perm staff for non primary group

author: Andrea Lepori <alepori@student.ethz.ch> 2020-07-30 20:36:49 +0200
committer: Andrea Lepori <alepori@student.ethz.ch> 2020-07-30 20:36:49 +0200
commit: e8cf20110599c16df4f8a33ee36c3fe282cefa3a (patch)
tree: 8d0ca9e022e80c74dcaf4f656e56f01a20d12ec9
parent: block debug actions and confirm for approve doc (diff)
download: scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.tar.gz
scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.zip
10 files changed, 117 insertions, 52 deletions
diff --git a/accounts/templates/accounts/index.html b/accounts/templates/accounts/index.html
index e0674a7..7f1f449 100644
--- a/accounts/templates/accounts/index.html
+++ b/accounts/templates/accounts/index.html
@@ -8,7 +8,7 @@
       <a style="margin-left: 10px;" href="{% url 'index' %}" class="breadcrumb">Home</a>
       <a href="#!" class="breadcrumb hide-on-med-and-down">Account</a>
       <ul class="right">
-          {% if user.is_staff %}
+          {% if user.is_staff or perms.client.staff %}
             <li><a href="{% url 'server' %}">Pannello Admin</a></li>
           {% endif %}
           <li><a href="{% url 'personal' %}">{{ user.username }}</a></li>
@@ -23,23 +23,6 @@
       </ul>
     </div>
   </nav>
-
-  <ul class="sidenav" id="mobile-demo">
-    {% if user.is_staff %}
-      <li><a href="{% url 'server' %}">Pannello Admin</a></li>
-    {% endif %}
-    {% if user.is_authenticated %}
-      <li><a href="{% url 'personal' %}">{{ user.username }}</a></li>
-    {% endif %}
-    {% if user.username != "" %}
-      <li>
-      <a href="{% url 'logout' %}"><i class="material-icons">exit_to_app</i></a>
-      </li>
-    {% else %}
-      <li><a href="{% url 'signup' %}">Registrazione</a></li>
-      <li><a href="{% url 'login' %}">Login</a></li>
-    {% endif %}
-  </ul>
 {% endblock%}
 
 {% block content %}
diff --git a/client/migrations/0002_auto_20200730_1951.py b/client/migrations/0002_auto_20200730_1951.py
new file mode 100644
index 0000000..3644e42
--- /dev/null
+++ b/client/migrations/0002_auto_20200730_1951.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.0.7 on 2020-07-30 17:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('client', '0001_squashed_0026_document_signed_doc'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='document',
+            options={'permissions': [('approved', 'The user is approved'), ('staff', 'The user is staff of the non primary group')]},
+        ),
+        migrations.AlterField(
+            model_name='document',
+            name='compilation_date',
+            field=models.DateTimeField(auto_now_add=True),
+        ),
+    ]
diff --git a/client/models.py b/client/models.py
index 7c47cee..5d59e3e 100644
--- a/client/models.py
+++ b/client/models.py
@@ -75,7 +75,8 @@ class Document(models.Model):
 
     class Meta:
         permissions = [
-            ("approved", "The user is approved")
+            ("approved", "The user is approved"),
+            ("staff", "The user is staff of the non primary group")
         ]
 
 
diff --git a/server/templates/server/doc_list.html b/server/templates/server/doc_list.html
index 12b64cd..302a1d9 100644
--- a/server/templates/server/doc_list.html
+++ b/server/templates/server/doc_list.html
@@ -9,7 +9,7 @@
       <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a>
       <a href="{% url 'doclist' %}" class="breadcrumb hide-on-med-and-down">Documenti</a>
       <ul class="right">
-          {% if user.is_staff %}
+          {% if user.is_staff or perms.client.staff %}
             <li><a href="{% url 'server' %}">Pannello Admin</a></li>
           {% endif %}
           {% if user.is_authenticated %}
diff --git a/server/templates/server/doc_type.html b/server/templates/server/doc_type.html
index d102664..01db1be 100644
--- a/server/templates/server/doc_type.html
+++ b/server/templates/server/doc_type.html
@@ -9,7 +9,7 @@
       <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a>
       <a ref="{% url 'doctype' %}" class="breadcrumb hide-on-med-and-down">Tipo Doc</a>
       <ul class="right">
-          {% if user.is_staff %}
+          {% if user.is_staff or perms.client.staff %}
             <li><a href="{% url 'server' %}">Pannello Admin</a></li>
           {% endif %}
           {% if user.is_authenticated %}
diff --git a/server/templates/server/index.html b/server/templates/server/index.html
index 4c82618..2e299d1 100644
--- a/server/templates/server/index.html
+++ b/server/templates/server/index.html
@@ -9,6 +9,7 @@
 
