aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2020-07-30 20:36:49 +0200
committerAndrea Lepori <alepori@student.ethz.ch>2020-07-30 20:36:49 +0200
commite8cf20110599c16df4f8a33ee36c3fe282cefa3a (patch)
tree8d0ca9e022e80c74dcaf4f656e56f01a20d12ec9
parentblock debug actions and confirm for approve doc (diff)
downloadscout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.tar.gz
scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.zip
perm staff for non primary group
-rw-r--r--accounts/templates/accounts/index.html19
-rw-r--r--client/migrations/0002_auto_20200730_1951.py22
-rw-r--r--client/models.py3
-rw-r--r--server/templates/server/doc_list.html2
-rw-r--r--server/templates/server/doc_type.html2
-rw-r--r--server/templates/server/index.html6
-rw-r--r--server/templates/server/user_list.html2
-rw-r--r--server/views.py109
-rw-r--r--templates/registration/base.html2
-rw-r--r--templates/registration/base_client.html2
10 files changed, 117 insertions, 52 deletions
diff --git a/accounts/templates/accounts/index.html b/accounts/templates/accounts/index.html
index e0674a7..7f1f449 100644
--- a/accounts/templates/accounts/index.html
+++ b/accounts/templates/accounts/index.html
@@ -8,7 +8,7 @@
<a style="margin-left: 10px;" href="{% url 'index' %}" class="breadcrumb">Home</a>
<a href="#!" class="breadcrumb hide-on-med-and-down">Account</a>
<ul class="right">
- {% if user.is_staff %}
+ {% if user.is_staff or perms.client.staff %}
<li><a href="{% url 'server' %}">Pannello Admin</a></li>
{% endif %}
<li><a href="{% url 'personal' %}">{{ user.username }}</a></li>
@@ -23,23 +23,6 @@
</ul>
</div>
</nav>
-
- <ul class="sidenav" id="mobile-demo">
- {% if user.is_staff %}
- <li><a href="{% url 'server' %}">Pannello Admin</a></li>
- {% endif %}
- {% if user.is_authenticated %}
- <li><a href="{% url 'personal' %}">{{ user.username }}</a></li>
- {% endif %}
- {% if user.username != "" %}
- <li>
- <a href="{% url 'logout' %}"><i class="material-icons">exit_to_app</i></a>
- </li>
- {% else %}
- <li><a href="{% url 'signup' %}">Registrazione</a></li>
- <li><a href="{% url 'login' %}">Login</a></li>
- {% endif %}
- </ul>
{% endblock%}
{% block content %}
diff --git a/client/migrations/0002_auto_20200730_1951.py b/client/migrations/0002_auto_20200730_1951.py
new file mode 100644
index 0000000..3644e42
--- /dev/null
+++ b/client/migrations/0002_auto_20200730_1951.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.0.7 on 2020-07-30 17:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('client', '0001_squashed_0026_document_signed_doc'),
+ ]
+
+ operations = [
+ migrations.AlterModelOptions(
+ name='document',
+ options={'permissions': [('approved', 'The user is approved'), ('staff', 'The user is staff of the non primary group')]},
+ ),
+ migrations.AlterField(
+ model_name='document',
+ name='compilation_date',
+ field=models.DateTimeField(auto_now_add=True),
+ ),
+ ]
diff --git a/client/models.py b/client/models.py
index 7c47cee..5d59e3e 100644
--- a/client/models.py
+++ b/client/models.py
@@ -75,7 +75,8 @@ class Document(models.Model):
class Meta:
permissions = [
- ("approved", "The user is approved")
+ ("approved", "The user is approved"),
+ ("staff", "The user is staff of the non primary group")
]
diff --git a/server/templates/server/doc_list.html b/server/templates/server/doc_list.html
index 12b64cd..302a1d9 100644
--- a/server/templates/server/doc_list.html
+++ b/server/templates/server/doc_list.html
@@ -9,7 +9,7 @@
<a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a>
<a href="{% url 'doclist' %}" class="breadcrumb hide-on-med-and-down">Documenti</a>
<ul class="right">
- {% if user.is_staff %}
+ {% if user.is_staff or perms.client.staff %}
<li><a href="{% url 'server' %}">Pannello Admin</a></li>
{% endif %}
{% if user.is_authenticated %}
diff --git a/server/templates/server/doc_type.html b/server/templates/server/doc_type.html
index d102664..01db1be 100644
--- a/server/templates/server/doc_type.html
+++ b/server/templates/server/doc_type.html
@@ -9,7 +9,7 @@
<a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a>
<a ref="{% url 'doctype' %}" class="breadcrumb hide-on-med-and-down">Tipo Doc</a>
<ul class="right">
- {% if user.is_staff %}
+ {% if user.is_staff or perms.client.staff %}
<li><a href="{% url 'server' %}">Pannello Admin</a></li>
{% endif %}
{% if user.is_authenticated %}
diff --git a/server/templates/server/index.html b/server/templates/server/index.html
index 4c82618..2e299d1 100644
--- a/server/templates/server/index.html
+++ b/server/templates/server/index.html
@@ -9,6 +9,7 @@
{% block content %}
<div class="row">
+ {% if user.is_staff %}
<div class="col l4 s12">
<div class="card large">
<div class="card-content">
@@ -35,7 +36,12 @@
