("api-link:third-party-auth"),
|
||||
data={"cgu_accepted": True, "is_username_valid": True, **self.query},
|
||||
)
|
||||
mocked.assert_called_once_with(
|
||||
self.query["callback_url"], json=self.callback_data
|
||||
)
|
||||
assertRedirects(
|
||||
res,
|
||||
reverse("api-link:third-party-auth-result", kwargs={"result": "failure"}),
|
||||
)
|
||||
|
||||
def test_wrong_signature(self):
|
||||
"""Test that a 403 is raised if the signature of the query is wrong."""
|
||||
self.client.force_login(subscriber_user.make())
|
||||
new_key = get_hmac_key()
|
||||
del self.query["signature"]
|
||||
self.query["signature"] = hmac_hexdigest(new_key, self.query)
|
||||
res = self.client.get(reverse("api-link:third-party-auth", query=self.query))
|
||||
assert res.status_code == 403
|
||||
|
||||
def test_cgu_not_accepted(self):
|
||||
self.client.force_login(self.user)
|
||||
res = self.client.get(reverse("api-link:third-party-auth", query=self.query))
|
||||
assert res.status_code == 200
|
||||
res = self.client.post(reverse("api-link:third-party-auth"), data=self.query)
|
||||
assert res.status_code == 200 # no redirect means invalid form
|
||||
res = self.client.post(
|
||||
reverse("api-link:third-party-auth"),
|
||||
data={"cgu_accepted": False, "is_username_valid": False, **self.query},
|
||||
)
|
||||
assert res.status_code == 200
|
||||
|
||||
def test_invalid_client(self):
|
||||
self.query["client_id"] = ApiClient.objects.aggregate(res=Max("id"))["res"] + 1
|
||||
res = self.client.get(reverse("api-link:third-party-auth", query=self.query))
|
||||
assert res.status_code == 403
|
||||
|
||||
def test_missing_parameter(self):
|
||||
"""Test that a 403 is raised if there is a missing parameter."""
|
||||
del self.query["username"]
|
||||
self.query["signature"] = hmac_hexdigest(self.api_client.hmac_key, self.query)
|
||||
res = self.client.get(reverse("api-link:third-party-auth", query=self.query))
|
||||
assert res.status_code == 403
|
||||
15
api/urls.py
15
api/urls.py
@@ -1,6 +1,10 @@
|
||||
from django.urls import path, register_converter
|
||||
from ninja.security import SessionAuth
|
||||
from ninja_extra import NinjaExtraAPI
|
||||
|
||||
from api.views import ThirdPartyAuthResultView, ThirdPartyAuthView
|
||||
from core.converters import ResultConverter
|
||||
|
||||
api = NinjaExtraAPI(
|
||||
title="PICON",
|
||||
description="Portail Interactif de Communication avec les Outils Numériques",
|
||||
@@ -9,3 +13,14 @@ api = NinjaExtraAPI(
|
||||
auth=[SessionAuth()],
|
||||
)
|
||||
api.auto_discover_controllers()
|
||||
|
||||
register_converter(ResultConverter, "res")
|
||||
|
||||
urlpatterns = [
|
||||
path("auth/", ThirdPartyAuthView.as_view(), name="third-party-auth"),
|
||||
path(
|
||||
"auth/<res:result>/",
|
||||
ThirdPartyAuthResultView.as_view(),
|
||||
name="third-party-auth-result",
|
||||
),
|
||||
]
|
||||
|
||||
119
api/views.py
Normal file
119
api/views.py
Normal file
@@ -0,0 +1,119 @@
|
||||
import hmac
|
||||
from urllib.parse import unquote
|
||||
|
||||
import pydantic
|
||||
import requests
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.urls import reverse, reverse_lazy
|
||||
from django.utils.translation import gettext as _
|
||||
from django.views.generic import FormView, TemplateView
|
||||
from ninja_extra.shortcuts import get_object_or_none
|
||||
|
||||
from api.forms import ThirdPartyAuthForm
|
||||
from api.models import ApiClient
|
||||
from api.schemas import ThirdPartyAuthParamsSchema
|
||||
from core.models import SithFile
|
||||
from core.schemas import UserProfileSchema
|
||||
from core.utils import hmac_hexdigest
|
||||
|
||||
|
||||
class ThirdPartyAuthView(LoginRequiredMixin, FormView):
|
||||
form_class = ThirdPartyAuthForm
|
||||
template_name = "api/third_party/auth.jinja"
|
||||
success_url = reverse_lazy("core:index")
|
||||
|
||||
def parse_params(self) -> ThirdPartyAuthParamsSchema:
|
||||
"""Parse and check the authentication parameters.
|
||||
|
||||
Raises:
|
||||
PermissionDenied: if the verification failed.
|
||||
"""
|
||||
# This is here rather than in ThirdPartyAuthForm because
|
||||
# the given parameters and their signature are checked during both
|
||||
# POST (for obvious reasons) and GET (in order not to make
|
||||
# the user fill a form just to get an error he won't understand)
|
||||
params = self.request.GET or self.request.POST
|
||||
params = {key: unquote(val) for key, val in params.items()}
|
||||
try:
|
||||
params = ThirdPartyAuthParamsSchema(**params)
|
||||
except pydantic.ValidationError as e:
|
||||
raise PermissionDenied("Wrong data format") from e
|
||||
client: ApiClient = get_object_or_none(ApiClient, id=params.client_id)
|
||||
if not client:
|
||||
raise PermissionDenied
|
||||
if not hmac.compare_digest(
|
||||
hmac_hexdigest(client.hmac_key, params.model_dump(exclude={"signature"})),
|
||||
params.signature,
|
||||
):
|
||||
raise PermissionDenied("Bad signature")
|
||||
return params
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
self.params = self.parse_params()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get(self, *args, **kwargs):
|
||||
messages.warning(
|
||||
self.request,
|
||||
_(
|
||||
"You are going to link your AE account and your %(app)s account. "
|
||||
"Continue only if this page was opened from %(app)s."
|
||||
)
|
||||
% {"app": self.params.third_party_app},
|
||||
)
|
||||
return super().get(*args, **kwargs)
|
||||
|
||||
def get_initial(self):
|
||||
return self.params.model_dump()
|
||||
|
||||
def form_valid(self, form):
|
||||
client = ApiClient.objects.get(id=form.cleaned_data["client_id"])
|
||||
user = UserProfileSchema.from_orm(self.request.user).model_dump()
|
||||
data = {"user": user, "signature": hmac_hexdigest(client.hmac_key, user)}
|
||||
response = requests.post(form.cleaned_data["callback_url"], json=data)
|
||||
self.success_url = reverse(
|
||||
"api-link:third-party-auth-result",
|
||||
kwargs={"result": "success" if response.ok else "failure"},
|
||||
)
|
||||
return super().form_valid(form)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
return super().get_context_data(**kwargs) | {
|
||||
"third_party_app": self.params.third_party_app,
|
||||
"third_party_cgu": self.params.privacy_link,
|
||||
"sith_cgu": SithFile.objects.get(id=settings.SITH_CGU_FILE_ID),
|
||||
}
|
||||
|
||||
|
||||
class ThirdPartyAuthResultView(LoginRequiredMixin, TemplateView):
|
||||
"""View that the user will see if its authentication on sith was successful.
|
||||
|
||||
This can show either a success or a failure message :
|
||||
- success : everything is good, the user is successfully authenticated
|
||||
and can close the page
|
||||
- failure : the authentication has been processed on the sith side,
|
||||
but the request to the callback url received an error.
|
||||
In such a case, there is nothing much we can do but to advice
|
||||
the user to contact the developers of the third-party app.
|
||||
"""
|
||||
|
||||
template_name = "core/base.jinja"
|
||||
success_message = _(
|
||||
"You have been successfully authenticated. You can now close this page."
|
||||
)
|
||||
error_message = _(
|
||||
"Your authentication on the AE website was successful, "
|
||||
"but an error happened during the interaction "
|
||||
"with the third-party application. "
|
||||
"Please contact the managers of the latter."
|
||||
)
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
if self.kwargs.get("result") == "success":
|
||||
messages.success(request, self.success_message)
|
||||
else:
|
||||
messages.error(request, self.error_message)
|
||||
return super().get(request, *args, **kwargs)
|
||||
@@ -14,7 +14,7 @@
|
||||
#
|
||||
from django.contrib import admin
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
|
||||
|
||||
@admin.register(Club)
|
||||
@@ -30,20 +30,6 @@ class ClubAdmin(admin.ModelAdmin):
|
||||
)
|
||||
|
||||
|
||||
@admin.register(ClubRole)
|
||||
class ClubRoleAdmin(admin.ModelAdmin):
|
||||
list_display = ("name", "club", "is_board", "is_presidency")
|
||||
search_fields = ("name",)
|
||||
autocomplete_fields = ("club",)
|
||||
list_select_related = ("club",)
|
||||
list_filter = (
|
||||
"is_board",
|
||||
"is_presidency",
|
||||
("club", admin.RelatedOnlyFieldListFilter),
|
||||
)
|
||||
show_facets = admin.ModelAdmin.show_facets.ALWAYS
|
||||
|
||||
|
||||
@admin.register(Membership)
|
||||
class MembershipAdmin(admin.ModelAdmin):
|
||||
list_display = ("user", "club", "role", "start_date", "end_date")
|
||||
|
||||
@@ -39,8 +39,7 @@ class ClubController(ControllerBase):
|
||||
)
|
||||
def fetch_club(self, club_id: int):
|
||||
prefetch = Prefetch(
|
||||
"members",
|
||||
queryset=Membership.objects.ongoing().select_related("user", "role"),
|
||||
"members", queryset=Membership.objects.ongoing().select_related("user")
|
||||
)
|
||||
return self.get_object_or_exception(
|
||||
Club.objects.prefetch_related(prefetch), id=club_id
|
||||
@@ -62,5 +61,5 @@ class UserClubController(ControllerBase):
|
||||
return (
|
||||
Membership.objects.ongoing()
|
||||
.filter(user=user)
|
||||
.select_related("club", "user", "role")
|
||||
.select_related("club", "user")
|
||||
)
|
||||
|
||||
@@ -23,12 +23,13 @@
|
||||
#
|
||||
|
||||
from django import forms
|
||||
from django.db.models import Exists, OuterRef, Q, QuerySet
|
||||
from django.conf import settings
|
||||
from django.db.models import Exists, OuterRef, Q
|
||||
from django.db.models.functions import Lower
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from club.models import Club, ClubRole, Mailing, MailingSubscription, Membership
|
||||
from club.models import Club, Mailing, MailingSubscription, Membership
|
||||
from core.models import User
|
||||
from core.views.forms import SelectDateTime
|
||||
from core.views.widgets.ajax_select import (
|
||||
@@ -214,7 +215,9 @@ class ClubOldMemberForm(forms.Form):
|
||||
|
||||
def __init__(self, *args, user: User, club: Club, **kwargs):
|
||||
super().__init__(*args, **kwargs)
|
||||
self.fields["members_old"].queryset = club.members.ongoing().editable_by(user)
|
||||
self.fields["members_old"].queryset = (
|
||||
Membership.objects.ongoing().filter(club=club).editable_by(user)
|
||||
)
|
||||
|
||||
|
||||
class ClubMemberForm(forms.ModelForm):
|
||||
@@ -232,14 +235,19 @@ class ClubMemberForm(forms.ModelForm):
|
||||
self.request_user = request_user
|
||||
self.request_user_membership = self.club.get_membership_for(self.request_user)
|
||||
super().__init__(*args, **kwargs)
|
||||
self.fields["role"].queryset = self.available_roles
|
||||
self.fields["role"].required = True
|
||||
self.fields["role"].choices = [
|
||||
(value, name)
|
||||
for value, name in settings.SITH_CLUB_ROLES.items()
|
||||
if value <= self.max_available_role
|
||||
]
|
||||
self.instance.club = club
|
||||
|
||||
@property
|
||||
def available_roles(self) -> QuerySet[ClubRole]:
|
||||
"""The roles that will be obtainable with this form."""
|
||||
def max_available_role(self):
|
||||
"""The greatest role that will be obtainable with this form."""
|
||||
# this is unreachable, because it will be overridden by subclasses
|
||||
return ClubRole.objects.none() # pragma: no cover
|
||||
return -1 # pragma: no cover
|
||||
|
||||
|
||||
class ClubAddMemberForm(ClubMemberForm):
|
||||
@@ -250,22 +258,21 @@ class ClubAddMemberForm(ClubMemberForm):
|
||||
widgets = {"user": AutoCompleteSelectUser}
|
||||
|
||||
@cached_property
|
||||
def available_roles(self):
|
||||
"""The roles that will be obtainable with this form.
|
||||
def max_available_role(self):
|
||||
"""The greatest role that will be obtainable with this form.
|
||||
|
||||
Admins and the club president can attribute any role.
|
||||
Board members can attribute roles lower than their own.
|
||||
Other users cannot attribute roles with this form
|
||||
"""
|
||||
qs = self.club.roles.filter(is_active=True)
|
||||
if self.request_user.has_perm("club.add_membership"):
|
||||
return qs.all()
|
||||
return settings.SITH_CLUB_ROLES_ID["President"]
|
||||
membership = self.request_user_membership
|
||||
if membership is None or not membership.role.is_board:
|
||||
return ClubRole.objects.none()
|
||||
if membership.role.is_presidency:
|
||||
return qs.all()
|
||||
return qs.above_instance(membership.role)
|
||||
if membership is None or membership.role <= settings.SITH_MAXIMUM_FREE_ROLE:
|
||||
return -1
|
||||
if membership.role == settings.SITH_CLUB_ROLES_ID["President"]:
|
||||
return membership.role
|
||||
return membership.role - 1
|
||||
|
||||
def clean_user(self):
|
||||
"""Check that the user is not trying to add a user already in the club.
|
||||
@@ -289,11 +296,13 @@ class JoinClubForm(ClubMemberForm):
|
||||
|
||||
def __init__(self, *args, club: Club, request_user: User, **kwargs):
|
||||
super().__init__(*args, club=club, request_user=request_user, **kwargs)
|
||||
# this form doesn't manage the user who will join the club,
|
||||
# so we must set this here to avoid errors
|
||||
self.instance.user = self.request_user
|
||||
|
||||
@cached_property
|
||||
def available_roles(self):
|
||||
return self.club.roles.filter(is_board=False, is_active=True)
|
||||
def max_available_role(self):
|
||||
return settings.SITH_MAXIMUM_FREE_ROLE
|
||||
|
||||
def clean(self):
|
||||
"""Check that the user is subscribed and isn't already in the club."""
|
||||
|
||||
@@ -2,15 +2,12 @@
|
||||
|
||||
import django.db.models.deletion
|
||||
import django.db.models.functions.datetime
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
from django.db.migrations.state import StateApps
|
||||
from django.db.models import Q
|
||||
from django.utils.timezone import localdate
|
||||
|
||||
# Before the club role rework, the maximum free role
|
||||
# was the hardcoded highest non-board role
|
||||
MAXIMUM_FREE_ROLE = 1
|
||||
|
||||
|
||||
def migrate_meta_groups(apps: StateApps, schema_editor):
|
||||
"""Attach the existing meta groups to the clubs.
|
||||
@@ -49,7 +46,10 @@ def migrate_meta_groups(apps: StateApps, schema_editor):
|
||||
).select_related("user")
|
||||
club.members_group.users.set([m.user for m in memberships])
|
||||
club.board_group.users.set(
|
||||
[m.user for m in memberships.filter(role__gt=MAXIMUM_FREE_ROLE)]
|
||||
[
|
||||
m.user
|
||||
for m in memberships.filter(role__gt=settings.SITH_MAXIMUM_FREE_ROLE)
|
||||
]
|
||||
)
|
||||
|
||||
|
||||
|
||||
@@ -1,138 +0,0 @@
|
||||
# Generated by Django 5.2.3 on 2025-06-21 21:59
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
from django.db.migrations.state import StateApps
|
||||
from django.db.models import Case, When
|
||||
|
||||
PRESIDENCY_ROLES = [10, 9]
|
||||
MAXIMUM_FREE_ROLE = 1
|
||||
SITH_CLUB_ROLES = {
|
||||
10: "Président⸱e",
|
||||
9: "Vice-Président⸱e",
|
||||
7: "Trésorier⸱e",
|
||||
5: "Responsable communication",
|
||||
4: "Secrétaire",
|
||||
3: "Responsable info",
|
||||
2: "Membre du bureau",
|
||||
1: "Membre actif⸱ve",
|
||||
0: "Curieux⸱euse",
|
||||
}
|
||||
|
||||
|
||||
def migrate_roles(apps: StateApps, schema_editor):
|
||||
ClubRole = apps.get_model("club", "ClubRole")
|
||||
Membership = apps.get_model("club", "Membership")
|
||||
|
||||
updates = []
|
||||
for club_id, role in Membership.objects.values_list("club", "role").distinct():
|
||||
new_role = ClubRole.objects.create(
|
||||
name=SITH_CLUB_ROLES[role],
|
||||
is_board=role > MAXIMUM_FREE_ROLE,
|
||||
is_presidency=role in PRESIDENCY_ROLES,
|
||||
club_id=club_id,
|
||||
order=max(SITH_CLUB_ROLES) - role,
|
||||
)
|
||||
updates.append(When(role=role, then=new_role.id))
|
||||
# all updates must happen at the same time
|
||||
# otherwise, the 10 first created ClubRole would be
|
||||
# re-modified after their initial creation, and it would
|
||||
# result in an incoherent state.
|
||||
# To avoid that, all updates are wrapped in a single giant Case(When) statement
|
||||
# cf. https://docs.djangoproject.com/fr/stable/ref/models/conditional-expressions/#conditional-update
|
||||
Membership.objects.update(role=Case(*updates))
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
("club", "0014_alter_club_options_rename_unix_name_club_slug_name_and_more"),
|
||||
("core", "0047_alter_notification_date_alter_notification_type"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="club",
|
||||
name="page",
|
||||
field=models.OneToOneField(
|
||||
blank=True,
|
||||
on_delete=django.db.models.deletion.PROTECT,
|
||||
related_name="club",
|
||||
to="core.page",
|
||||
),
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name="ClubRole",
|
||||
fields=[
|
||||
(
|
||||
"id",
|
||||
models.AutoField(
|
||||
auto_created=True,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
verbose_name="ID",
|
||||
),
|
||||
),
|
||||
(
|
||||
"order",
|
||||
models.PositiveIntegerField(
|
||||
db_index=True, editable=False, verbose_name="order"
|
||||
),
|
||||
),
|
||||
(
|
||||
"club",
|
||||
models.ForeignKey(
|
||||
help_text="The club with which this role is associated",
|
||||
on_delete=django.db.models.deletion.CASCADE,
|
||||
related_name="roles",
|
||||
to="club.club",
|
||||
verbose_name="club",
|
||||
),
|
||||
),
|
||||
("name", models.CharField(max_length=50, verbose_name="name")),
|
||||
(
|
||||
"description",
|
||||
models.TextField(
|
||||
default="", blank=True, verbose_name="description"
|
||||
),
|
||||
),
|
||||
(
|
||||
"is_board",
|
||||
models.BooleanField(default=False, verbose_name="Board role"),
|
||||
),
|
||||
(
|
||||
"is_presidency",
|
||||
models.BooleanField(default=False, verbose_name="Presidency role"),
|
||||
),
|
||||
(
|
||||
"is_active",
|
||||
models.BooleanField(
|
||||
default=True,
|
||||
help_text=(
|
||||
"If the role is inactive, people joining the club "
|
||||
"won't be able to get it."