 {% block content %}
 <div class="row">
+  {% if user.is_staff %}
   <div class="col l4 s12">
     <div class="card large">
       <div class="card-content">
@@ -35,7 +36,12 @@
       </div>
     </div>
   </div>
+  {% endif %}
+  {% if user.is_staff %}
   <div class="col l8 s12">
+  {% else %}
+  <div class="col s12">
+  {% endif %}
     <div class="card large">
       <div class="card-content">
         <ul class="collection">
diff --git a/server/templates/server/user_list.html b/server/templates/server/user_list.html
index 653e33d..721f284 100644
--- a/server/templates/server/user_list.html
+++ b/server/templates/server/user_list.html
@@ -9,7 +9,7 @@
       <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a>
       <a href="#!" class="breadcrumb hide-on-med-and-down">Lista Utenti</a>
       <ul class="right">
-          {% if user.is_staff %}
+          {% if user.is_staff or perms.client.staff %}
             <li><a href="{% url 'server' %}">Pannello Admin</a></li>
           {% endif %}
           {% if user.is_authenticated %}
diff --git a/server/views.py b/server/views.py
index c23e8c8..b3db149 100644
--- a/server/views.py
+++ b/server/views.py
@@ -7,6 +7,7 @@ from django.db.models.deletion import ProtectedError
 from django.template.loader import get_template
 from django.conf import settings
 from django.contrib.admin.views.decorators import staff_member_required
+from django.contrib.auth.decorators import user_passes_test
 from django.contrib.contenttypes.models import ContentType
 
 import dateparser
@@ -19,7 +20,15 @@ import os, base64
 from PIL import Image, UnidentifiedImageError
 
 
-@staff_member_required
+def isStaff(user):
+    if user.is_staff:
+        return True
+    if user.has_perm("client.staff"):
+        return True
+    return False
+
+
+@user_passes_test(isStaff)
 def index(request):
     context = {}
     parent_group = request.user.groups.values_list('name', flat=True)[
@@ -37,17 +46,26 @@ def index(request):
     parent_group = request.user.groups.values_list('name', flat=True)[
         0]
     group = Group.objects.get(name=parent_group)
-    public_types = DocumentType.objects.filter(
-        Q(group_private=False) | Q(group=group) & Q(enabled=True))
+    if request.user.is_staff:
+        public_types = DocumentType.objects.filter(
+            Q(group_private=False) | Q(group=group) & Q(enabled=True))
+    else:
+        public_types = DocumentType.objects.filter(
+            Q(group_private=False) & Q(enabled=True))
     docs = []
     for doc in public_types:
         ref_docs = Document.objects.filter(document_type=doc)
         docs.append([doc, len(ref_docs)])
 
-    context = {
-        'docs': docs,
-        'users': users_out,
-        }
+    if request.user.is_staff:
+        context = {
+            'docs': docs,
+            'users': users_out,
+            }
+    else:
+        context = {
+            'docs': docs,
+            }
     return render(request, 'server/index.html', context)
 
 
@@ -94,25 +112,32 @@ def uapprove(request):
     return render(request, 'server/approve_user.html', context)
 