</div>
</div>
</div>
+ {% endif %}
+ {% if user.is_staff %}
<div class="col l8 s12">
+ {% else %}
+ <div class="col s12">
+ {% endif %}
<div class="card large">
<div class="card-content">
<ul class="collection">
diff --git a/server/templates/server/user_list.html b/server/templates/server/user_list.html
index 653e33d..721f284 100644
--- a/server/templates/server/user_list.html
+++ b/server/templates/server/user_list.html
@@ -9,7 +9,7 @@
<a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a>
<a href="#!" class="breadcrumb hide-on-med-and-down">Lista Utenti</a>
<ul class="right">
- {% if user.is_staff %}
+ {% if user.is_staff or perms.client.staff %}
<li><a href="{% url 'server' %}">Pannello Admin</a></li>
{% endif %}
{% if user.is_authenticated %}
diff --git a/server/views.py b/server/views.py
index c23e8c8..b3db149 100644
--- a/server/views.py
+++ b/server/views.py
@@ -7,6 +7,7 @@ from django.db.models.deletion import ProtectedError
from django.template.loader import get_template
from django.conf import settings
from django.contrib.admin.views.decorators import staff_member_required
+from django.contrib.auth.decorators import user_passes_test
from django.contrib.contenttypes.models import ContentType
import dateparser
@@ -19,7 +20,15 @@ import os, base64
from PIL import Image, UnidentifiedImageError
-@staff_member_required
+def isStaff(user):
+ if user.is_staff:
+ return True
+ if user.has_perm("client.staff"):
+ return True
+ return False
+
+
+@user_passes_test(isStaff)
def index(request):
context = {}
parent_group = request.user.groups.values_list('name', flat=True)[
@@ -37,17 +46,26 @@ def index(request):
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
- public_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group) & Q(enabled=True))
+ if request.user.is_staff:
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) | Q(group=group) & Q(enabled=True))
+ else:
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) & Q(enabled=True))
docs = []
for doc in public_types:
ref_docs = Document.objects.filter(document_type=doc)
docs.append([doc, len(ref_docs)])
- context = {
- 'docs': docs,
- 'users': users_out,
- }
+ if request.user.is_staff:
+ context = {
+ 'docs': docs,
+ 'users': users_out,
+ }
+ else:
+ context = {
+ 'docs': docs,
+ }
return render(request, 'server/index.html', context)
@@ -94,25 +112,32 @@ def uapprove(request):
return render(request, 'server/approve_user.html', context)
-@staff_member_required
+@user_passes_test(isStaff)
def docapprove(request):
context = {}
data = []
parent_group = request.user.groups.values_list('name', flat=True)[
0]
+
+ if request.user.is_staff:
+ groups = request.user.groups.values_list('name', flat=True)
+ else:
+ groups = request.user.groups.values_list('name', flat=True)[1:]
+
group = Group.objects.get(name=parent_group)
if request.method == "POST":
data = request.POST["codes"]
data.replace("\r", "")
data = data.split("\n")
for i in range(len(data)):
+ print(Document.objects.filter(code=data[i])[0].group.name)
if not data[i].isdigit():
data[i] = data[i] + " - Formato errato"
elif int(data[i]) < 100000 or int(data[i]) > 999999:
data[i] = data[i] + " - Formato errato"
elif len(Document.objects.filter(code=data[i])) == 0:
data[i] = data[i] + " - Invalido"
- elif Document.objects.filter(code=data[i])[0].group != group:
+ elif Document.objects.filter(code=data[i])[0].group.name not in groups:
data[i] = data[i] + " - Invalido"
else:
document = Document.objects.filter(code=data[i])[0]
@@ -195,7 +220,7 @@ def ulist(request):
return render(request, 'server/user_list.html', context)
-@staff_member_required
+@user_passes_test(isStaff)
def doctype(request):
context = {}
error = False
@@ -219,7 +244,10 @@ def doctype(request):
group_check = 'checked="checked"'
if request.method == "POST":
selected = []
- parent_groups = request.user.groups.values_list('name', flat=True)
+ if request.user.is_staff:
+ parent_groups = request.user.groups.values_list('name', flat=True)
+ else:
+ parent_groups = request.user.groups.values_list('name', flat=True)[1:]
for i in request.POST.keys():
if i.isdigit():
docc = DocumentType.objects.get(id=i)
@@ -265,8 +293,12 @@ def doctype(request):
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
- public_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group))
+ if request.user.is_staff:
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) | Q(group=group))
+ else:
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False))
if not public:
public_types = public_types.filter(group_private=True)
public_check = ""
@@ -314,12 +346,20 @@ def doctype(request):
return render(request, 'server/doc_type.html', context)
-@staff_member_required
+@user_passes_test(isStaff)