|
||||
),
|
||||
verbose_name="is active",
|
||||
),
|
||||
),
|
||||
],
|
||||
options={
|
||||
"ordering": ("order",),
|
||||
"verbose_name": "club role",
|
||||
"verbose_name_plural": "club roles",
|
||||
},
|
||||
),
|
||||
migrations.AddConstraint(
|
||||
model_name="clubrole",
|
||||
constraint=models.CheckConstraint(
|
||||
condition=models.Q(
|
||||
("is_presidency", False), ("is_board", True), _connector="OR"
|
||||
),
|
||||
name="clubrole_presidency_implies_board",
|
||||
),
|
||||
),
|
||||
migrations.RunPython(migrate_roles, migrations.RunPython.noop),
|
||||
# because Postgres migrations run in a single transaction,
|
||||
# we cannot change the actual values of Membership.role
|
||||
# and apply the FOREIGN KEY constraint in the same migration.
|
||||
# The constraint is created in the next migration
|
||||
]
|
||||
@@ -1,25 +0,0 @@
|
||||
# Generated by Django 5.2.3 on 2025-09-27 09:57
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [("club", "0015_clubrole_alter_membership_role")]
|
||||
|
||||
operations = [
|
||||
# because Postgres migrations run in a single transaction,
|
||||
# we cannot change the actual values of Membership.role
|
||||
# and apply the FOREIGN KEY constraint in the same migration.
|
||||
# The data migration was made in the previous migration.
|
||||
migrations.AlterField(
|
||||
model_name="membership",
|
||||
name="role",
|
||||
field=models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.PROTECT,
|
||||
related_name="members",
|
||||
to="club.clubrole",
|
||||
verbose_name="role",
|
||||
),
|
||||
),
|
||||
]
|
||||
138
club/models.py
138
club/models.py
@@ -29,14 +29,14 @@ from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist, ValidationError
|
||||
from django.core.validators import RegexValidator, validate_email
|
||||
from django.db import models, transaction
|
||||
from django.db.models import Exists, F, OuterRef, Q
|
||||
from django.db.models import Exists, F, OuterRef, Q, Value
|
||||
from django.db.models.functions import Greatest
|
||||
from django.urls import reverse
|
||||
from django.utils import timezone
|
||||
from django.utils.functional import cached_property
|
||||
from django.utils.text import slugify
|
||||
from django.utils.timezone import localdate
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from ordered_model.models import OrderedModel
|
||||
|
||||
from core.fields import ResizedImageField
|
||||
from core.models import Group, Notification, Page, SithFile, User
|
||||
@@ -89,7 +89,7 @@ class Club(models.Model):
|
||||
on_delete=models.SET_NULL,
|
||||
)
|
||||
page = models.OneToOneField(
|
||||
Page, related_name="club", blank=True, on_delete=models.PROTECT
|
||||
Page, related_name="club", blank=True, on_delete=models.CASCADE
|
||||
)
|
||||
members_group = models.OneToOneField(
|
||||
Group, related_name="club", on_delete=models.PROTECT
|
||||
@@ -138,7 +138,9 @@ class Club(models.Model):
|
||||
@cached_property
|
||||
def president(self) -> Membership | None:
|
||||
"""Fetch the membership of the current president of this club."""
|
||||
return self.members.filter(end_date=None).order_by("role__order").first()
|
||||
return self.members.filter(
|
||||
role=settings.SITH_CLUB_ROLES_ID["President"], end_date=None
|
||||
).first()
|
||||
|
||||
def check_loop(self):
|
||||
"""Raise a validation error when a loop is found within the parent list."""
|
||||
@@ -206,9 +208,7 @@ class Club(models.Model):
|
||||
|
||||
@cached_property
|
||||
def current_members(self) -> list[Membership]:
|
||||
return list(
|
||||
self.members.ongoing().select_related("user", "role").order_by("-role")
|
||||
)
|
||||
return list(self.members.ongoing().select_related("user").order_by("-role"))
|
||||
|
||||
def get_membership_for(self, user: User) -> Membership | None:
|
||||
"""Return the current membership of the given user."""
|
||||
@@ -220,91 +220,6 @@ class Club(models.Model):
|
||||
return user.is_in_group(pk=self.board_group_id)
|
||||
|
||||
|
||||
class ClubRole(OrderedModel):
|
||||
club = models.ForeignKey(
|
||||
Club,
|
||||
verbose_name=_("club"),
|
||||
help_text=_("The club with which this role is associated"),
|
||||
related_name="roles",
|
||||
on_delete=models.CASCADE,
|
||||
)
|
||||
name = models.CharField(_("name"), max_length=50)
|
||||
description = models.TextField(_("description"), blank=True, default="")
|
||||
is_board = models.BooleanField(_("Board role"), default=False)
|
||||
is_presidency = models.BooleanField(_("Presidency role"), default=False)
|
||||
is_active = models.BooleanField(
|
||||
_("is active"),
|
||||
default=True,
|
||||
help_text=_(
|
||||
"If the role is inactive, people joining the club won't be able to get it."
|
||||
),
|
||||
)
|
||||
|
||||
order_with_respect_to = "club"
|
||||
|
||||
class Meta(OrderedModel.Meta):
|
||||
verbose_name = _("club role")
|
||||
verbose_name_plural = _("club roles")
|
||||
abstract = False
|
||||
constraints = [
|
||||
# presidency IMPLIES board <=> NOT presidency OR board
|
||||
# cf. MT1 :)
|
||||
models.CheckConstraint(
|
||||
condition=Q(is_presidency=False) | Q(is_board=True),
|
||||
name="clubrole_presidency_implies_board",
|
||||
)
|
||||
]
|
||||
|
||||
def __str__(self):
|
||||
return self.name
|
||||
|
||||
def get_display_name(self):
|
||||
return f"{self.name} - {self.club.name}"
|
||||
|
||||
def get_absolute_url(self):
|
||||
return reverse("club:club_roles", kwargs={"club_id": self.club_id})
|
||||
|
||||
def clean(self):
|
||||
errors = []
|
||||
if self.is_presidency and not self.is_board:
|
||||
errors.append(
|
||||
ValidationError(
|
||||
_(
|
||||
"Role %(name)s was declared as a presidency role "
|
||||
"without being a board role"
|
||||
)
|
||||
% {"name": self.name}
|
||||
)
|
||||
)
|
||||
if (
|
||||
self.is_board
|
||||
and self.order
|
||||
and self.club.roles.filter(is_board=False, order__lt=self.order).exists()
|
||||
):
|
||||
errors.append(
|
||||
ValidationError(
|
||||
_("Board role %(role)s cannot be placed below a member role")
|
||||
% {"role": self.name}
|
||||
)
|
||||
)
|
||||
if errors:
|
||||
raise ValidationError(errors)
|
||||
return super().clean()
|
||||
|
||||
def save(self, *args, **kwargs):
|
||||
auto_order = self.order is None and self.is_board
|
||||
if not auto_order:
|
||||
super().save(*args, **kwargs)
|
||||
return
|
||||
filters = Q(is_board=False)
|
||||
if self.is_presidency:
|
||||
filters |= Q(is_board=True, is_presidency=False)
|
||||
next_role = self.club.roles.filter(filters).order_by("order").first()
|
||||
super().save(*args, **kwargs)
|
||||
if next_role:
|
||||
self.above(next_role)
|
||||
|
||||
|
||||
class MembershipQuerySet(models.QuerySet):
|
||||
def ongoing(self) -> Self:
|
||||
"""Filter all memberships which are not finished yet."""
|
||||
@@ -317,10 +232,9 @@ class MembershipQuerySet(models.QuerySet):
|
||||
are included, even if there are no more members.
|
||||
|
||||
If you want to get the users who are currently in the board,
|
||||
mind combining this with the [MembershipQuerySet.ongoing][]
|
||||
queryset method
|
||||
mind combining this with the `ongoing` queryset method
|
||||
"""
|
||||
return self.filter(role__is_board=True)
|
||||
return self.filter(role__gt=settings.SITH_MAXIMUM_FREE_ROLE)
|
||||
|
||||
def editable_by(self, user: User) -> Self:
|
||||
"""Filter Memberships that this user can edit.
|
||||
@@ -343,16 +257,21 @@ class MembershipQuerySet(models.QuerySet):
|
||||
"""
|
||||
if user.has_perm("club.change_membership"):
|
||||
return self.all()
|
||||
return self.ongoing().filter(
|
||||
return self.filter(
|
||||
Q(user=user)
|
||||
| Exists(
|
||||
Membership.objects.ongoing().filter(
|
||||
Membership.objects.filter(
|
||||
Q(
|
||||
role__gt=Greatest(
|
||||
OuterRef("role"), Value(settings.SITH_MAXIMUM_FREE_ROLE)
|
||||
)
|
||||
),
|
||||
user=user,
|
||||
end_date=None,
|
||||
club=OuterRef("club"),
|
||||
role__is_board=True,
|
||||
role__order__lt=OuterRef("role__order"),
|
||||
)
|
||||
)
|
||||
),
|
||||
end_date=None,
|
||||
)
|
||||
|
||||
def update(self, **kwargs) -> int:
|
||||
@@ -422,11 +341,10 @@ class Membership(models.Model):
|
||||
)
|
||||
start_date = models.DateField(_("start date"), default=timezone.now)
|
||||
end_date = models.DateField(_("end date"), null=True, blank=True)
|
||||
role = models.ForeignKey(
|
||||
ClubRole,
|
||||
verbose_name=_("role"),
|
||||
related_name="members",
|
||||
on_delete=models.PROTECT,
|
||||
role = models.IntegerField(
|
||||
_("role"),
|
||||
choices=sorted(settings.SITH_CLUB_ROLES.items()),
|
||||
default=sorted(settings.SITH_CLUB_ROLES.items())[0][0],
|
||||
)
|
||||
description = models.CharField(
|
||||
_("description"), max_length=128, null=False, blank=True
|
||||
@@ -444,7 +362,7 @@ class Membership(models.Model):
|
||||
def __str__(self):
|
||||
return (
|
||||
f"{self.club.name} - {self.user.username} "
|
||||
f"- {self.role.name} "
|
||||
f"- {settings.SITH_CLUB_ROLES[self.role]} "
|
||||
f"- {str(_('past member')) if self.end_date is not None else ''}"
|
||||
)
|
||||
|
||||
@@ -473,11 +391,7 @@ class Membership(models.Model):
|
||||
if user.is_root or user.is_board_member:
|
||||
return True
|
||||
membership = self.club.get_membership_for(user)
|
||||
if not membership:
|
||||
return False
|
||||
return membership.user_id == user.id or (
|
||||
membership.is_board and membership.role.order < self.role.order
|
||||
)
|
||||
return membership is not None and membership.role >= self.role
|
||||
|
||||
def delete(self, *args, **kwargs):
|
||||
self._remove_club_groups([self])
|
||||
@@ -553,7 +467,7 @@ class Membership(models.Model):
|
||||
group_id=membership.club.members_group_id,
|
||||
)
|
||||
)
|
||||
if membership.role.is_board:
|
||||
if membership.role > settings.SITH_MAXIMUM_FREE_ROLE:
|
||||
club_groups.append(
|
||||
User.groups.through(
|
||||
user_id=membership.user_id,
|
||||
|
||||
@@ -3,7 +3,7 @@ from typing import Annotated
|
||||
from django.db.models import Q
|
||||
from ninja import FilterLookup, FilterSchema, ModelSchema
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.schemas import NonEmptyStr, SimpleUserSchema
|
||||
|
||||
|
||||
@@ -39,21 +39,14 @@ class ClubProfileSchema(ModelSchema):
|
||||
return obj.get_absolute_url()
|
||||
|
||||
|
||||
class ClubRoleSchema(ModelSchema):
|
||||
class Meta:
|
||||
model = ClubRole
|
||||
fields = ["id", "name", "is_presidency", "is_board"]
|
||||
|
||||
|
||||
class ClubMemberSchema(ModelSchema):
|
||||
"""A schema to represent all memberships in a club."""
|
||||
|
||||
class Meta:
|
||||
model = Membership
|
||||
fields = ["start_date", "end_date", "description"]
|
||||
fields = ["start_date", "end_date", "role", "description"]
|
||||
|
||||
user: SimpleUserSchema
|
||||
role: ClubRoleSchema
|
||||
|
||||
|
||||
class ClubSchema(ModelSchema):
|
||||
@@ -69,7 +62,6 @@ class UserMembershipSchema(ModelSchema):
|
||||
|
||||
class Meta:
|
||||
model = Membership
|
||||
fields = ["id", "start_date", "description"]
|
||||
fields = ["id", "start_date", "role", "description"]
|
||||
|
||||
club: SimpleClubSchema
|
||||
role: ClubRoleSchema
|
||||
|
||||
@@ -45,7 +45,7 @@
|
||||
{% for m in members %}
|
||||
<tr>
|
||||
<td>{{ user_profile_link(m.user) }}</td>
|
||||
<td>{{ m.role.name }}</td>
|
||||
<td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
|
||||
<td>{{ m.description }}</td>
|
||||
<td>{{ m.start_date }}</td>
|
||||
{%- if can_end_membership -%}
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
{% for member in old_members %}
|
||||
<tr>
|
||||
<td>{{ user_profile_link(member.user) }}</td>
|
||||
<td>{{ member.role.name }}</td>
|
||||
<td>{{ settings.SITH_CLUB_ROLES[member.role] }}</td>
|
||||
<td>{{ member.description }}</td>
|
||||
<td>{{ member.start_date }}</td>
|
||||
<td>{{ member.end_date }}</td>
|
||||
|
||||
@@ -8,7 +8,7 @@ from django.utils.timezone import now
|
||||
from model_bakery import baker
|
||||
from model_bakery.recipe import Recipe
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.baker_recipes import old_subscriber_user, subscriber_user
|
||||
from core.models import User
|
||||
|
||||
@@ -43,11 +43,6 @@ class TestClub(TestCase):
|
||||
|
||||
cls.ae = Club.objects.get(pk=settings.SITH_MAIN_CLUB_ID)
|
||||
cls.club = baker.make(Club)
|
||||
cls.president_role = baker.make(
|
||||
ClubRole, club=cls.club, is_board=True, is_presidency=True, order=0
|
||||
)
|
||||
cls.board_role = baker.make(ClubRole, club=cls.club, is_board=True, order=1)
|
||||
cls.member_role = baker.make(ClubRole, club=cls.club, order=2)
|
||||
cls.new_members_url = reverse(
|
||||
"club:club_new_members", kwargs={"club_id": cls.club.id}
|
||||
)
|
||||
@@ -56,17 +51,12 @@ class TestClub(TestCase):
|
||||
yesterday = now() - timedelta(days=1)
|
||||
membership_recipe = Recipe(Membership, club=cls.club)
|
||||
membership_recipe.make(
|
||||
user=cls.simple_board_member, start_date=a_month_ago, role=cls.board_role
|
||||
)
|
||||
membership_recipe.make(user=cls.richard, role=cls.member_role)
|
||||
membership_recipe.make(
|
||||
user=cls.president, start_date=a_month_ago, role=cls.president_role
|
||||
user=cls.simple_board_member, start_date=a_month_ago, role=3
|
||||
)
|
||||
membership_recipe.make(user=cls.richard, role=1)
|
||||
membership_recipe.make(user=cls.president, start_date=a_month_ago, role=10)
|
||||
membership_recipe.make( # sli was a member but isn't anymore
|
||||
user=cls.sli,
|
||||
start_date=a_month_ago,
|
||||
end_date=yesterday,
|
||||
role=cls.board_role,
|
||||
user=cls.sli, start_date=a_month_ago, end_date=yesterday, role=2
|
||||
)
|
||||
|
||||
def setUp(self):
|
||||
|
||||
@@ -5,7 +5,7 @@ from django.utils.timezone import localdate
|
||||
from model_bakery import baker
|
||||
from model_bakery.recipe import Recipe
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.baker_recipes import subscriber_user
|
||||
|
||||
|
||||
@@ -16,19 +16,11 @@ def test_club_queryset_having_board_member():
|
||||
membership_recipe = Recipe(
|
||||
Membership, user=user, start_date=localdate() - timedelta(days=3)
|
||||
)
|
||||
membership_recipe.make(club=clubs[0], role=1)
|
||||
membership_recipe.make(club=clubs[1], role=3)
|
||||
membership_recipe.make(club=clubs[2], role=7)
|
||||
membership_recipe.make(
|
||||
club=clubs[0], role=baker.make(ClubRole, club=clubs[0], is_board=False)
|
||||
)
|
||||
membership_recipe.make(
|
||||
club=clubs[1], role=baker.make(ClubRole, club=clubs[1], is_board=True)
|
||||
)
|
||||
membership_recipe.make(
|
||||
club=clubs[2], role=baker.make(ClubRole, club=clubs[2], is_board=True)
|
||||
)
|
||||
membership_recipe.make(
|
||||
club=clubs[3],
|
||||
role=baker.make(ClubRole, club=clubs[3], is_board=True),
|
||||
end_date=localdate() - timedelta(days=1),
|
||||
club=clubs[3], role=3, end_date=localdate() - timedelta(days=1)
|
||||
)
|
||||
|
||||
club_ids = Club.objects.having_board_member(user).values_list("id", flat=True)
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
from datetime import date, timedelta
|
||||
|
||||
import pytest
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import Permission
|
||||
from django.test import Client, TestCase
|
||||
from django.urls import reverse
|
||||
@@ -9,7 +8,7 @@ from model_bakery import baker
|
||||
from model_bakery.recipe import Recipe
|
||||
from pytest_django.asserts import assertNumQueries
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.baker_recipes import subscriber_user
|
||||
from core.models import Group, Page, User
|
||||
|
||||
@@ -27,10 +26,8 @@ class TestClubSearch(TestCase):
|
||||
"id", flat=True
|
||||
)
|
||||
)
|
||||
Membership.objects.all().delete()
|
||||
ClubRole.objects.all().delete()
|
||||
Page.objects.exclude(club=None).delete()
|
||||
Club.objects.all().delete()
|
||||
Page.objects.exclude(name=settings.SITH_CLUB_ROOT_PAGE).delete()
|
||||
Group.objects.filter(id__in=groups).delete()
|
||||
|
||||
cls.clubs = baker.make(
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
import pytest
|
||||
from model_bakery import baker, seq
|
||||
from model_bakery.recipe import Recipe
|
||||
|
||||
from club.models import Club, ClubRole
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_order_auto():
|
||||
"""Test that newly created roles are put in the right place."""