 
-@staff_member_required
+@user_passes_test(isStaff)
 def docapprove(request):
     context = {}
     data = []
     parent_group = request.user.groups.values_list('name', flat=True)[
         0]
+
+    if request.user.is_staff:
+        groups = request.user.groups.values_list('name', flat=True)
+    else:
+        groups = request.user.groups.values_list('name', flat=True)[1:]
+
     group = Group.objects.get(name=parent_group)
     if request.method == "POST":
         data = request.POST["codes"]
         data.replace("\r", "")
         data = data.split("\n")
         for i in range(len(data)):
+            print(Document.objects.filter(code=data[i])[0].group.name)
             if not data[i].isdigit():
                 data[i] = data[i] + " - Formato errato"
             elif int(data[i]) < 100000 or int(data[i]) > 999999:
                 data[i] = data[i] + " - Formato errato"
             elif len(Document.objects.filter(code=data[i])) == 0:
                 data[i] = data[i] + " - Invalido"
-            elif Document.objects.filter(code=data[i])[0].group != group:
+            elif Document.objects.filter(code=data[i])[0].group.name not in groups:
                 data[i] = data[i] + " - Invalido"
             else:
                 document = Document.objects.filter(code=data[i])[0]
@@ -195,7 +220,7 @@ def ulist(request):
     return render(request, 'server/user_list.html', context)
 
 
-@staff_member_required
+@user_passes_test(isStaff)
 def doctype(request):
     context = {}
     error = False
@@ -219,7 +244,10 @@ def doctype(request):
     group_check = 'checked="checked"'
     if request.method == "POST":
         selected = []
-        parent_groups = request.user.groups.values_list('name', flat=True)
+        if request.user.is_staff:
+            parent_groups = request.user.groups.values_list('name', flat=True)
+        else:
+            parent_groups = request.user.groups.values_list('name', flat=True)[1:]
         for i in request.POST.keys():
             if i.isdigit():
                 docc = DocumentType.objects.get(id=i)
@@ -265,8 +293,12 @@ def doctype(request):
     parent_group = request.user.groups.values_list('name', flat=True)[
         0]
     group = Group.objects.get(name=parent_group)
-    public_types = DocumentType.objects.filter(
-        Q(group_private=False) | Q(group=group))
+    if request.user.is_staff:
+        public_types = DocumentType.objects.filter(
+            Q(group_private=False) | Q(group=group))
+    else:
+        public_types = DocumentType.objects.filter(
+            Q(group_private=False))
     if not public:
         public_types = public_types.filter(group_private=True)
         public_check = ""
@@ -314,12 +346,20 @@ def doctype(request):
     return render(request, 'server/doc_type.html', context)
 
 
-@staff_member_required
+@user_passes_test(isStaff)
 def doccreate(request):
     context = {}
-    parent_group = request.user.groups.values_list('name', flat=True)[
-        0]
+    if request.user.is_staff:
+        groups = request.user.groups.values_list('name', flat=True)
+        parent_group = request.user.groups.values_list('name', flat=True)[
+            0]
+    else:
+        groups = request.user.groups.values_list('name', flat=True)[1:]
+        parent_group = request.user.groups.values_list('name', flat=True)[
+            1]
+
     group = Group.objects.get(name=parent_group)
+
     enabled = False
     group_private = False
     personal_data = False
@@ -363,7 +403,7 @@ def doccreate(request):
             return render(request, 'server/doc_create.html', context)
 
         if custom_group != "":
-            if custom_group not in request.user.groups.values_list('name', flat=True):
+            if custom_group not in groups:
                 context["error"] = "true"
                 context["error_text"] = "Non puoi creare un tipo assegnato ad un gruppo di cui non fai parte"
                 return render(request, 'server/doc_create.html', context)
@@ -386,12 +426,18 @@ def doccreate(request):
     return render(request, 'server/doc_create.html', context)
 
 
-@staff_member_required
+@user_passes_test(isStaff)
 def doclist(request):
     context = {}
     parent_group = request.user.groups.values_list('name', flat=True)[
         0]
     group = Group.objects.get(name=parent_group)
+
+    if request.user.is_staff:
+        parent_groups = request.user.groups.values_list('name', flat=True)
+    else:
+        parent_groups = request.user.groups.values_list('name', flat=True)[1:]
+
     zurich = pytz.timezone('Europe/Zurich')
     error = False
     error_text = ""
@@ -419,7 +465,7 @@ def doclist(request):
     if request.method == "POST":
         if request.POST["action"][0] == 'k':
             document = Document.objects.get(id=request.POST["action"][1:])
-            if document.group == group:
+            if document.group.name in parent_groups:
                 vac_file = ""
                 health_file = ""
                 sign_doc_file = ""
@@ -447,7 +493,6 @@ def doclist(request):
                 return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
 
         selected = []
-        parent_groups = request.user.groups.values_list('name', flat=True)
         for i in request.POST.keys():
             if i.isdigit():
                 docc = Document.objects.get(id=i)
@@ -497,7 +542,6 @@ def doclist(request):
             types = []
             groups = []
 
