diff options
author | Andrea Lepori <alepori@student.ethz.ch> | 2020-07-30 20:36:49 +0200 |
---|---|---|
committer | Andrea Lepori <alepori@student.ethz.ch> | 2020-07-30 20:36:49 +0200 |
commit | e8cf20110599c16df4f8a33ee36c3fe282cefa3a (patch) | |
tree | 8d0ca9e022e80c74dcaf4f656e56f01a20d12ec9 | |
parent | block debug actions and confirm for approve doc (diff) | |
download | scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.tar.gz scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.zip |
perm staff for non primary group
-rw-r--r-- | accounts/templates/accounts/index.html | 19 | ||||
-rw-r--r-- | client/migrations/0002_auto_20200730_1951.py | 22 | ||||
-rw-r--r-- | client/models.py | 3 | ||||
-rw-r--r-- | server/templates/server/doc_list.html | 2 | ||||
-rw-r--r-- | server/templates/server/doc_type.html | 2 | ||||
-rw-r--r-- | server/templates/server/index.html | 6 | ||||
-rw-r--r-- | server/templates/server/user_list.html | 2 | ||||
-rw-r--r-- | server/views.py | 109 | ||||
-rw-r--r-- | templates/registration/base.html | 2 | ||||
-rw-r--r-- | templates/registration/base_client.html | 2 |
10 files changed, 117 insertions, 52 deletions
diff --git a/accounts/templates/accounts/index.html b/accounts/templates/accounts/index.html index e0674a7..7f1f449 100644 --- a/accounts/templates/accounts/index.html +++ b/accounts/templates/accounts/index.html @@ -8,7 +8,7 @@ <a style="margin-left: 10px;" href="{% url 'index' %}" class="breadcrumb">Home</a> <a href="#!" class="breadcrumb hide-on-med-and-down">Account</a> <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} <li><a href="{% url 'personal' %}">{{ user.username }}</a></li> @@ -23,23 +23,6 @@ </ul> </div> </nav> - - <ul class="sidenav" id="mobile-demo"> - {% if user.is_staff %} - <li><a href="{% url 'server' %}">Pannello Admin</a></li> - {% endif %} - {% if user.is_authenticated %} - <li><a href="{% url 'personal' %}">{{ user.username }}</a></li> - {% endif %} - {% if user.username != "" %} - <li> - <a href="{% url 'logout' %}"><i class="material-icons">exit_to_app</i></a> - </li> - {% else %} - <li><a href="{% url 'signup' %}">Registrazione</a></li> - <li><a href="{% url 'login' %}">Login</a></li> - {% endif %} - </ul> {% endblock%} {% block content %} diff --git a/client/migrations/0002_auto_20200730_1951.py b/client/migrations/0002_auto_20200730_1951.py new file mode 100644 index 0000000..3644e42 --- /dev/null +++ b/client/migrations/0002_auto_20200730_1951.py @@ -0,0 +1,22 @@ +# Generated by Django 3.0.7 on 2020-07-30 17:51 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('client', '0001_squashed_0026_document_signed_doc'), + ] + + operations = [ + migrations.AlterModelOptions( + name='document', + options={'permissions': [('approved', 'The user is approved'), ('staff', 'The user is staff of the non primary group')]}, + ), + migrations.AlterField( + model_name='document', + name='compilation_date', + field=models.DateTimeField(auto_now_add=True), + ), + ] diff --git a/client/models.py b/client/models.py index 7c47cee..5d59e3e 100644 --- a/client/models.py +++ b/client/models.py @@ -75,7 +75,8 @@ class Document(models.Model): class Meta: permissions = [ - ("approved", "The user is approved") + ("approved", "The user is approved"), + ("staff", "The user is staff of the non primary group") ] diff --git a/server/templates/server/doc_list.html b/server/templates/server/doc_list.html index 12b64cd..302a1d9 100644 --- a/server/templates/server/doc_list.html +++ b/server/templates/server/doc_list.html @@ -9,7 +9,7 @@ <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a> <a href="{% url 'doclist' %}" class="breadcrumb hide-on-med-and-down">Documenti</a> <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} diff --git a/server/templates/server/doc_type.html b/server/templates/server/doc_type.html index d102664..01db1be 100644 --- a/server/templates/server/doc_type.html +++ b/server/templates/server/doc_type.html @@ -9,7 +9,7 @@ <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a> <a ref="{% url 'doctype' %}" class="breadcrumb hide-on-med-and-down">Tipo Doc</a> <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} diff --git a/server/templates/server/index.html b/server/templates/server/index.html index 4c82618..2e299d1 100644 --- a/server/templates/server/index.html +++ b/server/templates/server/index.html @@ -9,6 +9,7 @@ {% block