|
||||
club = baker.make(Club)
|
||||
recipe = Recipe(ClubRole, club=club, name=seq("role "))
|
||||
# bulk create initial roles
|
||||
roles = recipe.make(
|
||||
is_board=iter([True, True, False]),
|
||||
is_presidency=iter([True, False, False]),
|
||||
order=iter([1, 2, 3]),
|
||||
_quantity=3,
|
||||
_bulk_create=True,
|
||||
)
|
||||
# then create the remaining roles one by one (like they will be in prod)
|
||||
# each new role should be placed at the end of its category
|
||||
role_a = recipe.make(is_board=True, is_presidency=True, order=None)
|
||||
role_b = recipe.make(is_board=True, is_presidency=False, order=None)
|
||||
role_c = recipe.make(is_board=False, is_presidency=False, order=None)
|
||||
assert list(club.roles.order_by("order")) == [
|
||||
roles[0],
|
||||
role_a,
|
||||
roles[1],
|
||||
role_b,
|
||||
roles[2],
|
||||
role_c,
|
||||
]
|
||||
@@ -4,7 +4,7 @@ from django.urls import reverse
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertRedirects
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.baker_recipes import subscriber_user
|
||||
|
||||
|
||||
@@ -12,12 +12,7 @@ from core.baker_recipes import subscriber_user
|
||||
def test_club_board_member_cannot_edit_club_properties(client: Client):
|
||||
user = subscriber_user.make()
|
||||
club = baker.make(Club, name="old name", is_active=True, address="old address")
|
||||
baker.make(
|
||||
Membership,
|
||||
club=club,
|
||||
user=user,
|
||||
role=baker.make(ClubRole, club=club, is_board=True),
|
||||
)
|
||||
baker.make(Membership, club=club, user=user, role=7)
|
||||
client.force_login(user)
|
||||
res = client.post(
|
||||
reverse("club:club_edit", kwargs={"club_id": club.id}),
|
||||
@@ -37,12 +32,7 @@ def test_edit_club_page_doesnt_crash(client: Client):
|
||||
"""crash test for club:club_edit"""
|
||||
club = baker.make(Club)
|
||||
user = subscriber_user.make()
|
||||
baker.make(
|
||||
Membership,
|
||||
club=club,
|
||||
user=user,
|
||||
role=baker.make(ClubRole, club=club, is_board=True),
|
||||
)
|
||||
baker.make(Membership, club=club, user=user, role=3)
|
||||
client.force_login(user)
|
||||
res = client.get(reverse("club:club_edit", kwargs={"club_id": club.id}))
|
||||
assert res.status_code == 200
|
||||
|
||||
@@ -3,10 +3,9 @@ from django.test import TestCase
|
||||
from django.urls import reverse
|
||||
from django.utils import timezone
|
||||
from django.utils.translation import gettext as _
|
||||
from model_bakery import baker
|
||||
|
||||
from club.forms import MailingForm
|
||||
from club.models import Club, ClubRole, Mailing, Membership
|
||||
from club.models import Club, Mailing, Membership
|
||||
from core.models import User
|
||||
|
||||
|
||||
@@ -26,7 +25,7 @@ class TestMailingForm(TestCase):
|
||||
user=cls.rbatsbak,
|
||||
club=cls.club,
|
||||
start_date=timezone.now(),
|
||||
role=baker.make(ClubRole, club=cls.club, is_board=True),
|
||||
role=settings.SITH_CLUB_ROLES_ID["Board member"],
|
||||
).save()
|
||||
|
||||
def test_mailing_list_add_no_moderation(self):
|
||||
|
||||
@@ -1,20 +1,20 @@
|
||||
import itertools
|
||||
from collections.abc import Callable
|
||||
from datetime import timedelta
|
||||
|
||||
import pytest
|
||||
from bs4 import BeautifulSoup
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import Permission
|
||||
from django.core.cache import cache
|
||||
from django.db.models import Max
|
||||
from django.test import Client, TestCase
|
||||
from django.urls import reverse
|
||||
from django.utils.timezone import localdate, localtime, now
|
||||
from model_bakery import baker, seq
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertRedirects
|
||||
|
||||
from club.forms import ClubAddMemberForm, JoinClubForm
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from club.tests.base import TestClub
|
||||
from core.baker_recipes import subscriber_user
|
||||
from core.models import AnonymousUser, User
|
||||
@@ -75,22 +75,17 @@ class TestMembershipQuerySet(TestClub):
|
||||
def test_update_change_club_groups(self):
|
||||
"""Test that `update` set the user groups accordingly."""
|
||||
user = baker.make(User)
|
||||
board_role, member_role = baker.make(
|
||||
ClubRole, is_board=iter([True, False]), _quantity=2, _bulk_create=True
|
||||
)
|
||||
membership = baker.make(
|
||||
Membership, end_date=None, user=user, role=board_role, club=board_role.club
|
||||
)
|
||||
membership = baker.make(Membership, end_date=None, user=user, role=5)
|
||||
members_group = membership.club.members_group
|
||||
board_group = membership.club.board_group
|
||||
assert user.groups.contains(members_group)
|
||||
assert user.groups.contains(board_group)
|
||||
|
||||
user.memberships.update(role=member_role) # from board to simple member
|
||||
user.memberships.update(role=1) # from board to simple member
|
||||
assert user.groups.contains(members_group)
|
||||
assert not user.groups.contains(board_group)
|
||||
|
||||
user.memberships.update(role=board_role) # from member to board
|
||||
user.memberships.update(role=5) # from member to board
|
||||
assert user.groups.contains(members_group)
|
||||
assert user.groups.contains(board_group)
|
||||
|
||||
@@ -101,17 +96,7 @@ class TestMembershipQuerySet(TestClub):
|
||||
def test_delete_remove_from_groups(self):
|
||||
"""Test that `delete` removes from club groups"""
|
||||
user = baker.make(User)
|
||||
club = baker.make(Club)
|
||||
roles = baker.make(
|
||||
ClubRole,
|
||||
is_board=iter([False, True]),
|
||||
club=club,
|
||||
_quantity=2,
|
||||
_bulk_create=True,
|
||||
)
|
||||
memberships = baker.make(
|
||||
Membership, club=club, role=iter(roles), user=user, _quantity=2
|
||||
)
|
||||
memberships = baker.make(Membership, role=iter([1, 5]), user=user, _quantity=2)
|
||||
club_groups = {
|
||||
memberships[0].club.members_group,
|
||||
memberships[1].club.members_group,
|
||||
@@ -127,20 +112,13 @@ class TestMembershipEditableBy(TestCase):
|
||||
def setUpTestData(cls):
|
||||
Membership.objects.all().delete()
|
||||
cls.club_a, cls.club_b = baker.make(Club, _quantity=2)
|
||||
roles = baker.make(
|
||||
ClubRole,
|
||||
is_presidency=itertools.cycle([True, False, False, False]),
|
||||
is_board=itertools.cycle([True, True, True, False]),
|
||||
order=itertools.cycle(range(4)),
|
||||
club=iter(
|
||||
[*itertools.repeat(cls.club_a, 4), *itertools.repeat(cls.club_b, 4)]
|
||||
),
|
||||
_quantity=8,
|
||||
_bulk_create=True,
|
||||
)
|
||||
cls.memberships = [
|
||||
*baker.make(Membership, role=iter(roles[:4]), club=cls.club_a, _quantity=4),
|
||||
*baker.make(Membership, role=iter(roles[4:]), club=cls.club_b, _quantity=4),
|
||||
*baker.make(
|
||||
Membership, role=iter([7, 3, 3, 1]), club=cls.club_a, _quantity=4
|
||||
),
|
||||
*baker.make(
|
||||
Membership, role=iter([7, 3, 3, 1]), club=cls.club_b, _quantity=4
|
||||
),
|
||||
]
|
||||
|
||||
def test_admin_user(self):
|
||||
@@ -162,7 +140,7 @@ class TestMembershipEditableBy(TestCase):
|
||||
|
||||
|
||||
class TestMembership(TestClub):
|
||||
def assert_membership_started_today(self, user: User, role: ClubRole):
|
||||
def assert_membership_started_today(self, user: User, role: int):
|
||||
"""Assert that the given membership is active and started today."""
|
||||
membership = user.memberships.ongoing().filter(club=self.club).first()
|
||||
assert membership is not None
|
||||
@@ -211,27 +189,21 @@ class TestMembership(TestClub):
|
||||
"Marquer comme ancien",
|
||||
]
|
||||
rows = table.find("tbody").find_all("tr")
|
||||
memberships = (
|
||||
self.club.members.ongoing()
|
||||
.order_by("role__order")
|
||||
.select_related("user", "role")
|
||||
)
|
||||
user_role = ClubRole.objects.get(members__user=self.simple_board_member)
|
||||
for row, membership in zip(rows, memberships, strict=False):
|
||||
memberships = self.club.members.ongoing().order_by("-role")
|
||||
for row, membership in zip(
|
||||
rows, memberships.select_related("user"), strict=False
|
||||
):
|
||||
user = membership.user
|
||||
user_url = reverse("core:user_profile", args=[user.id])
|
||||
cols = row.find_all("td")
|
||||
user_link = cols[0].find("a")
|
||||
assert user_link.attrs["href"] == user_url
|
||||
assert user_link.text == user.get_display_name()
|
||||
assert cols[1].text == membership.role.name
|
||||
assert cols[1].text == settings.SITH_CLUB_ROLES[membership.role]
|
||||
assert cols[2].text == membership.description
|
||||
assert cols[3].text == str(membership.start_date)
|
||||
|
||||
if (
|
||||
membership.role.order > user_role.order
|
||||
or membership.user_id == self.simple_board_member.id
|
||||
):
|
||||
if membership.role < 3 or membership.user_id == self.simple_board_member.id:
|
||||
# 3 is the role of simple_board_member
|
||||
form_input = cols[4].find("input")
|
||||
expected_attrs = {
|
||||
@@ -247,15 +219,14 @@ class TestMembership(TestClub):
|
||||
"""Test that root users can add members to clubs"""
|
||||
self.client.force_login(self.root)
|
||||
response = self.client.post(
|
||||
self.new_members_url,
|
||||
{"user": self.subscriber.id, "role": self.board_role.id},
|
||||
self.new_members_url, {"user": self.subscriber.id, "role": 3}
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert response.headers.get("HX-Redirect", "") == reverse(
|
||||
"club:club_members", kwargs={"club_id": self.club.id}
|
||||
)
|
||||
self.subscriber.refresh_from_db()
|
||||
self.assert_membership_started_today(self.subscriber, role=self.board_role)
|
||||
self.assert_membership_started_today(self.subscriber, role=3)
|
||||
|
||||
def test_add_unauthorized_members(self):
|
||||
"""Test that users who are not currently subscribed
|
||||
@@ -263,7 +234,7 @@ class TestMembership(TestClub):
|
||||
"""
|
||||
for user in self.public, self.old_subscriber:
|
||||
form = ClubAddMemberForm(
|
||||
data={"user": user.id, "role": self.member_role},
|
||||
data={"user": user.id, "role": 1},
|
||||
request_user=self.root,
|
||||
club=self.club,
|
||||
)
|
||||
@@ -284,7 +255,7 @@ class TestMembership(TestClub):
|
||||
nb_memberships = self.simple_board_member.memberships.count()
|
||||
self.client.post(
|
||||
self.members_url,
|
||||
{"users": self.simple_board_member.id, "role": self.member_role},
|
||||
{"users": self.simple_board_member.id, "role": current_membership.role + 1},
|
||||
)
|
||||
self.simple_board_member.refresh_from_db()
|
||||
assert nb_memberships == self.simple_board_member.memberships.count()
|
||||
@@ -303,7 +274,7 @@ class TestMembership(TestClub):
|
||||
max_id = User.objects.aggregate(id=Max("id"))["id"]
|
||||
for members in [max_id + 1], [max_id + 1, self.subscriber.id]:
|
||||
form = ClubAddMemberForm(
|
||||
data={"user": members, "role": self.member_role},
|
||||
data={"user": members, "role": 1},
|
||||
request_user=self.root,
|
||||
club=self.club,
|
||||
)
|
||||
@@ -317,6 +288,44 @@ class TestMembership(TestClub):
|
||||
self.club.refresh_from_db()
|
||||
assert self.club.members.count() == nb_memberships
|
||||
|
||||
def test_president_add_members(self):
|
||||
"""Test that the president of the club can add members."""
|
||||
president = self.club.members.get(role=10).user
|
||||
nb_club_membership = self.club.members.count()
|
||||
nb_subscriber_memberships = self.subscriber.memberships.count()
|
||||
self.client.force_login(president)
|
||||
response = self.client.post(
|
||||
self.new_members_url, {"user": self.subscriber.id, "role": 9}
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert response.headers.get("HX-Redirect", "") == reverse(
|
||||
"club:club_members", kwargs={"club_id": self.club.id}
|
||||
)
|
||||
self.club.refresh_from_db()
|
||||
self.subscriber.refresh_from_db()
|
||||
assert self.club.members.count() == nb_club_membership + 1
|
||||
assert self.subscriber.memberships.count() == nb_subscriber_memberships + 1
|
||||
self.assert_membership_started_today(self.subscriber, role=9)
|
||||
|
||||
def test_add_member_greater_role(self):
|
||||
"""Test that a member of the club member cannot create
|
||||
a membership with a greater role than its own.
|
||||
"""
|
||||
form = ClubAddMemberForm(
|
||||
data={"user": self.subscriber.id, "role": 10},
|
||||
request_user=self.simple_board_member,
|
||||
club=self.club,
|
||||
)
|
||||
nb_memberships = self.club.members.count()
|
||||
|
||||
assert not form.is_valid()
|
||||
assert form.errors == {
|
||||
"role": ["Sélectionnez un choix valide. 10 n\u2019en fait pas partie."]
|
||||
}
|
||||
self.club.refresh_from_db()
|
||||
assert nb_memberships == self.club.members.count()
|
||||
assert not self.subscriber.memberships.filter(club=self.club).exists()
|
||||
|
||||
def test_add_member_without_role(self):
|
||||
"""Test that trying to add members without specifying their role fails."""
|
||||
form = ClubAddMemberForm(
|
||||
@@ -327,9 +336,8 @@ class TestMembership(TestClub):
|
||||
assert form.errors == {"role": ["Ce champ est obligatoire."]}
|
||||
|
||||
def test_add_member_already_there(self):
|
||||
role = ClubRole.objects.get(members__user=self.simple_board_member)
|
||||
form = ClubAddMemberForm(
|
||||
data={"user": self.simple_board_member, "role": role.id},
|
||||
data={"user": self.simple_board_member, "role": 3},
|
||||
request_user=self.root,
|
||||
club=self.club,
|
||||
)
|
||||
@@ -340,27 +348,22 @@ class TestMembership(TestClub):
|
||||
|
||||
def test_add_other_member_forbidden(self):
|
||||
non_member = subscriber_user.make()
|
||||
simple_member = baker.make(
|
||||
Membership, club=self.club, role=self.member_role
|
||||
).user
|
||||
simple_member = baker.make(Membership, club=self.club, role=1).user
|
||||
for user in non_member, simple_member:
|
||||
form = ClubAddMemberForm(
|
||||
data={"user": subscriber_user.make(), "role": self.member_role.id},
|
||||
data={"user": subscriber_user.make(), "role": 1},
|
||||
request_user=user,
|
||||
club=self.club,
|
||||
)
|
||||
assert not form.is_valid()
|
||||
assert form.errors == {
|
||||
"role": [
|
||||
"Sélectionnez un choix valide. "
|
||||
"Ce choix ne fait pas partie de ceux disponibles."