def doccreate(request):
context = {}
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
+ if request.user.is_staff:
+ groups = request.user.groups.values_list('name', flat=True)
+ parent_group = request.user.groups.values_list('name', flat=True)[
+ 0]
+ else:
+ groups = request.user.groups.values_list('name', flat=True)[1:]
+ parent_group = request.user.groups.values_list('name', flat=True)[
+ 1]
+
group = Group.objects.get(name=parent_group)
+
enabled = False
group_private = False
personal_data = False
@@ -363,7 +403,7 @@ def doccreate(request):
return render(request, 'server/doc_create.html', context)
if custom_group != "":
- if custom_group not in request.user.groups.values_list('name', flat=True):
+ if custom_group not in groups:
context["error"] = "true"
context["error_text"] = "Non puoi creare un tipo assegnato ad un gruppo di cui non fai parte"
return render(request, 'server/doc_create.html', context)
@@ -386,12 +426,18 @@ def doccreate(request):
return render(request, 'server/doc_create.html', context)
-@staff_member_required
+@user_passes_test(isStaff)
def doclist(request):
context = {}
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
+
+ if request.user.is_staff:
+ parent_groups = request.user.groups.values_list('name', flat=True)
+ else:
+ parent_groups = request.user.groups.values_list('name', flat=True)[1:]
+
zurich = pytz.timezone('Europe/Zurich')
error = False
error_text = ""
@@ -419,7 +465,7 @@ def doclist(request):
if request.method == "POST":
if request.POST["action"][0] == 'k':
document = Document.objects.get(id=request.POST["action"][1:])
- if document.group == group:
+ if document.group.name in parent_groups:
vac_file = ""
health_file = ""
sign_doc_file = ""
@@ -447,7 +493,6 @@ def doclist(request):
return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
selected = []
- parent_groups = request.user.groups.values_list('name', flat=True)
for i in request.POST.keys():
if i.isdigit():
docc = Document.objects.get(id=i)
@@ -497,7 +542,6 @@ def doclist(request):
types = []
groups = []
- parent_groups = request.user.groups.values_list('name', flat=True)
q_obj = Q()
for i in parent_groups:
q_obj |= Q(group__name=i)
@@ -598,11 +642,17 @@ def doclist(request):
}
return render(request, 'server/doc_list.html', context)
-@staff_member_required
+
+@user_passes_test(isStaff)
def upload_doc(request):
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
+ if request.user.is_staff:
+ groups = request.user.groups.values_list('name', flat=True)
+ else:
+ groups = request.user.groups.values_list('name', flat=True)[1:]
+
message = ""
error = False
success = False
@@ -620,7 +670,7 @@ def upload_doc(request):
elif len(Document.objects.filter(code=data)) == 0:
error_text = "Codice invalido"
error = True
- elif Document.objects.filter(code=data)[0].group != group:
+ elif Document.objects.filter(code=data)[0].group.name not in groups:
error_text = "Codice invalido"
error = True
else:
@@ -659,19 +709,22 @@ def upload_doc(request):
}
return render(request, 'server/upload_doc.html', context)
+
+@user_passes_test(isStaff)
def docpreview(request):
context = {}
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
+ if request.user.is_staff:
+ groups = request.user.groups.values_list('name', flat=True)
+ else:
+ groups = request.user.groups.values_list('name', flat=True)[1:]
+
if request.method == "POST":
- print(request.POST)
code = request.POST["preview"]
if not code.isdigit():
return render(request, 'server/download_doc.html', context)
if len(Document.objects.filter(code=code)) == 0:
return render(request, 'server/download_doc.html', context)
- if Document.objects.filter(code=code)[0].group != group:
+ if Document.objects.filter(code=code)[0].group.name not in groups:
return render(request, 'server/download_doc.html', context)
document = Document.objects.filter(code=code)[0]
diff --git a/templates/registration/base.html b/templates/registration/base.html
index ae0b536..e2885cd 100644
--- a/templates/registration/base.html
+++ b/templates/registration/base.html
@@ -14,7 +14,7 @@
{% block nav %}
{% endblock %}
<ul class="right">
- {% if user.is_staff %}
+ {% if user.is_staff or perms.client.staff %}
<li><a href="{% url 'server' %}">Pannello Admin</a></li>
{% endif %}
{% if user.is_authenticated %}
diff --git a/templates/registration/base_client.html b/templates/registration/base_client.html
index b6c3251..b526c84 100644
--- a/templates/registration/base_client.html
+++ b/templates/registration/base_client.html
@@ -14,7 +14,7 @@
{% block nav %}
{% endblock %}
<ul class="right">
- {% if user.is_staff %}
+ {% if user.is_staff or perms.client.staff %}
<li><a href="{% url 'server' %}">Pannello Admin</a></li>
{% endif %}
{% if user.is_authenticated %}