-    parent_groups = request.user.groups.values_list('name', flat=True)
     q_obj = Q()
     for i in parent_groups:
         q_obj |= Q(group__name=i)
@@ -598,11 +642,17 @@ def doclist(request):
         }
     return render(request, 'server/doc_list.html', context)
 
-@staff_member_required
+
+@user_passes_test(isStaff)
 def upload_doc(request):
     parent_group = request.user.groups.values_list('name', flat=True)[
         0]
     group = Group.objects.get(name=parent_group)
+    if request.user.is_staff:
+        groups = request.user.groups.values_list('name', flat=True)
+    else:
+        groups = request.user.groups.values_list('name', flat=True)[1:]
+
     message = ""
     error = False
     success = False
@@ -620,7 +670,7 @@ def upload_doc(request):
         elif len(Document.objects.filter(code=data)) == 0:
             error_text = "Codice invalido"
             error = True
-        elif Document.objects.filter(code=data)[0].group != group:
+        elif Document.objects.filter(code=data)[0].group.name not in groups:
             error_text = "Codice invalido"
             error = True
         else:
@@ -659,19 +709,22 @@ def upload_doc(request):
     }
     return render(request, 'server/upload_doc.html', context)
 
+
+@user_passes_test(isStaff)
 def docpreview(request):
     context = {}
-    parent_group = request.user.groups.values_list('name', flat=True)[
-        0]
-    group = Group.objects.get(name=parent_group)
+    if request.user.is_staff:
+        groups = request.user.groups.values_list('name', flat=True)
+    else:
+        groups = request.user.groups.values_list('name', flat=True)[1:]
+
     if request.method == "POST":
-        print(request.POST)
         code = request.POST["preview"]
         if not code.isdigit():
             return render(request, 'server/download_doc.html', context)
         if len(Document.objects.filter(code=code)) == 0:
             return render(request, 'server/download_doc.html', context)
-        if Document.objects.filter(code=code)[0].group != group:
+        if Document.objects.filter(code=code)[0].group.name not in groups:
             return render(request, 'server/download_doc.html', context)
 
         document = Document.objects.filter(code=code)[0]
diff --git a/templates/registration/base.html b/templates/registration/base.html
index ae0b536..e2885cd 100644
--- a/templates/registration/base.html
+++ b/templates/registration/base.html
@@ -14,7 +14,7 @@
       {% block nav %}
       {% endblock %}
       <ul class="right">
-          {% if user.is_staff %}
+          {% if user.is_staff or perms.client.staff %}
             <li><a href="{% url 'server' %}">Pannello Admin</a></li>
           {% endif %}
           {% if user.is_authenticated %}
diff --git a/templates/registration/base_client.html b/templates/registration/base_client.html
index b6c3251..b526c84 100644
--- a/templates/registration/base_client.html
+++ b/templates/registration/base_client.html
@@ -14,7 +14,7 @@
       {% block nav %}
       {% endblock %}
       <ul class="right">
-          {% if user.is_staff %}
+          {% if user.is_staff or perms.client.staff %}
             <li><a href="{% url 'server' %}">Pannello Admin</a></li>
           {% endif %}
           {% if user.is_authenticated %}
author	Andrea Lepori <alepori@student.ethz.ch>	2020-07-30 20:36:49 +0200
committer	Andrea Lepori <alepori@student.ethz.ch>	2020-07-30 20:36:49 +0200
commit	e8cf20110599c16df4f8a33ee36c3fe282cefa3a (patch)
tree	8d0ca9e022e80c74dcaf4f656e56f01a20d12ec9
parent	block debug actions and confirm for approve doc (diff)
download	scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.tar.gz scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.zip