|
||||
]
|
||||
"role": ["Sélectionnez un choix valide. 1 n\u2019en fait pas partie."]
|
||||
}
|
||||
|
||||
def test_simple_members_dont_see_form_anymore(self):
|
||||
"""Test that simple club members don't see the form to add members"""
|
||||
user = subscriber_user.make()
|
||||
baker.make(Membership, club=self.club, user=user, role=self.member_role)
|
||||
baker.make(Membership, club=self.club, user=user, role=1)
|
||||
self.client.force_login(user)
|
||||
res = self.client.get(self.members_url)
|
||||
assert res.status_code == 200
|
||||
@@ -379,10 +382,9 @@ class TestMembership(TestClub):
|
||||
"""Test that board members of the club can end memberships
|
||||
of users with lower roles.
|
||||
"""
|
||||
# reminder : simple_board_member has role 3
|
||||
self.client.force_login(self.simple_board_member)
|
||||
role = baker.make(ClubRole, club=self.club, is_board=True)
|
||||
role.below(self.board_role)
|
||||
membership = baker.make(Membership, club=self.club, role=role)
|
||||
membership = baker.make(Membership, club=self.club, role=2, end_date=None)
|
||||
response = self.client.post(self.members_url, {"members_old": [membership.id]})
|
||||
self.assertRedirects(response, self.members_url)
|
||||
self.club.refresh_from_db()
|
||||
@@ -392,9 +394,7 @@ class TestMembership(TestClub):
|
||||
"""Test that board members of the club cannot end memberships
|
||||
of users with higher roles.
|
||||
"""
|
||||
membership = self.president.memberships.filter(
|
||||
club=self.club, end_date=None
|
||||
).first()
|
||||
membership = self.president.memberships.filter(club=self.club).first()
|
||||
self.client.force_login(self.simple_board_member)
|
||||
self.client.post(self.members_url, {"members_old": [membership.id]})
|
||||
self.club.refresh_from_db()
|
||||
@@ -436,9 +436,7 @@ class TestMembership(TestClub):
|
||||
def test_remove_from_club_group(self):
|
||||
"""Test that when a membership ends, the user is removed from club groups."""
|
||||
user = baker.make(User)
|
||||
baker.make(
|
||||
Membership, user=user, club=self.club, end_date=None, role=self.board_role
|
||||
)
|
||||
baker.make(Membership, user=user, club=self.club, end_date=None, role=3)
|
||||
assert user.groups.contains(self.club.members_group)
|
||||
assert user.groups.contains(self.club.board_group)
|
||||
user.memberships.update(end_date=localdate())
|
||||
@@ -449,20 +447,18 @@ class TestMembership(TestClub):
|
||||
"""Test that when a membership begins, the user is added to the club group."""
|
||||
assert not self.subscriber.groups.contains(self.club.members_group)
|
||||
assert not self.subscriber.groups.contains(self.club.board_group)
|
||||
baker.make(
|
||||
Membership, club=self.club, user=self.subscriber, role=self.board_role
|
||||
)
|
||||
baker.make(Membership, club=self.club, user=self.subscriber, role=3)
|
||||
assert self.subscriber.groups.contains(self.club.members_group)
|
||||
assert self.subscriber.groups.contains(self.club.board_group)
|
||||
|
||||
def test_change_position_in_club(self):
|
||||
"""Test that when moving from board to members, club group change"""
|
||||
membership = baker.make(
|
||||
Membership, club=self.club, user=self.subscriber, role=self.board_role
|
||||
Membership, club=self.club, user=self.subscriber, role=3
|
||||
)
|
||||
assert self.subscriber.groups.contains(self.club.members_group)
|
||||
assert self.subscriber.groups.contains(self.club.board_group)
|
||||
membership.role = self.member_role
|
||||
membership.role = 1
|
||||
membership.save()
|
||||
assert self.subscriber.groups.contains(self.club.members_group)
|
||||
assert not self.subscriber.groups.contains(self.club.board_group)
|
||||
@@ -475,11 +471,7 @@ class TestMembership(TestClub):
|
||||
|
||||
# make sli a board member
|
||||
self.sli.memberships.all().delete()
|
||||
Membership(
|
||||
club=self.ae,
|
||||
user=self.sli,
|
||||
role=baker.make(ClubRole, club=self.ae, is_board=True),
|
||||
).save()
|
||||
Membership(club=self.ae, user=self.sli, role=3).save()
|
||||
assert self.club.is_owned_by(self.sli)
|
||||
|
||||
def test_change_club_name(self):
|
||||
@@ -505,7 +497,7 @@ class TestMembership(TestClub):
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_membership_set_old(client: Client):
|
||||
membership = baker.make(Membership, end_date=None, user=subscriber_user.make())
|
||||
membership = baker.make(Membership, end_date=None, user=(subscriber_user.make()))
|
||||
client.force_login(membership.user)
|
||||
response = client.post(
|
||||
reverse("club:membership_set_old", kwargs={"membership_id": membership.id})
|
||||
@@ -532,50 +524,6 @@ def test_membership_delete(client: Client):
|
||||
assert not Membership.objects.filter(id=membership.id).exists()
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
class TestAddMemberForm(TestCase):
|
||||
@classmethod
|
||||
def setUpTestData(cls):
|
||||
cls.club = baker.make(Club)
|
||||
cls.roles = baker.make(
|
||||
ClubRole,
|
||||
club=cls.club,
|
||||
is_board=iter([True, True, True, True, False, False]),
|
||||
is_presidency=iter([True, True, False, False, False, False]),
|
||||
order=seq(0),
|
||||
_quantity=6,
|
||||
_bulk_create=True,
|
||||
)
|
||||
cls.roles[-1].is_active = False
|
||||
cls.roles[-1].save()
|
||||
|
||||
def test_admin(self):
|
||||
"""Test that admin users can give any active role."""
|
||||
user = baker.make(
|
||||
User, user_permissions=[Permission.objects.get(codename="add_membership")]
|
||||
)
|
||||
form = ClubAddMemberForm(request_user=user, club=self.club)
|
||||
assert list(form.fields["role"].queryset) == self.roles[:-1]
|
||||
|
||||
def test_president(self):
|
||||
"""Test that someone with a presidency role can give any active role."""
|
||||
user = baker.make(Membership, club=self.club, role=self.roles[0]).user
|
||||
form = ClubAddMemberForm(request_user=user, club=self.club)
|
||||
assert list(form.fields["role"].queryset) == self.roles[:-1]
|
||||
|
||||
def test_board_member(self):
|
||||
"""Test that someone with a board role can give lower active role."""
|
||||
user = baker.make(Membership, club=self.club, role=self.roles[2]).user
|
||||
form = ClubAddMemberForm(request_user=user, club=self.club)
|
||||
assert list(form.fields["role"].queryset) == self.roles[3:-1]
|
||||
|
||||
def test_simple_member(self):
|
||||
"""Test that someone with a non-board role cannot give roles."""
|
||||
user = baker.make(Membership, club=self.club, role=self.roles[4]).user
|
||||
form = ClubAddMemberForm(request_user=user, club=self.club)
|
||||
assert list(form.fields["role"].queryset) == []
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
class TestJoinClub:
|
||||
@pytest.fixture(autouse=True)
|
||||
@@ -583,64 +531,55 @@ class TestJoinClub:
|
||||
cache.clear()
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
("user_factory", "board_role", "errors"),
|
||||
("user_factory", "role", "errors"),
|
||||
[
|
||||
(
|
||||
subscriber_user.make,
|
||||
True,
|
||||
2,
|
||||
{
|
||||
"role": [
|
||||
"Sélectionnez un choix valide. "
|
||||
"Ce choix ne fait pas partie de ceux disponibles."
|
||||
"Sélectionnez un choix valide. 2 n\u2019en fait pas partie."
|
||||
]
|
||||
},
|
||||
),
|
||||
(
|
||||
lambda: baker.make(User),
|
||||
False,
|
||||
1,
|
||||
{"__all__": ["Vous devez être cotisant pour faire partie d'un club"]},
|
||||
),
|
||||
],
|
||||
)
|
||||
def test_join_club_errors(
|
||||
self, user_factory: Callable[[], User], board_role, errors: dict
|
||||
self, user_factory: Callable[[], User], role: int, errors: dict
|
||||
):
|
||||
club = baker.make(Club)
|
||||
user = user_factory()
|
||||
role = baker.make(ClubRole, club=club, is_board=board_role)
|
||||
form = JoinClubForm(club=club, request_user=user, data={"role": role.id})
|
||||
form = JoinClubForm(club=club, request_user=user, data={"role": role})
|
||||
assert not form.is_valid()
|
||||
assert form.errors == errors
|
||||
|
||||
def test_user_already_in_club(self):
|
||||
club = baker.make(Club)
|
||||
user = subscriber_user.make()
|
||||
role = baker.make(ClubRole, is_board=False)
|
||||
baker.make(Membership, user=user, club=role.club)
|
||||
form = JoinClubForm(club=role.club, request_user=user, data={"role": role.id})
|
||||
baker.make(Membership, user=user, club=club)
|
||||
form = JoinClubForm(club=club, request_user=user, data={"role": 1})
|
||||
assert not form.is_valid()
|
||||
assert form.errors == {"__all__": ["Vous êtes déjà membre de ce club."]}
|
||||
|
||||
def test_ok(self):
|
||||
club = baker.make(Club)
|
||||
user = subscriber_user.make()
|
||||
role = baker.make(ClubRole, is_board=False)
|
||||
form = JoinClubForm(club=role.club, request_user=user, data={"role": role.id})
|
||||
form = JoinClubForm(club=club, request_user=user, data={"role": 1})
|
||||
assert form.is_valid()
|
||||
form.save()
|
||||
assert Membership.objects.ongoing().filter(user=user, club=role.club).exists()
|
||||
assert Membership.objects.ongoing().filter(user=user, club=club).exists()
|
||||
|
||||
|
||||
class TestOldMembersView(TestCase):
|
||||
@classmethod
|
||||
def setUpTestData(cls):
|
||||
club = baker.make(Club)
|
||||
roles = baker.make(
|
||||
ClubRole,
|
||||
club=club,
|
||||
is_board=itertools.cycle([True, True, False]),
|
||||
order=seq(0),
|
||||
_quantity=10,
|
||||
_bulk_create=True,
|
||||
)
|
||||
roles = [1, 1, 1, 2, 2, 4, 4, 5, 7, 9, 10]
|
||||
cls.memberships = baker.make(
|
||||
Membership,
|
||||
role=iter(roles),
|
||||
@@ -665,11 +604,3 @@ class TestOldMembersView(TestCase):
|
||||
self.client.force_login(baker.make(User))
|
||||
res = self.client.get(self.url)
|
||||
assert res.status_code == 403
|
||||
|
||||
def test_context_data(self):
|
||||
# mark a membership as not ended, to make sure it is excluded from the result
|
||||
self.memberships[0].end_date = None
|
||||
self.memberships[0].save()
|
||||
self.client.force_login(subscriber_user.make())
|
||||
res = self.client.get(self.url)
|
||||
assert list(res.context_data.get("old_members")) == self.memberships[1:]
|
||||
|
||||
@@ -5,7 +5,7 @@ from django.urls import reverse
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertHTMLEqual, assertRedirects
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.baker_recipes import subscriber_user
|
||||
from core.markdown import markdown
|
||||
from core.models import PageRev, User
|
||||
@@ -59,12 +59,7 @@ def test_page_revision(client: Client):
|
||||
def test_edit_page(client: Client):
|
||||
club = baker.make(Club)
|
||||
user = subscriber_user.make()
|
||||
baker.make(
|
||||
Membership,
|
||||
user=user,
|
||||
club=club,
|
||||
role=baker.make(ClubRole, club=club, is_board=True),
|
||||
)
|
||||
baker.make(Membership, user=user, club=club, role=3)
|
||||
client.force_login(user)
|
||||
url = reverse("club:club_edit_page", kwargs={"club_id": club.id})
|
||||
content = "# foo\nLorem ipsum dolor sit amet"
|
||||
|
||||
@@ -6,7 +6,7 @@ from django.utils.timezone import localdate
|
||||
from model_bakery import baker
|
||||
from model_bakery.recipe import Recipe
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from club.schemas import UserMembershipSchema
|
||||
from core.baker_recipes import subscriber_user
|
||||
from core.models import Page
|
||||
@@ -19,10 +19,7 @@ class TestFetchClub(TestCase):
|
||||
pages = baker.make(Page, _quantity=3, _bulk_create=True)
|
||||
clubs = baker.make(Club, page=iter(pages), _quantity=3, _bulk_create=True)
|
||||
recipe = Recipe(
|
||||
Membership,
|
||||
user=cls.user,
|
||||
start_date=localdate() - timedelta(days=2),
|
||||
role=baker.make(ClubRole),
|
||||
Membership, user=cls.user, start_date=localdate() - timedelta(days=2)
|
||||
)
|
||||
cls.members = Membership.objects.bulk_create(
|
||||
[
|
||||
|
||||
@@ -28,6 +28,7 @@ import csv
|
||||
import itertools
|
||||
from typing import TYPE_CHECKING, Any
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.core.exceptions import NON_FIELD_ERRORS, PermissionDenied, ValidationError
|
||||
@@ -317,7 +318,7 @@ class ClubMembersView(
|
||||
membership = self.object.get_membership_for(self.request.user)
|
||||
if (
|
||||
membership
|
||||
and not membership.role.is_board
|
||||
and membership.role <= settings.SITH_MAXIMUM_FREE_ROLE
|
||||
and not self.request.user.has_perm("club.add_membership")
|
||||
):
|
||||
# Simple club members won't see the form anymore.
|
||||
@@ -342,8 +343,8 @@ class ClubMembersView(
|
||||
kwargs["members"] = list(
|
||||
self.object.members.ongoing()
|
||||
.annotate(is_editable=Q(id__in=editable))
|
||||
.order_by("role__order")
|
||||
.select_related("user", "role")
|
||||
.order_by("-role")
|
||||
.select_related("user")
|
||||
)
|
||||
kwargs["can_end_membership"] = len(editable) > 0
|
||||
return kwargs
|
||||
@@ -371,8 +372,8 @@ class ClubOldMembersView(ClubTabsMixin, PermissionRequiredMixin, DetailView):
|
||||
return super().get_context_data(**kwargs) | {
|
||||
"old_members": (
|
||||
self.object.members.exclude(end_date=None)
|
||||
.order_by("role__order", "description", "-end_date")
|
||||
.select_related("user", "role")
|
||||
.order_by("-role", "description", "-end_date")
|
||||
.select_related("user")
|
||||
)
|
||||
}
|
||||
|
||||
@@ -723,7 +724,9 @@ class MailingAutoGenerationView(View):
|
||||
def get(self, request, *args, **kwargs):
|
||||
club = self.mailing.club
|
||||
self.mailing.subscriptions.all().delete()
|
||||
members = club.members.ongoing().filter(role__is_board=True)
|
||||
members = club.members.filter(
|
||||
role__gte=settings.SITH_CLUB_ROLES_ID["Board member"]
|
||||
).exclude(end_date__lte=timezone.now())
|
||||
for member in members.all():
|
||||
MailingSubscription(user=member.user, mailing=self.mailing).save()
|
||||
return redirect("club:mailing", club_id=club.id)
|
||||
|
||||
@@ -28,7 +28,7 @@ from django.utils.translation import gettext as _
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertNumQueries, assertRedirects
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from com.models import News, NewsDate, Poster, Sith, Weekmail, WeekmailArticle
|
||||
from core.baker_recipes import subscriber_user
|
||||
from core.models import AnonymousUser, Group, User
|
||||
@@ -214,8 +214,7 @@ class TestNewsCreation(TestCase):
|
||||
def setUpTestData(cls):
|
||||
cls.club = baker.make(Club)
|
||||
cls.user = subscriber_user.make()
|
||||
role = baker.make(ClubRole, club=cls.club, is_board=True)
|
||||
baker.make(Membership, user=cls.user, club=cls.club, role=role)
|
||||
baker.make(Membership, user=cls.user, club=cls.club, role=5)
|
||||
|
||||
def setUp(self):
|
||||
self.client.force_login(self.user)
|
||||
|
||||
@@ -503,7 +503,7 @@ class WeekmailArticleCreateView(CreateView):
|
||||
self.object = form.instance
|
||||
form.is_valid() # Valid a first time to populate club field
|
||||
m = form.instance.club.get_membership_for(request.user)
|
||||
if m is None or not m.role.is_board:
|
||||
if m is None or m.role <= settings.SITH_MAXIMUM_FREE_ROLE:
|
||||
form.add_error(
|
||||
"club",
|
||||
ValidationError(
|
||||
|
||||
@@ -4,9 +4,9 @@ from dateutil.relativedelta import relativedelta
|
||||
from django.conf import settings
|
||||
from django.utils.timezone import localdate, now
|
||||
from model_bakery import seq
|
||||
from model_bakery.recipe import Recipe, foreign_key, related
|
||||
from model_bakery.recipe import Recipe, related
|
||||
|
||||
from club.models import ClubRole, Membership
|
||||
from club.models import Membership
|
||||
from core.models import Group, User
|
||||
from subscription.models import Subscription
|
||||
|
||||
@@ -52,9 +52,7 @@ ae_board_membership = Recipe(
|
||||
Membership,
|
||||
start_date=now() - timedelta(days=30),
|
||||
club_id=settings.SITH_MAIN_CLUB_ID,
|
||||
role=foreign_key(
|
||||
Recipe(ClubRole, club_id=settings.SITH_MAIN_CLUB_ID, is_board=True)
|
||||
),
|
||||
role=settings.SITH_CLUB_ROLES_ID["Board member"],
|
||||
)
|
||||
|
||||
board_user = Recipe(
|
||||
|
||||
@@ -1,19 +1,16 @@
|
||||
class FourDigitYearConverter:
|
||||
regex = "[0-9]{4}"
|
||||
from django.urls.converters import IntConverter, StringConverter
|
||||
|
||||
def to_python(self, value):
|
||||
return int(value)
|
||||
|
||||
class FourDigitYearConverter(IntConverter):
|
||||
regex = "[0-9]{4}"
|
||||
|
||||
def to_url(self, value):
|
||||
return str(value).zfill(4)
|
||||
|
||||
|
||||
class TwoDigitMonthConverter:
|
||||
class TwoDigitMonthConverter(IntConverter):
|
||||
regex = "[0-9]{2}"
|
||||
|
||||
def to_python(self, value):
|
||||
return int(value)
|
||||
|
||||
def to_url(self, value):
|
||||
return str(value).zfill(2)
|
||||
|
||||
@@ -28,3 +25,9 @@ class BooleanStringConverter:
|
||||
|
||||
def to_url(self, value):
|
||||
return str(value)
|
||||
|
||||
|
||||
class ResultConverter(StringConverter):
|
||||
"""Converter whose regex match either "success" or "failure"."""
|
||||
|
||||
regex = "(success|failure)"
|
||||
|
||||
@@ -28,6 +28,7 @@ from typing import ClassVar, NamedTuple
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import Permission
|
||||
from django.contrib.sites.models import Site
|
||||
from django.core.files.base import ContentFile
|
||||
from django.core.management import call_command
|
||||
from django.core.management.base import BaseCommand
|
||||
from django.db import connection
|
||||
@@ -36,7 +37,7 @@ from django.utils import timezone
|
||||
from django.utils.timezone import localdate
|
||||
from PIL import Image
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from com.ics_calendar import IcsCalendar
|
||||
from com.models import News, NewsDate, Sith, Weekmail
|
||||
from core.models import BanGroup, Group, Page, PageRev, SithFile, User
|
||||
@@ -62,13 +63,6 @@ class PopulatedGroups(NamedTuple):
|
||||
campus_admin: Group
|
||||
|
||||
|
||||
class PopulatedClubs(NamedTuple):
|
||||
ae: Club
|
||||
troll: Club
|
||||
pdf: Club
|
||||
refound: Club
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
ROOT_PATH: ClassVar[Path] = Path(__file__).parent.parent.parent.parent
|
||||
SAS_FIXTURE_PATH: ClassVar[Path] = (
|
||||
@@ -111,23 +105,47 @@ class Command(BaseCommand):
|
||||
)
|
||||
self.profiles_root = SithFile.objects.create(name="profiles", owner=root)
|
||||
home_root = SithFile.objects.create(name="users", owner=root)
|
||||
club_root = SithFile.objects.create(name="clubs", owner=root)
|
||||
sas = SithFile.objects.create(name="SAS", owner=root)
|
||||
SithFile.objects.create(
|
||||
name="CGU",
|
||||
is_folder=False,
|
||||
file=ContentFile(
|
||||
content="Conditions générales d'utilisation", name="cgu.txt"
|
||||
),
|
||||
owner=root,
|
||||
)
|
||||
|
||||
# Page needed for club creation
|
||||
p = Page(name=settings.SITH_CLUB_ROOT_PAGE)
|
||||
p.save(force_lock=True)
|
||||
|
||||
club_root = SithFile.objects.create(name="clubs", owner=root)
|
||||
sas = SithFile.objects.create(name="SAS", owner=root)
|
||||
clubs = self._create_clubs()
|
||||
main_club = Club.objects.create(
|
||||
id=1, name="AE", address="6 Boulevard Anatole France, 90000 Belfort"
|
||||
)
|
||||
main_club.board_group.permissions.add(
|
||||
*Permission.objects.filter(
|
||||
codename__in=[
|
||||
"view_subscription",
|
||||
"add_subscription",
|
||||
"view_hidden_user",
|
||||
]
|
||||
)
|
||||
)
|
||||
bar_club = Club.objects.create(
|
||||
id=settings.SITH_PDF_CLUB_ID,
|
||||
name="PdF",
|
||||
address="6 Boulevard Anatole France, 90000 Belfort",
|
||||
)
|
||||
|
||||
self.reset_index("club")
|
||||
for bar_id, bar_name in settings.SITH_COUNTER_BARS:
|
||||
Counter(id=bar_id, name=bar_name, club=clubs.pdf, type="BAR").save()
|
||||
Counter(id=bar_id, name=bar_name, club=bar_club, type="BAR").save()
|
||||
self.reset_index("counter")
|
||||
counters = [
|
||||
Counter(name="Eboutic", club=clubs.ae, type="EBOUTIC"),
|
||||
Counter(name="AE", club=clubs.ae, type="OFFICE"),
|
||||
Counter(name="Vidage comptes AE", club=clubs.ae, type="OFFICE"),
|
||||
Counter(name="Eboutic", club=main_club, type="EBOUTIC"),
|
||||
Counter(name="AE", club=main_club, type="OFFICE"),
|
||||
Counter(name="Vidage comptes AE", club=main_club, type="OFFICE"),
|
||||
]
|
||||
Counter.objects.bulk_create(counters)
|
||||
bar_groups = []
|
||||
@@ -310,41 +328,54 @@ class Command(BaseCommand):
|
||||
self._create_subscription(tutu)
|
||||
StudentCard(uid="9A89B82018B0A0", customer=sli.customer).save()
|
||||
|
||||
Membership.objects.create(
|
||||
user=skia, club=clubs.ae, role=clubs.ae.roles.get(name="Respo Info")
|
||||
# Clubs
|
||||
Club.objects.create(
|
||||
name="Bibo'UT", address="46 de la Boustifaille", parent=main_club
|
||||
)
|
||||
guyut = Club.objects.create(
|
||||
name="Guy'UT", address="42 de la Boustifaille", parent=main_club
|
||||
)
|
||||
Club.objects.create(name="Woenzel'UT", address="Woenzel", parent=guyut)
|
||||
troll = Club.objects.create(
|
||||
name="Troll Penché", address="Terre Du Milieu", parent=main_club
|
||||
)
|
||||
refound = Club.objects.create(
|
||||
name="Carte AE", address="Jamais imprimée", parent=main_club
|
||||
)
|
||||
|
||||
Membership.objects.create(user=skia, club=main_club, role=3)
|
||||
Membership.objects.create(
|
||||
user=comunity,
|
||||
club=clubs.pdf,
|
||||
club=bar_club,
|
||||
start_date=localdate(),
|
||||
role=clubs.pdf.roles.get(name="Membre du bureau"),
|
||||
role=settings.SITH_CLUB_ROLES_ID["Board member"],
|
||||
)
|
||||
Membership.objects.create(
|
||||
user=sli,
|
||||
club=clubs.troll,
|
||||
role=clubs.troll.roles.get(name="Vice-Président⸱e"),
|
||||
club=troll,
|
||||
role=9,
|
||||
description="Padawan Troll",
|
||||
start_date=localdate() - timedelta(days=17),
|
||||
)
|
||||
Membership.objects.create(
|
||||
user=krophil,
|
||||
club=clubs.troll,
|
||||
role=clubs.troll.roles.get(name="Président⸱e"),
|
||||
club=troll,
|
||||
role=10,
|
||||
description="Maitre Troll",
|
||||
start_date=localdate() - timedelta(days=200),
|
||||
)
|
||||
Membership.objects.create(
|
||||
user=skia,
|
||||
club=clubs.troll,
|
||||
role=clubs.troll.roles.get(name="Membre du bureau"),
|
||||
club=troll,
|
||||
role=2,
|
||||
description="Grand Ancien Troll",
|
||||
start_date=localdate() - timedelta(days=400),
|
||||
end_date=localdate() - timedelta(days=86),
|
||||
)
|
||||
Membership.objects.create(
|
||||
user=richard,
|
||||
club=clubs.troll,
|
||||
role=clubs.troll.roles.get(name="Membre du bureau"),
|
||||
club=troll,
|
||||
role=2,
|
||||
description="",
|
||||
start_date=localdate() - timedelta(days=200),
|
||||
end_date=localdate() - timedelta(days=100),
|
||||
@@ -361,7 +392,7 @@ class Command(BaseCommand):
|
||||
purchase_price="15",
|
||||
selling_price="15",
|
||||
special_selling_price="15",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
)
|
||||
cotis2 = Product.objects.create(
|
||||
name="Cotis 2 semestres",
|
||||
@@ -370,7 +401,7 @@ class Command(BaseCommand):
|
||||
purchase_price="28",
|
||||
selling_price="28",
|
||||
special_selling_price="28",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
)
|
||||
refill = Product.objects.create(
|
||||
name="Rechargement 15 €",
|
||||
@@ -379,7 +410,7 @@ class Command(BaseCommand):
|
||||
purchase_price="15",
|
||||
selling_price="15",
|
||||
special_selling_price="15",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
)
|
||||
barb = Product.objects.create(
|
||||
name="Barbar",
|
||||
@@ -388,7 +419,7 @@ class Command(BaseCommand):
|
||||
purchase_price="1.50",
|
||||
selling_price="1.7",
|
||||
special_selling_price="1.6",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
limit_age=18,
|
||||
)
|
||||
cble = Product.objects.create(
|
||||
@@ -398,7 +429,7 @@ class Command(BaseCommand):
|
||||
purchase_price="1.50",
|
||||
selling_price="1.7",
|
||||
special_selling_price="1.6",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
limit_age=18,
|
||||
)
|
||||
cons = Product.objects.create(
|
||||
@@ -408,7 +439,7 @@ class Command(BaseCommand):
|
||||
purchase_price="1",
|
||||
selling_price="1",
|
||||
special_selling_price="1",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
)
|
||||
dcons = Product.objects.create(
|
||||
name="Déconsigne Eco-cup",
|
||||
@@ -417,7 +448,7 @@ class Command(BaseCommand):
|
||||
purchase_price="-1",
|
||||
selling_price="-1",
|
||||
special_selling_price="-1",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
)
|
||||
cors = Product.objects.create(
|
||||
name="Corsendonk",
|
||||
@@ -426,7 +457,7 @@ class Command(BaseCommand):
|
||||
purchase_price="1.50",
|
||||
selling_price="1.7",
|
||||
special_selling_price="1.6",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
limit_age=18,
|
||||
)
|
||||
carolus = Product.objects.create(
|
||||
@@ -436,7 +467,7 @@ class Command(BaseCommand):
|
||||
purchase_price="1.50",
|
||||
selling_price="1.7",
|
||||
special_selling_price="1.6",
|
||||
club=clubs.ae,
|
||||
club=main_club,
|
||||
limit_age=18,
|
||||
)
|
||||
Product.objects.create(
|
||||
@@ -445,7 +476,7 @@ class Command(BaseCommand):
|
||||
purchase_price="0",
|
||||
selling_price="0",
|
||||
special_selling_price="0",
|
||||
club=clubs.refound,
|
||||
club=refound,
|
||||
)
|
||||
groups.subscribers.products.add(
|
||||
cotis, cotis2, refill, barb, cble, cors, carolus
|
||||
@@ -458,7 +489,7 @@ class Command(BaseCommand):
|
||||
eboutic = Counter.objects.get(name="Eboutic")
|
||||
eboutic.products.add(barb, cotis, cotis2, refill)
|
||||
|
||||
Counter.objects.create(name="Carte AE", club=clubs.refound, type="OFFICE")
|
||||
Counter.objects.create(name="Carte AE", club=refound, type="OFFICE")
|
||||
|
||||
ReturnableProduct.objects.create(
|
||||
product=cons, returned_product=dcons, max_return=3
|
||||
@@ -482,7 +513,7 @@ class Command(BaseCommand):
|
||||
end_date="7942-06-12 10:28:45+01",
|
||||
)
|
||||
el.view_groups.add(groups.public)
|
||||
el.edit_groups.add(clubs.ae.board_group)
|
||||
el.edit_groups.add(main_club.board_group)
|
||||
el.candidature_groups.add(groups.subscribers)
|
||||
el.vote_groups.add(groups.subscribers)
|
||||
liste = ElectionList.objects.create(title="Candidature Libre", election=el)
|
||||
@@ -555,7 +586,7 @@ class Command(BaseCommand):
|
||||
title="Apero barman",
|
||||
summary="Viens boire un coup avec les barmans",
|
||||
content="Glou glou glou glou glou glou glou",
|
||||
club=clubs.pdf,
|
||||
club=bar_club,
|
||||
author=subscriber,
|
||||
is_published=True,
|
||||
moderator=skia,
|
||||
@@ -573,7 +604,7 @@ class Command(BaseCommand):
|
||||
content=(
|
||||
"Viens donc t'enjailler avec les autres barmans aux frais du BdF! \\o/"
|
||||
),
|
||||
club=clubs.pdf,
|
||||
club=bar_club,
|
||||
author=subscriber,
|
||||
is_published=True,
|
||||
moderator=skia,
|
||||
@@ -589,7 +620,7 @@ class Command(BaseCommand):
|
||||
title="Repas fromager",
|
||||
summary="Wien manger du l'bon fromeug'",
|
||||
content="Fô viendre mangey d'la bonne fondue!",
|
||||
club=clubs.pdf,
|
||||
club=bar_club,
|
||||
author=subscriber,
|
||||
is_published=True,
|
||||
moderator=skia,
|
||||
@@ -605,7 +636,7 @@ class Command(BaseCommand):
|
||||
title="SdF",
|
||||
summary="Enjoy la fin des finaux!",
|
||||
content="Viens faire la fête avec tout plein de gens!",
|
||||
club=clubs.pdf,
|
||||
club=bar_club,
|
||||
author=subscriber,
|
||||
is_published=True,
|
||||
moderator=skia,
|
||||
@@ -623,7 +654,7 @@ class Command(BaseCommand):
|
||||
summary="Viens jouer!",
|
||||
content="Rejoins la fine équipe du Troll Penché et viens "
|
||||
"t'amuser le Vendredi soir!",
|
||||
club=clubs.troll,
|
||||
club=troll,
|
||||
author=subscriber,
|
||||
is_published=True,
|
||||
moderator=skia,
|
||||
@@ -760,57 +791,6 @@ class Command(BaseCommand):
|
||||
)
|
||||
s.save()
|
||||
|
||||
def _create_clubs(self) -> PopulatedClubs:
|
||||
ae = Club.objects.create(
|
||||
id=1, name="AE", address="6 Boulevard Anatole France, 90000 Belfort"
|
||||
)
|
||||
ae.board_group.permissions.add(
|
||||
*Permission.objects.filter(
|
||||
codename__in=[
|
||||
"view_subscription",
|
||||
"add_subscription",
|
||||
"add_membership",
|
||||
"view_hidden_user",
|
||||
]
|
||||
)
|
||||
)
|
||||
pdf = Club.objects.create(
|
||||
id=settings.SITH_PDF_CLUB_ID,
|
||||
name="PdF",
|
||||
address="6 Boulevard Anatole France, 90000 Belfort",
|
||||
)
|
||||
troll = Club.objects.create(
|
||||
name="Troll Penché", address="Terre Du Milieu", parent=ae
|
||||
)
|
||||
refound = Club.objects.create(
|
||||
name="Carte AE", address="Jamais imprimée", parent=ae
|
||||
)
|
||||
roles = []
|
||||
presidency_roles = ["Président⸱e", "Vice-Président⸱e"]
|
||||
board_roles = [
|
||||
"Trésorier⸱e",
|
||||
"Secrétaire",
|
||||
"Respo Info",
|
||||
"Respo Com",
|
||||
"Membre du bureau",
|
||||
]
|
||||
simple_roles = ["Membre actif⸱ve", "Curieux⸱euse"]
|
||||
for club in ae, pdf, troll, refound:
|
||||
for i, role in enumerate(presidency_roles):
|
||||
roles.append(
|
||||
ClubRole(
|
||||
club=club, order=i, name=role, is_presidency=True, is_board=True
|
||||
)
|
||||
)
|
||||
for i, role in enumerate(board_roles, start=len(presidency_roles)):
|
||||
roles.append(ClubRole(club=club, order=i, name=role, is_board=True))
|
||||
for i, role in enumerate(
|
||||
simple_roles, start=len(presidency_roles) + len(board_roles)
|
||||
):
|
||||
roles.append(ClubRole(club=club, order=i, name=role))
|
||||
ClubRole.objects.bulk_create(roles)
|
||||
return PopulatedClubs(ae=ae, troll=troll, pdf=pdf, refound=refound)
|
||||
|
||||
def _create_groups(self) -> PopulatedGroups:
|
||||
perms = Permission.objects.all()
|
||||
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import math
|
||||
import random
|
||||
from datetime import date, timedelta
|
||||
from datetime import timezone as tz
|
||||
@@ -11,7 +12,7 @@ from django.db.models import Count, Exists, Min, OuterRef, Subquery
|
||||
from django.utils.timezone import localdate, make_aware, now
|
||||
from faker import Faker
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.models import Group, User, UserBan
|
||||
from counter.models import (
|
||||
Counter,
|
||||
@@ -34,12 +35,17 @@ class Command(BaseCommand):
|
||||
super().__init__(*args, **kwargs)
|
||||
self.faker = Faker("fr_FR")
|
||||
|
||||
def add_arguments(self, parser):
|
||||
parser.add_argument(
|
||||
"-n", "--nb-users", help="Number of users to create", type=int, default=600
|
||||
)
|
||||
|
||||
def handle(self, *args, **options):
|
||||
if not settings.DEBUG:
|
||||
raise Exception("Never call this command in prod. Never.")
|
||||
|
||||
self.stdout.write("Creating users...")
|
||||
users = self.create_users()
|
||||
users = self.create_users(options["nb_users"])
|
||||
self.create_bans(random.sample(users, k=len(users) // 200)) # 0.5% of users
|
||||
subscribers = random.sample(users, k=int(0.8 * len(users)))
|
||||
self.stdout.write("Creating subscriptions...")
|
||||
@@ -79,7 +85,7 @@ class Command(BaseCommand):
|
||||
self.stdout.write("Creating products...")
|
||||
self.create_products()
|
||||
self.stdout.write("Creating sales and refills...")
|
||||
sellers = random.sample(list(User.objects.all()), 100)
|
||||
sellers = random.sample(users, len(users) // 10)
|
||||
self.create_sales(sellers)
|
||||
self.stdout.write("Creating permanences...")
|
||||
self.create_permanences(sellers)
|
||||
@@ -88,7 +94,7 @@ class Command(BaseCommand):
|
||||
|
||||
self.stdout.write("Done")
|
||||
|
||||
def create_users(self) -> list[User]:
|
||||
def create_users(self, nb_users: int = 600) -> list[User]:
|
||||
# Create a single password hash for all users to make it faster.
|
||||
# It's insecure as hell, but it's ok since it's only for dev purposes.
|
||||
password = make_password("plop")
|
||||
@@ -107,7 +113,7 @@ class Command(BaseCommand):
|
||||
address=self.faker.address(),
|
||||
password=password,
|
||||
)
|
||||
for _ in range(600)
|
||||
for _ in range(nb_users)
|
||||
]
|
||||
# there may a duplicate or two
|
||||
# Not a problem, we will just have 599 users instead of 600
|
||||
@@ -172,25 +178,20 @@ class Command(BaseCommand):
|
||||
Customer.objects.bulk_create(customers, ignore_conflicts=True)
|
||||
|
||||
def make_club(self, club: Club, members: list[User], old_members: list[User]):
|
||||
roles: list[ClubRole] = list(club.roles.all())
|
||||
|
||||
def zip_roles(users: list[User]) -> Iterator[tuple[User, ClubRole]]:
|
||||
important_roles = [r for r in roles if r.is_board]
|
||||
important_roles.sort(key=lambda r: r.order)
|
||||
simple_board_role = important_roles.pop()
|
||||
member_roles = [r for r in roles if not r.is_board]
|
||||
def zip_roles(users: list[User]) -> Iterator[tuple[User, int]]:
|
||||
roles = iter(sorted(settings.SITH_CLUB_ROLES.keys(), reverse=True))
|
||||
user_idx = 0
|
||||
for _role in important_roles:
|
||||
while (role := next(roles)) > 2:
|
||||
# one member for each major role
|
||||
yield users[user_idx], _role
|
||||
yield users[user_idx], role
|
||||
user_idx += 1
|
||||
for _ in range(int(0.3 * (len(users) - user_idx))):
|
||||
# 30% of the remaining in the board
|
||||
yield users[user_idx], simple_board_role
|
||||
yield users[user_idx], 2
|
||||
user_idx += 1
|
||||
for remaining in users[user_idx + 1 :]:
|
||||
# everything else is a simple member
|
||||
yield remaining, random.choices(member_roles, weights=(0.8, 0.2))[0]
|
||||
yield remaining, 1
|
||||
|
||||
memberships = []
|
||||
old_members = old_members.copy()
|
||||
@@ -202,14 +203,19 @@ class Command(BaseCommand):
|
||||
start_date=start,
|
||||
end_date=self.faker.past_date(start),
|
||||
user=old,
|
||||
role=random.choice(roles),
|
||||
role=random.choice(list(settings.SITH_CLUB_ROLES.keys())),
|
||||
club=club,
|
||||
)
|
||||
)
|
||||
for member, role in zip_roles(members):
|
||||
start = self.faker.past_date("-1y")
|
||||
memberships.append(
|
||||
Membership(start_date=start, user=member, role=role, club=club)
|
||||
Membership(
|
||||
start_date=start,
|
||||
user=member,
|
||||
role=role,
|
||||
club=club,
|
||||
)
|
||||
)
|
||||
memberships = Membership.objects.bulk_create(memberships)
|
||||
Membership._add_club_groups(memberships)
|
||||
@@ -410,8 +416,9 @@ class Command(BaseCommand):
|
||||
Permanency.objects.bulk_create(perms)
|
||||
|
||||
def create_forums(self):
|
||||
forumers = random.sample(list(User.objects.all()), 100)
|
||||
most_actives = random.sample(forumers, 10)
|
||||
users = list(User.objects.all())
|
||||
forumers = random.sample(users, math.ceil(len(users) / 10))
|
||||
most_actives = random.sample(forumers, math.ceil(len(forumers) / 6))
|
||||
categories = list(Forum.objects.filter(is_category=True))
|
||||
new_forums = [
|
||||
Forum(name=self.faker.text(20), parent=random.choice(categories))
|
||||
|
||||
@@ -141,7 +141,6 @@ form {
|
||||
display: block;
|
||||
margin: calc(var(--nf-input-size) * 1.5) auto 10px;
|
||||
line-height: 1;
|
||||
white-space: nowrap;
|
||||
|
||||
.fields-centered {
|
||||
padding: 10px 10px 0;
|
||||
|
||||
@@ -23,10 +23,10 @@
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for m in profile.memberships.ongoing().select_related("role") %}
|
||||
{% for m in profile.memberships.filter(end_date=None).all() %}
|
||||
<tr>
|
||||
<td><a href="{{ url('club:club_members', club_id=m.club.id) }}">{{ m.club }}</a></td>
|
||||
<td>{{ m.role.name }}</td>
|
||||
<td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
|
||||
<td>{{ m.description }}</td>
|
||||
<td>{{ m.start_date }}</td>
|
||||
{% if m.can_be_edited_by(user) %}
|
||||
@@ -65,10 +65,10 @@
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for m in profile.memberships.exclude(end_date=None).select_related("role") %}
|
||||
{% for m in profile.memberships.exclude(end_date=None).all() %}
|
||||
<tr>
|
||||
<td><a href="{{ url('club:club_members', club_id=m.club.id) }}">{{ m.club }}</a></td>
|
||||
<td>{{ m.role.name }}</td>
|
||||
<td>{{ settings.SITH_CLUB_ROLES[m.role] }}</td>
|
||||
<td>{{ m.description }}</td>
|
||||
<td>{{ m.start_date }}</td>
|
||||
<td>{{ m.end_date }}</td>
|
||||
|
||||
13
core/tests/test_commands.py
Normal file
13
core/tests/test_commands.py
Normal file
@@ -0,0 +1,13 @@
|
||||
import contextlib
|
||||
import os
|
||||
|
||||
import pytest
|
||||
from django.core.management import call_command
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_populate_more(settings):
|
||||
"""Just check that populate more doesn't crash"""
|
||||
settings.DEBUG = True
|
||||
with open(os.devnull, "w") as devnull, contextlib.redirect_stdout(devnull):
|
||||
call_command("populate_more", "--nb-users", "50")
|
||||
@@ -11,7 +11,7 @@ from django.utils.timezone import now
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertHTMLEqual, assertRedirects
|
||||
|
||||
from club.models import Club, Membership
|
||||
from club.models import Club
|
||||
from core.baker_recipes import board_user, subscriber_user
|
||||
from core.markdown import markdown
|
||||
from core.models import AnonymousUser, Page, PageRev, User
|
||||
@@ -122,9 +122,6 @@ def test_page_revision_club_redirection(client: Client):
|
||||
@pytest.mark.django_db
|
||||
def test_viewable_by():
|
||||
# remove existing pages to prevent side effect
|
||||
# club pages are protected, so we must delete clubs first
|
||||
Membership.objects.all().delete()
|
||||
Club.objects.all().delete()
|
||||
Page.objects.all().delete()
|
||||
view_groups = [
|
||||
[settings.SITH_GROUP_PUBLIC_ID],
|
||||
|
||||
@@ -12,22 +12,32 @@
|
||||
# OR WITHIN THE LOCAL FILE "LICENSE"
|
||||
#
|
||||
#
|
||||
from __future__ import annotations
|
||||
|
||||
import hmac
|
||||
from datetime import date, timedelta
|
||||
|
||||
# Image utils
|
||||
from io import BytesIO
|
||||
from typing import Final
|
||||
from typing import TYPE_CHECKING
|
||||
from urllib.parse import urlencode
|
||||
|
||||
import PIL
|
||||
from django.conf import settings
|
||||
from django.core.files.base import ContentFile
|
||||
from django.core.files.uploadedfile import UploadedFile
|
||||
from django.http import HttpRequest
|
||||
from django.utils.timezone import localdate
|
||||
from PIL import ExifTags
|
||||
from PIL.Image import Image, Resampling
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from _hashlib import HASH
|
||||
from collections.abc import Buffer, Mapping, Sequence
|
||||
from typing import Any, Callable, Final
|
||||
|
||||
from django.core.files.uploadedfile import UploadedFile
|
||||
from django.http import HttpRequest
|
||||
|
||||
|
||||
RED_PIXEL_PNG: Final[bytes] = (
|
||||
b"\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52"
|
||||
b"\x00\x00\x00\x01\x00\x00\x00\x01\x08\x02\x00\x00\x00\x90\x77\x53"
|
||||
@@ -205,3 +215,30 @@ def get_client_ip(request: HttpRequest) -> str | None:
|
||||
return ip
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def hmac_hexdigest(
|
||||
key: str | bytes,
|
||||
data: Mapping[str, Any] | Sequence[tuple[str, Any]],
|
||||
digest: str | Callable[[Buffer], HASH] = "sha512",
|
||||
) -> str:
|
||||
"""Return the hexdigest of the signature of the given data.
|
||||
|
||||
Args:
|
||||
key: the HMAC key used for the signature
|
||||
data: the data to sign
|
||||
digest: a PEP247 hashing algorithm (by default, sha512)
|
||||
|
||||
Examples:
|
||||
```python
|
||||
data = {
|
||||
"foo": 5,
|
||||
"bar": "somevalue",
|
||||
}
|
||||
hmac_key = secrets.token_hex(64)
|
||||
signature = hmac_hexdigest(hmac_key, data, "sha256")
|
||||
```
|
||||
"""
|
||||
if isinstance(key, str):
|
||||
key = key.encode()
|
||||
return hmac.digest(key, urlencode(data).encode(), digest).hex()
|
||||
|
||||
@@ -583,7 +583,7 @@ class Counter(models.Model):
|
||||
if user.is_anonymous:
|
||||
return False
|
||||
mem = self.club.get_membership_for(user)
|
||||
if mem and mem.role.is_presidency:
|
||||
if mem and mem.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]:
|
||||
return True
|
||||
return user.is_in_group(pk=settings.SITH_GROUP_COUNTER_ADMIN_ID)
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ from model_bakery import baker
|
||||
from model_bakery.recipe import Recipe
|
||||
from pytest_django.asserts import assertRedirects
|
||||
|
||||
from club.models import ClubRole, Membership
|
||||
from club.models import Membership
|
||||
from core.baker_recipes import board_user, subscriber_user, very_old_subscriber_user
|
||||
from core.models import BanGroup, User
|
||||
from counter.baker_recipes import product_recipe, sale_recipe
|
||||
@@ -88,7 +88,7 @@ class TestFullClickBase(TestCase):
|
||||
Membership,
|
||||
start_date=now() - timedelta(days=30),
|
||||
club=cls.club_counter.club,
|
||||
role=baker.make(ClubRole, club=cls.club_counter.club, is_board=True),
|
||||
role=settings.SITH_CLUB_ROLES_ID["Board member"],
|
||||
user=cls.club_admin,
|
||||
)
|
||||
|
||||
@@ -782,13 +782,7 @@ class TestClubCounterClickAccess(TestCase):
|
||||
"counter:click",
|
||||
kwargs={"counter_id": cls.counter.id, "user_id": cls.customer.id},
|
||||
)
|
||||
cls.board_role, cls.member_role = baker.make(
|
||||
ClubRole,
|
||||
club=cls.counter.club,
|
||||
is_board=iter([True, False]),
|
||||
_quantity=2,
|
||||
_bulk_create=True,
|
||||
)
|
||||
|
||||
cls.user = subscriber_user.make()
|
||||
|
||||
def setUp(self):
|
||||
@@ -803,17 +797,13 @@ class TestClubCounterClickAccess(TestCase):
|
||||
res = self.client.get(self.click_url)
|
||||
assert res.status_code == 403
|
||||
# being a member of the club, without being in the board, isn't enough
|
||||
baker.make(
|
||||
Membership, club=self.counter.club, user=self.user, role=self.member_role
|
||||
)
|
||||
baker.make(Membership, club=self.counter.club, user=self.user, role=1)
|
||||
res = self.client.get(self.click_url)
|
||||
assert res.status_code == 403
|
||||
|
||||
def test_board_member(self):
|
||||
"""By default, board members should be able to click on office counters"""
|
||||
baker.make(
|
||||
Membership, club=self.counter.club, user=self.user, role=self.board_role
|
||||
)
|
||||
baker.make(Membership, club=self.counter.club, user=self.user, role=3)
|
||||
self.client.force_login(self.user)
|
||||
res = self.client.get(self.click_url)
|
||||
assert res.status_code == 200
|
||||
@@ -828,9 +818,7 @@ class TestClubCounterClickAccess(TestCase):
|
||||
def test_both_barman_and_board_member(self):
|
||||
"""If the user is barman and board member, he should be authorized as well."""
|
||||
self.counter.sellers.add(self.user)
|
||||
baker.make(
|
||||
Membership, club=self.counter.club, user=self.user, role=self.board_role
|
||||
)
|
||||
baker.make(Membership, club=self.counter.club, user=self.user, role=3)
|
||||
self.client.force_login(self.user)
|
||||
res = self.client.get(self.click_url)
|
||||
assert res.status_code == 200
|
||||
|
||||
@@ -3,13 +3,14 @@ import string
|
||||
from datetime import timedelta
|
||||
|
||||
import pytest
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.base_user import make_password
|
||||
from django.test import Client, TestCase
|
||||
from django.urls import reverse
|
||||
from django.utils.timezone import now
|
||||
from model_bakery import baker
|
||||
|
||||
from club.models import ClubRole, Membership
|
||||
from club.models import Membership
|
||||
from core.baker_recipes import board_user, subscriber_user
|
||||
from core.models import User
|
||||
from counter.baker_recipes import product_recipe, refill_recipe, sale_recipe
|
||||
@@ -41,12 +42,11 @@ class TestStudentCard(TestCase):
|
||||
cls.counter.sellers.add(cls.barmen)
|
||||
|
||||
cls.club_counter = baker.make(Counter)
|
||||
role = baker.make(ClubRole, club=cls.club_counter.club, is_board=True)
|
||||
baker.make(
|
||||
Membership,
|
||||
start_date=now() - timedelta(days=30),
|
||||
club=cls.club_counter.club,
|
||||
role=role,
|
||||
role=settings.SITH_CLUB_ROLES_ID["Board member"],
|
||||
user=cls.club_admin,
|
||||
)
|
||||
|
||||
|
||||
1
docs/reference/api/schemas.md
Normal file
1
docs/reference/api/schemas.md
Normal file
@@ -0,0 +1 @@
|
||||
::: api.schemas
|
||||
1
docs/reference/api/views.md
Normal file
1
docs/reference/api/views.md
Normal file
@@ -0,0 +1 @@
|
||||
::: api.views
|
||||
368
docs/tutorial/api/account-link.md
Normal file
368
docs/tutorial/api/account-link.md
Normal file
@@ -0,0 +1,368 @@
|
||||
Le site AE offre des mécanismes permettant aux applications tierces
|
||||
de récupérer les informations sur un utilisateur du site AE.
|
||||
De cette manière, il devient possible de synchroniser les informations
|
||||
qu possède l'application tierce sur l'utilisateur, directement depuis
|
||||
le site AE.
|
||||
|
||||
## Fonctionnement général
|
||||
|
||||
Pour authentifier vos utilisateurs, vous aurez besoin d'un serveur web
|
||||
et d'un client d'API (celui auquel est liée votre
|
||||
[clef d'API](./connect.md#obtenir-une-clef-dapi)).
|
||||
Deux informations vous sont nécessaires, en plus de votre clef d'API :
|
||||
|
||||
- l'id du client : vous pouvez l'obtenir soit en le demandant à l'équipe info,
|
||||
soit en appelant la route `GET /api/client/me` avec votre clef d'API
|
||||
renseignée dans le header [X-APIKey](./connect.md#x-apikey)
|
||||
- la clef HMAC du client : vous devez la demander à l'équipe info.
|
||||
|
||||
Grâce à ces informations, vous allez pouvoir fournir le contexte nécessaire
|
||||
au site AE pour qu'il authentifie vos utilisateurs.
|
||||
|
||||
En effet, la démarche d'authentification s'effectue presque entièrement
|
||||
sur le site : le travail de l'application tierce consiste uniquement
|
||||
à fournir à l'utilisateur une url avec les bons paramètres, puis
|
||||
à recevoir la réponse du serveur si tout s'est bien passé.
|
||||
|
||||
Comme un dessin vaut parfois mieux que mille mots,
|
||||
voici les diagrammes décrivant le processus.
|
||||
L'un montre l'entièreté de la démarche ;
|
||||
l'autre dans un souci de simplicité, ne montre que ce qui est visible
|
||||
directement par l'application tierce.
|
||||
|
||||
=== "Intégralité du processus"
|
||||
|
||||
```mermaid
|
||||
sequenceDiagram
|
||||
actor User
|
||||
participant App
|
||||
User->>+App: Authentifie-moi, stp
|
||||
App-->>-User: url de connexion<br/>avec signature
|
||||
User->>+Sith: GET url
|
||||
opt Utilisateur non-connecté
|
||||
Sith->>+User: Formulaire de connexion
|
||||
User-->>-Sith: Connexion
|
||||
end
|
||||
Sith->>Sith: vérification de la signature
|
||||
Sith->>+User: Formulaire<br/>des conditions<br/>d'utilisation
|
||||
User-->>-Sith: Validation
|
||||
Sith->>+App: URL de retour<br/>avec données utilisateur
|
||||
App->>App: Traitement des <br/>données utilisateur
|
||||
App-->>-Sith: 204 OK, No content
|
||||
Sith-->>-User: Message de succès
|
||||
App--)User: Message de succès
|
||||
```
|
||||
|
||||
=== "Point de vue de l'application tierce"
|
||||
|
||||
```mermaid
|
||||
sequenceDiagram
|
||||
actor User
|
||||
participant App
|
||||
User->>+App: Authentifie-moi, stp
|
||||
App-->>-User: url de connexion<br/>avec signature
|
||||
opt
|
||||
Sith->>+App: URL de retour<br/>avec données utilisateur
|
||||
App->>App: Traitement des <br/>données utilisateur
|
||||
App-->>-Sith: 204 OK, No content
|
||||
App--)User: Message de succès
|
||||
end
|
||||
```
|
||||
|
||||
## Données attendues
|
||||
|
||||
### URL de connexion
|
||||
|
||||
L'URL de connexion que vous allez fournir à l'utilisateur doit
|
||||
être `https://ae.utbm.fr/api-link/auth/`
|
||||
et doit contenir les données décrites dans
|
||||
[`ThirdPartyAuthParamsSchema`][api.schemas.ThirdPartyAuthParamsSchema] :
|
||||
|
||||
- `client_id` (integer) : l'id de votre client, que vous pouvez obtenir
|
||||
de la manière décrite plus haut
|
||||
- `third_party_app`(string) : le nom de la plateforme pour laquelle
|
||||
l'authentification va être réalisée (si votre application est un bot
|
||||
discord, mettez la valeur "discord")
|
||||
- `privacy_link`(URL) : l'URL vers la page de politique de confidentialité
|
||||
qui s'appliquera dans le cadre de l'application
|
||||
(s'il s'agit d'un bot discord, donnez le lien vers celles de Discord)
|
||||
- `username`(string) : le pseudonyme que l'utilisateur possède sur
|
||||
votre application
|
||||
- `callback_url`(URL) : l'URL que le site AE appellera si l'authentification
|
||||
réussit
|
||||
- `signature`(string) : la signature des données de la requête.
|
||||
Il s'agit d'une signature par clef HMAC dont le fonctionnement
|
||||
est détaillé plus bas.
|
||||
|
||||
Ces données doivent être url-encodées et passées dans les paramètres GET.
|
||||
|
||||
!!!warning "URL de retour"
|
||||
|
||||
Les URLs fournies doivent être des URLs HTTP valides.
|
||||
En outre, elles doivent obligatoirement inclure la barre oblique finale.
|
||||
|
||||
=== "URL correcte ✔️"
|
||||
|
||||
`https://exemple.ae.utbm.fr/foo/`
|
||||
|
||||
=== "URL incorrecte ❌"
|
||||
|
||||
`https://exemple.ae.utbm.fr/foo`
|
||||
|
||||
!!!tip
|
||||
|
||||
Inclure l'id de votre utilisateur dans l'URL de retour
|
||||
peut être un bon moyen de l'identifier lors du callback.
|
||||
Par exemple : `GET /callback/{int:user_id}/`.
|
||||
|
||||
???Example
|
||||
|
||||
Supposons que votre client d'API soit utilisé dans le cadre d'un bot Discord,
|
||||
avec les données suivantes :
|
||||
|
||||
- l'id du client est 15
|
||||
- sa clef HMAC est "beb99dd53"
|
||||
(c'est pour l'exemple, une vraie clef sera beaucoup plus longue)
|
||||
- le pseudonyme discord de votre utilisateur est Brian
|
||||
- son id sur discord est 123456789
|
||||
- votre route de callback est `GET /callback/{int:user_id}/`,
|
||||
accessible au domaine `https://bot.ae.utbm.fr`
|
||||
|
||||
Alors les paramètres de votre URL seront :
|
||||
|
||||
| Paramètre | valeur |
|
||||
|-----------------|-----------------------------------------------------------------------|
|
||||
| client_id | 15 |
|
||||
| third_party_app | discord |
|
||||
| privacy_link | `https://discord.com/privacy` |
|
||||
| username | Brian |
|
||||
| callback_url | `https://bot.ae.utbm.fr/callback/123456789/` |
|
||||
| signature | 1a383c51060be64f07772aa42e07<br/>18ae096b8f21f2cdb4061c0834a416d12101 |
|
||||
|
||||
Et l'url fournie à l'utilisateur sera :
|
||||
|
||||
`https://ae.utbm.fr/api-link/auth/?client_id=15&third_party_app=discord
|
||||
&privacy_link=https%3A%2F%2Fdiscord.com%2Fprivacy&username=Brian
|
||||
&callback_url=https%3A%2F%2Fbot.ae.utbm.fr%2Fcallback%2F123456789%2F
|
||||
&signature=1a383c51060be64f07772aa42e0718ae096b8f21f2cdb4061c0834a416d12101`
|
||||
|
||||
### Données de retour
|
||||
|
||||
Si l'authentification réussit, le site AE enverra une requête HTTP POST
|
||||
à l'URL de retour fournie dans l'URL de connexion.
|
||||
|
||||
Le corps de la requête de callback et au format JSON
|
||||
et contient deux paires clef-valeur :
|
||||
|
||||
- `user` : les données utilisateur, telles que décrites
|
||||
par [UserProfileSchema][core.schemas.UserProfileSchema]
|
||||
- `signature` : la signature des données utilisateur
|
||||
|
||||
???Example
|
||||
|
||||
En reprenant les mêmes paramètres que dans l'exemple précédent,
|
||||
le site AE pourra renvoyer à l'application la requête suivante :
|
||||
|
||||
```http
|
||||
POST https://bot.ae.utbm.fr/callback/123456789/
|
||||
content-type: application/json
|
||||
body: {
|
||||
"user": {
|
||||
"id": 144131,
|
||||
"nick_name": "inzekitchen",
|
||||
"first_name": "Brian",
|
||||
...
|
||||
},
|
||||
"signature": "f16955bab6b805f6e1abbb98a86dfee53fed0bf812aa6513ca46cfd461b70020"
|
||||
}
|
||||
```
|
||||
|
||||
L'application doit répondre avec un des codes HTTP suivants :
|
||||
|
||||
| Code | Raison |
|
||||
|------|--------------------------------------------------------------------------------|
|
||||
| 204 | Tout s'est bien passé |
|
||||
| 403 | Les données de retour ne sont <br>pas signées ou sont mal signées |
|
||||
| 404 | L'URL de retour ne permet pas <br>d'identifier un utilisateur de l'application |
|
||||
|
||||
!!!note "Code d'erreur par défaut"
|
||||
|
||||
Si l'appel de la route fait face à plusieurs problèmes en même temps
|
||||
(par exemple, l'URL ne permet pas de retrouver votre utilisateur,
|
||||
et en plus les données sont mal signées),
|
||||
le 403 prime et doit être retourné par défaut.
|
||||
|
||||
## Signature des données
|
||||
|
||||
Les données de l'URL de connexion doivent être signées,
|
||||
et la signature de l'URL de retour doit être vérifiée.
|
||||
|
||||
Dans le deux cas, la signature est le digest HMAC-SHA512
|
||||
des données url-encodées, en utilisant la clef HMAC du client d'API.
|
||||
L'ordre dans lequel ces données sont placées dans l'encodage URL
|
||||
doit être strictement le même que celui donné plus haut.
|
||||
|
||||
???Example "Signature de l'URL de connexion"
|
||||
|
||||
En reprenant le même exemple que les fois précédentes,
|
||||
l'url-encodage des données est :
|
||||
|
||||
`client_id=15&third_party_app=discord
|
||||
&privacy_link=https%3A%2F%2Fdiscord.com%2Fprivacy%2F&username=Brian
|
||||
&callback_url=https%3A%2F%2Fbot.ae.utbm.fr%2Fcallback%2F123456789%2F`
|
||||
|
||||
Notez que la signature n'est pas (encore) dedans.
|
||||
Cette dernière peut-être obtenue avec le code suivant :
|
||||
|
||||
=== ":simple-python: Python"
|
||||
|
||||
Dépendances :
|
||||
|
||||
- `environs` (>=14.1)
|
||||
|
||||
```python
|
||||
import hmac
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from environs import Env
|
||||
|
||||
env = Env()
|
||||
env.read_env()
|
||||
|
||||
key = env.str("HMAC_KEY").encode()
|
||||
data = {
|
||||
"client_id": 15,
|
||||
"third_party_app": "discord",
|
||||
"privacy_link": "https://discord.com/privacy/",
|
||||
"username": "Brian",
|
||||
"callback_url": "https://bot.ae.utbm.fr/callback/123456789/",
|
||||
}
|
||||
urlencoded = urlencode(data)
|
||||
data["signature"] = hmac.digest(key, urlencoded.encode(), "sha512").hex()
|
||||
|
||||
# URL a fournir à l'utilisateur pour son authentification
|
||||
user_url = f"https://ae.ubtm.fr/api-link/auth/?{urlencode(data)}"
|
||||
```
|
||||
|
||||
=== ":simple-rust: Rust"
|
||||
|
||||
Dépendances :
|
||||
|
||||
- `hmac` (>=0.12.1)
|
||||
- `url` (>=2.5.7, features `serde`)
|
||||
- `serde` (>=1.0.228, features `derive`)
|
||||
- `serde_urlencoded` (>="0.7.1)
|
||||
- `sha2` (>=0.10.9)
|
||||
- `dotenvy` (>= 0.15)
|
||||
|
||||
```rust
|
||||
use hmac::{Mac, SimpleHmac};
|
||||
use serde::Serialize;
|
||||
use sha2::Sha512;
|
||||
use url::Url;
|
||||
|
||||
#[derive(Serialize, Debug)]
|
||||
struct UrlData<'a> {
|
||||
client_id: u32,
|
||||
third_party_app: &'a str,
|
||||
privacy_link: Url,
|
||||
username: &'a str,
|
||||
callback_url: Url,
|
||||
}
|
||||
|
||||
impl<'a> UrlData<'a> {
|
||||
pub fn signature(&self, key: &[u8]) -> CtOutput<SimpleHmac<Sha512>> {
|
||||
let urlencoded = serde_urlencoded::to_string(self).unwrap();
|
||||
SimpleHmac::<Sha512>::new_from_slice(key)
|
||||
.unwrap()
|
||||
.chain_update(urlencoded.as_bytes())
|
||||
.finalize()
|
||||
}
|
||||
}
|
||||
|
||||
impl Into<Url> for UrlData<'_> {
|
||||
fn into(self) -> Url {
|
||||
let key = std::env::var("HMAC_KEY").unwrap();
|
||||
let mut url = Url::parse("http://ae.utbm.fr/api-link/auth/").unwrap();
|
||||
url.set_query(Some(
|
||||
format!(
|
||||
"{}&signature={:x}",
|
||||
serde_urlencoded::to_string(&self).unwrap(),
|
||||
self.signature(key.as_bytes()).into_bytes()
|
||||
)
|
||||
.as_str(),
|
||||
));
|
||||
url
|
||||
}
|
||||
}
|
||||
|
||||
fn main() {
|
||||
dotenvy::dotenv().expect("Couldn't load env");
|
||||
let data = UrlData {
|
||||
client_id: 1,
|
||||
third_party_app: "discord",
|
||||
privacy_link: "https://discord.com/privacy/".parse().unwrap(),
|
||||
username: "Brian",
|
||||
callback_url: "https://bot.ae.utbm.fr/callback/123456789/"
|
||||
.parse()
|
||||
.unwrap(),
|
||||
};
|
||||
let url: Url = data.into();
|
||||
println!("{:?}", url);
|
||||
}
|
||||
```
|
||||
|
||||
???Example "Vérification de la signature de la réponse"
|
||||
|
||||
Les données utilisateur peuvent ressembler à :
|
||||
|
||||
```json
|
||||
{
|
||||
"user": {
|
||||
"display_name": "Matthieu Vincent",
|
||||
"profile_url": "/user/380/",
|
||||
"profile_pict": "/static/core/img/unknown.jpg",
|
||||
"id": 380,
|
||||
"nick_name": None,
|
||||
"first_name": "Matthieu",
|
||||
"last_name": "Vincent",
|
||||
},
|
||||
"signature": "3802a280fbb01bd9fetc."
|
||||
}
|
||||
```
|
||||
|
||||
Vous pouvez vérifier la signature ainsi :
|
||||
|
||||
```python
|
||||
import hmac
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from environs import Env
|
||||
|
||||
env = Env()
|
||||
env.read_env()
|
||||
|
||||
def is_signature_valid(user_data: dict, signature: str) -> bool:
|
||||
key = env.str("HMAC_KEY").encode()
|
||||
urlencoded = urlencode(user_data)
|
||||
return hmac.compare_digest(
|
||||
hmac.digest(key, urlencoded.encode(), "sha512").hex(),
|
||||
signature,
|
||||
)
|
||||
|
||||
|
||||
post_data = <récupération des données POST>
|
||||
print(
|
||||
"signature valide :",
|
||||
is_signature_valid(post_data["user"], post_data["signature"]
|
||||
)
|
||||
```
|
||||
|
||||
!!!Warning
|
||||
|
||||
Vous devez impérativement vérifier la signature
|
||||
des données de la requête de callback !
|
||||
|
||||
Si l'équipe informatique se rend compte que vous ne le faites pas,
|
||||
elle se réserve le droit de suspendre votre application,
|
||||
immédiatement et sans préavis.
|
||||
@@ -112,7 +112,7 @@ cf. [HTTP persistant connection (wikipedia)](https://en.wikipedia.org/wiki/HTTP_
|
||||
|
||||
Voici quelques exemples :
|
||||
|
||||
=== "Python (requests)"
|
||||
=== ":simple-python: Python (requests)"
|
||||
|
||||
Dépendances :
|
||||
|
||||
@@ -132,7 +132,7 @@ Voici quelques exemples :
|
||||
print(response.json())
|
||||
```
|
||||
|
||||
=== "Python (aiohttp)"
|
||||
=== ":simple-python: Python (aiohttp)"
|
||||
|
||||
Dépendances :
|
||||
|
||||
@@ -158,7 +158,7 @@ Voici quelques exemples :
|
||||
asyncio.run(main())
|
||||
```
|
||||
|
||||
=== "Javascript (axios)"
|
||||
=== ":simple-javascript: Javascript (axios)"
|
||||
|
||||
Dépendances :
|
||||
|
||||
@@ -178,7 +178,7 @@ Voici quelques exemples :
|
||||
console.log(await instance.get("club/1").json());
|
||||
```
|
||||
|
||||
=== "Rust (reqwest)"
|
||||
=== ":simple-rust: Rust (reqwest)"
|
||||
|
||||
Dépendances :
|
||||
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
#
|
||||
# Copyright 2022
|
||||
# - Maréchal <thgirod@hotmail.com
|
||||
#
|
||||
# Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
|
||||
# http://ae.utbm.fr.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify it under
|
||||
# the terms of the GNU General Public License a published by the Free Software
|
||||
# Foundation; either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
# details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
|
||||
# Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
|
||||
class PaymentResultConverter:
|
||||
"""Converter used for url mapping of the `eboutic.views.payment_result` view.
|
||||
|
||||
It's meant to build an url that can match
|
||||
either `/eboutic/pay/success/` or `/eboutic/pay/failure/`
|
||||
but nothing else.
|
||||
"""
|
||||
|
||||
regex = "(success|failure)"
|
||||
|
||||
def to_python(self, value):
|
||||
return str(value)
|
||||
|
||||
def to_url(self, value):
|
||||
return str(value)
|
||||
@@ -24,7 +24,7 @@
|
||||
|
||||
from django.urls import path, register_converter
|
||||
|
||||
from eboutic.converters import PaymentResultConverter
|
||||
from core.converters import ResultConverter
|
||||
from eboutic.views import (
|
||||
BillingInfoFormFragment,
|
||||
EbouticCheckout,
|
||||
@@ -35,7 +35,7 @@ from eboutic.views import (
|
||||
payment_result,
|
||||
)
|
||||
|
||||
register_converter(PaymentResultConverter, "res")
|
||||
register_converter(ResultConverter, "res")
|
||||
|
||||
urlpatterns = [
|
||||
# Subscription views
|
||||
|
||||
@@ -183,7 +183,7 @@ class Forum(models.Model):
|
||||
Forum._club_memberships[self.id] = {}
|
||||
Forum._club_memberships[self.id][user.id] = m
|
||||
if m:
|
||||
return m.role.is_board
|
||||
return m.role > settings.SITH_MAXIMUM_FREE_ROLE
|
||||
return False
|
||||
|
||||
def check_loop(self):
|
||||
|
||||
@@ -29,9 +29,8 @@ from django.conf import settings
|
||||
from django.core.files.base import ContentFile
|
||||
from django.core.management.base import BaseCommand
|
||||
from django.utils import timezone
|
||||
from model_bakery import baker
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.models import Group, Page, SithFile, User
|
||||
from core.utils import RED_PIXEL_PNG
|
||||
from sas.models import Album, PeoplePictureRelation, Picture
|
||||
@@ -218,19 +217,11 @@ class Command(BaseCommand):
|
||||
"The `make_clubs()` method must be called before `make_club_memberships()`"
|
||||
)
|
||||
memberships = []
|
||||
roles = {
|
||||
r.club_id: r.id
|
||||
for r in baker.make(
|
||||
ClubRole,
|
||||
club=iter(self.clubs),
|
||||
_quantity=len(self.clubs),
|
||||
_bulk_create=True,
|
||||
)
|
||||
}
|
||||
for i in range(1, 11): # users can be in up to 20 clubs
|
||||
self.logger.info(f"Club membership, pass {i}")
|
||||
for uid in range(i, self.NB_USERS, i):
|
||||
# Pass #1 will make sure every user is at least in one club
|
||||
for uid in range(
|
||||
i, self.NB_USERS, i
|
||||
): # Pass #1 will make sure every user is at least in one club
|
||||
user = self.users[uid]
|
||||
club = self.clubs[(uid + i**2) % self.NB_CLUBS]
|
||||
|
||||
@@ -245,7 +236,7 @@ class Command(BaseCommand):
|
||||
Membership(
|
||||
user=user,
|
||||
club=club,
|
||||
role_id=roles[club.id],
|
||||
role=(uid + i) % 10 + 1, # spread the different roles
|
||||
start_date=start,
|
||||
end_date=end,
|
||||
)
|
||||
@@ -268,7 +259,7 @@ class Command(BaseCommand):
|
||||
Membership(
|
||||
user=user,
|
||||
club=club,
|
||||
role_id=roles[club.id],
|
||||
role=((uid // 10) + i) % 10 + 1, # spread the different roles
|
||||
start_date=start,
|
||||
end_date=end,
|
||||
)
|
||||
|
||||
@@ -35,6 +35,10 @@ msgstr ""
|
||||
"True si gardé à jour par le biais d'un fournisseur externe de domains "
|
||||
"toxics, False sinon"
|
||||
|
||||
#: api/admin.py
|
||||
msgid "Reset HMAC key"
|
||||
msgstr "Réinitialiser la clef HMAC"
|
||||
|
||||
#: api/admin.py
|
||||
#, python-format
|
||||
msgid ""
|
||||
@@ -48,6 +52,23 @@ msgstr ""
|
||||
msgid "Revoke selected API keys"
|
||||
msgstr "Révoquer les clefs d'API sélectionnées"
|
||||
|
||||
#: api/forms.py
|
||||
msgid "I have read and I accept the terms and conditions of use"
|
||||
msgstr "J'ai lu et j'accepte les conditions générales d'utilisation."
|
||||
|
||||
#: api/forms.py
|
||||
msgid "You must approve the terms and conditions of use."
|
||||
msgstr "Vous devez approuver les conditions générales d'utilisation."
|
||||
|
||||
#: api/forms.py
|
||||
msgid "You must confirm that this is your username."
|
||||
msgstr "Vous devez confirmer que c'est bien votre nom d'utilisateur."
|
||||
|
||||
#: api/forms.py
|
||||
#, python-format
|
||||
msgid "I confirm that %(username)s is my username on %(app)s"
|
||||
msgstr "Je confirme que %(username)s est mon nom d'utilisateur sur %(app)s"
|
||||
|
||||
#: api/models.py club/models.py com/models.py counter/models.py forum/models.py
|
||||
msgid "name"
|
||||
msgstr "nom"
|
||||
@@ -68,6 +89,10 @@ msgstr "permissions du client"
|
||||
msgid "Specific permissions for this api client."
|
||||
msgstr "Permissions spécifiques pour ce client d'API"
|
||||
|
||||
#: api/models.py
|
||||
msgid "HMAC Key"
|
||||
msgstr "Clef HMAC"
|
||||
|
||||
#: api/models.py
|
||||
msgid "api client"
|
||||
msgstr "client d'api"
|
||||
@@ -97,6 +122,63 @@ msgstr "clef d'api"
|
||||
msgid "api keys"
|
||||
msgstr "clefs d'api"
|
||||
|
||||
#: api/templates/api/third_party/auth.jinja
|
||||
msgid "Confidentiality"
|
||||
msgstr "Confidentialité"
|
||||
|
||||
#: api/templates/api/third_party/auth.jinja
|
||||
#, python-format
|
||||
msgid ""
|
||||
"By ticking this box and clicking on the send button, you acknowledge and "
|
||||
"agree to provide %(app)s with your first name, last name, nickname and any "
|
||||
"other information that was the third party app was explicitly authorized to "
|
||||
"fetch and that it must have acknowledged to you, in a complete and accurate "
|
||||
"manner."
|
||||
msgstr ""
|
||||
"En cochant cette case et en cliquant sur le bouton « Envoyer », vous "
|
||||
"reconnaissez et acceptez de fournir à %(app)s votre prénom, nom, pseudonyme "
|
||||
"et toute autre information que l'application tierce a été explicitement "
|
||||
"autorisée à récupérer et qu'elle doit vous avoir communiqué de manière "
|
||||
"complète et exacte."
|
||||
|
||||
#: api/templates/api/third_party/auth.jinja
|
||||
#, python-format
|
||||
msgid ""
|
||||
"The privacy policies of <a href=\"%(privacy_link)s\">%(app)s</a> and of <a "
|
||||
"href=\"%(sith_cgu_link)s\">the Students' Association</a> applies as soon as "
|
||||
"the form is submitted."
|
||||
msgstr ""
|
||||
"Les politiques de confidentialité de <a href=\"%(privacy_link)s\">%(app)s</a> et de <a "
|
||||
"href=\"%(sith_cgu_link)s\">l'Association des Etudiants</a> s'appliquent dès la soumission "
|
||||
"du formulaire."
|
||||
|
||||
#: api/templates/api/third_party/auth.jinja
|
||||
msgid "Confirmation of identity"
|
||||
msgstr "Confirmation d'identité"
|
||||
|
||||
#: api/views.py
|
||||
#, python-format
|
||||
msgid ""
|
||||
"You are going to link your AE account and your %(app)s account. Continue "
|
||||
"only if this page was opened from %(app)s."
|
||||
msgstr ""
|
||||
"Vous allez lier votre compte AE et votre compte %(app)s. Poursuivez "
|
||||
"uniquement si cette page a été ouverte depuis %(app)s."
|
||||
|
||||
#: api/views.py
|
||||
msgid "You have been successfully authenticated. You can now close this page."
|
||||
msgstr "Vous avez été authentifié avec succès. Vous pouvez maintenant fermer cette page."
|
||||
|
||||
#: api/views.py
|
||||
msgid ""
|
||||
"Your authentication on the AE website was successful, but an error happened "
|
||||
"during the interaction with the third-party application. Please contact the "
|
||||
"managers of the latter."
|
||||
msgstr ""
|
||||
"Votre authentification sur le site AE a fonctionné, mais une erreur est arrivée "
|
||||
"durant l'interaction avec l'application tierce. Veuillez contacter les responsables "
|
||||
"de cette dernière."
|
||||
|
||||
#: club/forms.py
|
||||
msgid "Users to add"
|
||||
msgstr "Utilisateurs à ajouter"
|
||||
@@ -217,58 +299,15 @@ msgstr "home"
|
||||
msgid "You can not make loops in clubs"
|
||||
msgstr "Vous ne pouvez pas faire de boucles dans les clubs"
|
||||
|
||||
#: club/models.py com/models.py counter/models.py trombi/models.py
|
||||
msgid "club"
|
||||
msgstr "club"
|
||||
|
||||
#: club/models.py
|
||||
msgid "The club with which this role is associated"
|
||||
msgstr "Le club auquel ce rôle est attaché."
|
||||
|
||||
#: club/models.py core/models.py counter/models.py election/models.py
|
||||
#: forum/models.py
|
||||
msgid "description"
|
||||
msgstr "description"
|
||||
|
||||
#: club/models.py
|
||||
msgid "Board role"
|
||||
msgstr "Rôle du bureau"
|
||||
|
||||
#: club/models.py
|
||||
msgid "Presidency role"
|
||||
msgstr "Rôle de la présidence"
|
||||
|
||||
#: club/models.py
|
||||
msgid ""
|
||||
"If the role is inactive, people joining the club won't be able to get it."
|
||||
msgstr ""
|
||||
"Si ce rôle est inactif, il ne pourra pas être attribué aux gens qui rejoignent le club."
|
||||
|
||||
#: club/models.py
|
||||
msgid "club role"
|
||||
msgstr "rôle de club"
|
||||
|
||||
#: club/models.py
|
||||
msgid "club roles"
|
||||
msgstr "rôles de club"
|
||||
|
||||
#: club/models.py
|
||||
#, python-format
|
||||
msgid ""
|
||||
"Role %(name)s was declared as a presidency role without being a board role"
|
||||
msgstr ""
|
||||
"Le rôle %(name)s a été déclaré comme rôle de présidence sans être un rôle du bureau."
|
||||
|
||||
#: club/models.py
|
||||
#, python-format
|
||||
msgid "Board role %(role)s cannot be placed below a member role"
|
||||
msgstr "Le rôle du bureau %(role)s ne peut pas être placé en-dessous d'un rôle de membre."
|
||||
|
||||
#: club/models.py core/models.py counter/models.py eboutic/models.py
|
||||
#: election/models.py pedagogy/models.py sas/models.py trombi/models.py
|
||||
msgid "user"
|
||||
msgstr "utilisateur"
|
||||
|
||||
#: club/models.py com/models.py counter/models.py trombi/models.py
|
||||
msgid "club"
|
||||
msgstr "club"
|
||||
|
||||
#: club/models.py counter/models.py election/models.py
|
||||
msgid "start date"
|
||||
msgstr "date de début"
|
||||
@@ -281,6 +320,11 @@ msgstr "date de fin"
|
||||
msgid "role"
|
||||
msgstr "rôle"
|
||||
|
||||
#: club/models.py core/models.py counter/models.py election/models.py
|
||||
#: forum/models.py
|
||||
msgid "description"
|
||||
msgstr "description"
|
||||
|
||||
#: club/models.py
|
||||
msgid "past member"
|
||||
msgstr "ancien membre"
|
||||
@@ -5388,6 +5432,42 @@ msgstr "Cursus alternant (-20%)"
|
||||
msgid "One year for free(CA offer)"
|
||||
msgstr "Une année offerte (Offre CA)"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "President"
|
||||
msgstr "Président⸱e"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "Vice-President"
|
||||
msgstr "Vice-Président⸱e"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "Treasurer"
|
||||
msgstr "Trésorier⸱e"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "Communication supervisor"
|
||||
msgstr "Responsable communication"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "Secretary"
|
||||
msgstr "Secrétaire"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "IT supervisor"
|
||||
msgstr "Responsable info"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "Board member"
|
||||
msgstr "Membre du bureau"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "Active member"
|
||||
msgstr "Membre actif⸱ve"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "Curious"
|
||||
msgstr "Curieux⸱euse"
|
||||
|
||||
#: sith/settings.py
|
||||
msgid "A new poster needs to be moderated"
|
||||
msgstr "Une nouvelle affiche a besoin d'être modérée"
|
||||
|
||||
@@ -69,6 +69,7 @@ nav:
|
||||
- API:
|
||||
- Développement: tutorial/api/dev.md
|
||||
- Connexion à l'API: tutorial/api/connect.md
|
||||
- Liaison avec le compte AE: tutorial/api/account-link.md
|
||||
- Etransactions: tutorial/etransaction.md
|
||||
- How-to:
|
||||
- L'ORM de Django: howto/querysets.md
|
||||
@@ -91,6 +92,8 @@ nav:
|
||||
- reference/api/hashers.md
|
||||
- reference/api/models.md
|
||||
- reference/api/perms.md
|
||||
- reference/api/schemas.md
|
||||
- reference/api/views.md
|
||||
- club:
|
||||
- reference/club/models.md
|
||||
- reference/club/views.md
|
||||
|
||||
@@ -404,6 +404,8 @@ SITH_FORUM_PAGE_LENGTH = 30
|
||||
SITH_SAS_ROOT_DIR_ID = env.int("SITH_SAS_ROOT_DIR_ID", default=4)
|
||||
SITH_SAS_IMAGES_PER_PAGE = 60
|
||||
|
||||
SITH_CGU_FILE_ID = env.int("SITH_CGU_FILE_ID", default=5)
|
||||
|
||||
SITH_PROFILE_DEPARTMENTS = [
|
||||
("TC", _("TC")),
|
||||
("IMSI", _("IMSI")),
|
||||
@@ -574,6 +576,35 @@ SITH_SUBSCRIPTIONS = {
|
||||
# To be completed....
|
||||
}
|
||||
|
||||
SITH_CLUB_ROLES_ID = {
|
||||
"President": 10,
|
||||
"Vice-President": 9,
|
||||
"Treasurer": 7,
|
||||
"Communication supervisor": 5,
|
||||
"Secretary": 4,
|
||||
"IT supervisor": 3,
|
||||
"Board member": 2,
|
||||
"Active member": 1,
|
||||
"Curious": 0,
|
||||
}
|
||||
|
||||
SITH_CLUB_ROLES = {
|
||||
10: _("President"),
|
||||
9: _("Vice-President"),
|
||||
7: _("Treasurer"),
|
||||
5: _("Communication supervisor"),
|
||||
4: _("Secretary"),
|
||||
3: _("IT supervisor"),
|
||||
2: _("Board member"),
|
||||
1: _("Active member"),
|
||||
0: _("Curious"),
|
||||
}
|
||||
|
||||
# This corresponds to the maximum role a user can freely subscribe to
|
||||
# In this case, SITH_MAXIMUM_FREE_ROLE=1 means that a user can
|
||||
# set himself as "Membre actif" or "Curieux", but not higher
|
||||
SITH_MAXIMUM_FREE_ROLE = 1
|
||||
|
||||
# Minutes to timeout the logged barmen
|
||||
SITH_BARMAN_TIMEOUT = 30
|
||||
|
||||
|
||||
@@ -34,6 +34,7 @@ urlpatterns = [
|
||||
path("", include(("core.urls", "core"), namespace="core")),
|
||||
path("sitemap.xml", cache_page(86400)(sitemap), {"sitemaps": sitemaps}),
|
||||
path("api/", api.urls),
|
||||
path("api-link/", include(("api.urls", "api-link"), namespace="api-link")),
|
||||
path("rootplace/", include(("rootplace.urls", "rootplace"), namespace="rootplace")),
|
||||
path(
|
||||
"subscription/",
|
||||
|
||||
@@ -4,7 +4,7 @@ from django.urls import reverse
|
||||
from model_bakery import baker
|
||||
from pytest_django.asserts import assertRedirects
|
||||
|
||||
from club.models import Club, ClubRole, Membership
|
||||
from club.models import Club, Membership
|
||||
from core.baker_recipes import subscriber_user
|
||||
from core.models import User
|
||||
|
||||
@@ -15,8 +15,7 @@ class TestSubscriptionPermission(TestCase):
|
||||
cls.user: User = subscriber_user.make()
|
||||
cls.admin = baker.make(User, is_superuser=True)
|
||||
cls.club = baker.make(Club)
|
||||
role = baker.make(ClubRole, club=cls.club, is_board=True)
|
||||
baker.make(Membership, user=cls.user, club=cls.club, role=role)
|
||||
baker.make(Membership, user=cls.user, club=cls.club, role=7)
|
||||
|
||||
def test_give_permission(self):
|
||||
self.client.force_login(self.admin)
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
from datetime import date
|
||||
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ValidationError
|
||||
from django.db import models
|
||||
from django.urls import reverse
|
||||
@@ -151,12 +152,10 @@ class TrombiUser(models.Model):
|
||||
|
||||
def make_memberships(self):
|
||||
self.memberships.all().delete()
|
||||
for m in (
|
||||
self.user.memberships.filter(role__is_board=True)
|
||||
.select_related("role")
|
||||
.order_by("end_date")
|
||||
):
|
||||
role = m.role.name
|
||||
for m in self.user.memberships.filter(
|
||||
role__gt=settings.SITH_MAXIMUM_FREE_ROLE
|
||||
).order_by("end_date"):
|
||||
role = str(settings.SITH_CLUB_ROLES[m.role])
|
||||
if m.description:
|
||||
role += " (%s)" % m.description
|
||||
end_date = get_semester_code(m.end_date) if m.end_date else ""
|
||||
|
||||
5
uv.lock
generated
5
uv.lock
generated
@@ -815,10 +815,11 @@ wheels = [
|
||||
|
||||
[[package]]
|
||||
name = "griffelib"
|
||||
version = "2.0.0"
|
||||
version = "2.0.2"
|
||||
source = { registry = "https://pypi.org/simple" }
|
||||
sdist = { url = "https://files.pythonhosted.org/packages/9d/82/74f4a3310cdabfbb10da554c3a672847f1ed33c6f61dd472681ce7f1fe67/griffelib-2.0.2.tar.gz", hash = "sha256:3cf20b3bc470e83763ffbf236e0076b1211bac1bc67de13daf494640f2de707e", size = 166461, upload-time = "2026-03-27T11:34:51.091Z" }
|
||||
wheels = [
|
||||
{ url = "https://files.pythonhosted.org/packages/4d/51/c936033e16d12b627ea334aaaaf42229c37620d0f15593456ab69ab48161/griffelib-2.0.0-py3-none-any.whl", hash = "sha256:01284878c966508b6d6f1dbff9b6fa607bc062d8261c5c7253cb285b06422a7f", size = 142004, upload-time = "2026-02-09T19:09:40.561Z" },
|
||||
{ url = "https://files.pythonhosted.org/packages/11/8c/c9138d881c79aa0ea9ed83cbd58d5ca75624378b38cee225dcf5c42cc91f/griffelib-2.0.2-py3-none-any.whl", hash = "sha256:925c857658fb1ba40c0772c37acbc2ab650bd794d9c1b9726922e36ea4117ea1", size = 142357, upload-time = "2026-03-27T11:34:46.275Z" },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
||||
Reference in New Issue
Block a user