content %} <div class="row"> + {% if user.is_staff %} <div class="col l4 s12"> <div class="card large"> <div class="card-content"> @@ -35,7 +36,12 @@ </div> </div> </div> + {% endif %} + {% if user.is_staff %} <div class="col l8 s12"> + {% else %} + <div class="col s12"> + {% endif %} <div class="card large"> <div class="card-content"> <ul class="collection"> diff --git a/server/templates/server/user_list.html b/server/templates/server/user_list.html index 653e33d..721f284 100644 --- a/server/templates/server/user_list.html +++ b/server/templates/server/user_list.html @@ -9,7 +9,7 @@ <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a> <a href="#!" class="breadcrumb hide-on-med-and-down">Lista Utenti</a> <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} diff --git a/server/views.py b/server/views.py index c23e8c8..b3db149 100644 --- a/server/views.py +++ b/server/views.py @@ -7,6 +7,7 @@ from django.db.models.deletion import ProtectedError from django.template.loader import get_template from django.conf import settings from django.contrib.admin.views.decorators import staff_member_required +from django.contrib.auth.decorators import user_passes_test from django.contrib.contenttypes.models import ContentType import dateparser @@ -19,7 +20,15 @@ import os, base64 from PIL import Image, UnidentifiedImageError -@staff_member_required +def isStaff(user): + if user.is_staff: + return True + if user.has_perm("client.staff"): + return True + return False + + +@user_passes_test(isStaff) def index(request): context = {} parent_group = request.user.groups.values_list('name', flat=True)[ @@ -37,17 +46,26 @@ def index(request): parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) - public_types = DocumentType.objects.filter( - Q(group_private=False) | Q(group=group) & Q(enabled=True)) + if request.user.is_staff: + public_types = DocumentType.objects.filter( + Q(group_private=False) | Q(group=group) & Q(enabled=True)) + else: + public_types = DocumentType.objects.filter( + Q(group_private=False) & Q(enabled=True)) docs = [] for doc in public_types: ref_docs = Document.objects.filter(document_type=doc) docs.append([doc, len(ref_docs)]) - context = { - 'docs': docs, - 'users': users_out, - } + if request.user.is_staff: + context = { + 'docs': docs, + 'users': users_out, + } + else: + context = { + 'docs': docs, + } return render(request, 'server/index.html', context) @@ -94,25 +112,32 @@ def uapprove(request): return render(request, 'server/approve_user.html', context) -@staff_member_required +@user_passes_test(isStaff) def docapprove(request): context = {} data = [] parent_group = request.user.groups.values_list('name', flat=True)[ 0] + + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + group = Group.objects.get(name=parent_group) if request.method == "POST": data = request.POST["codes"] data.replace("\r", "") data = data.split("\n") for i in range(len(data)): + print(Document.objects.filter(code=data[i])[0].group.name) if not data[i].isdigit(): data[i] = data[i] + " - Formato errato" elif int(data[i]) < 100000 or int(data[i]) > 999999: data[i] = data[i] + " - Formato errato" elif len(Document.objects.filter(code=data[i])) == 0: data[i] = data[i] + " - Invalido" - elif Document.objects.filter(code=data[i])[0].group != group: + elif Document.objects.filter(code=data[i])[0].group.name not in groups: data[i] = data[i] + " - Invalido" else: document = Document.objects.filter(code=data[i])[0] @@ -195,7 +220,7 @@ def ulist(request): return render(request, 'server/user_list.html', context) -@staff_member_required +@user_passes_test(isStaff) def doctype(request): context = {} error = False @@ -219,7 +244,10 @@ def doctype(request): group_check = 'checked="checked"' if request.method == "POST": selected = [] - parent_groups = request.user.groups.values_list('name', flat=True) + if request.user.is_staff: + parent_groups = request.user.groups.values_list('name', flat=True) + else: + parent_groups = request.user.groups.values_list('name', flat=True)[1:] for i in request.POST.keys(): if i.isdigit(): docc = DocumentType.objects.get(id=i) @@ -265,8 +293,12 @@ def doctype(request): parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) - public_types = DocumentType.objects.filter( - Q(group_private=False) | Q(group=group)) + if request.user.is_staff: + public_types = DocumentType.objects.filter( + Q(group_private=False) | Q(group=group)) + else: + public_types = DocumentType.objects.filter( + Q(group_private=False)) if not public: public_types = public_types.filter(group_private=True) public_check = "" @@ -314,12 +346,20 @@ def doctype(request): return render(request, 'server/doc_type.html', context) -@staff_member_required +@user_passes_test(isStaff) def doccreate(request): context = {} - parent_group = request.user.groups.values_list('name', flat=True)[ - 0] + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + parent_group = request.user.groups.values_list('name', flat=True)[ + 0] + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + parent_group = request.user.groups.values_list('name', flat=True)[ + 1] + group = Group.objects.get(name=parent_group) + enabled = False group_private = False personal_data = False @@ -363,7 +403,7 @@ def doccreate(request): return render(request, 'server/doc_create.html', context) if custom_group != "": - if custom_group not in request.user.groups.values_list('name', flat=True): + if custom_group not in groups: context["error"] = "true" context["error_text"] = "Non puoi creare un tipo assegnato ad un gruppo di cui non fai parte" return render(request, 'server/doc_create.html', context) @@ -386,12 +426,18 @@ def doccreate(request): return render(request, 'server/doc_create.html', context) -@staff_member_required +@user_passes_test(isStaff) def doclist(request): context = {} parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) + + if request.user.is_staff: + parent_groups = request.user.groups.values_list('name', flat=True) + else: + parent_groups = request.user.groups.values_list('name', flat=True)[1:] + zurich = pytz.timezone('Europe/Zurich') error = False error_text = "" @@ -419,7 +465,7 @@ def doclist(request): if request.method == "POST": if request.POST["action"][0] == 'k': document = Document.objects.get(id=request.POST["action"][1:]) - if document.group == group: + if document.group.name in parent_groups: vac_file = "" health_file = "" sign_doc_file = "" @@ -447,7 +493,6 @@ def doclist(request): return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf") selected = [] - parent_groups = request.user.groups.values_list('name', flat=True) for i in request.POST.keys(): if i.isdigit(): docc = Document.objects.get(id=i) @@ -497,7 +542,6 @@ def doclist(request): types = [] groups = [] - parent_groups = request.user.groups.values_list('name', flat=True) q_obj = Q() for i in parent_groups: q_obj |= Q(group__name=i) @@ -598,11 +642,17 @@ def doclist(request): } return render(request, 'server/doc_list.html', context) -@staff_member_required + +@user_passes_test(isStaff) def upload_doc(request): parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + message = "" error = False success = False @@ -620,7 +670,7 @@ def upload_doc(request): elif len(Document.objects.filter(code=data)) == 0: error_text = "Codice invalido" error = True - elif Document.objects.filter(code=data)[0].group != group: + elif Document.objects.filter(code=data)[0].group.name not in groups: error_text = "Codice invalido" error = True else: @@ -659,19 +709,22 @@ def upload_doc(request): } return render(request, 'server/upload_doc.html', context) + +@user_passes_test(isStaff) def docpreview(request): context = {} - parent_group = request.user.groups.values_list('name', flat=True)[ - 0] - group = Group.objects.get(name=parent_group) + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + if request.method == "POST": - print(request.POST) code = request.POST["preview"] if not code.isdigit(): return render(request, 'server/download_doc.html', context) if len(Document.objects.filter(code=code)) == 0: return render(request, 'server/download_doc.html', context) - if Document.objects.filter(code=code)[0].group != group: + if Document.objects.filter(code=code)[0].group.name not in groups: return render(request, 'server/download_doc.html', context) document = Document.objects.filter(code=code)[0] diff --git a/templates/registration/base.html b/templates/registration/base.html index ae0b536..e2885cd 100644 --- a/templates/registration/base.html +++ b/templates/registration/base.html @@ -14,7 +14,7 @@ {% block nav %} {% endblock %} <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} diff --git a/templates/registration/base_client.html b/templates/registration/base_client.html index b6c3251..b526c84 100644 --- a/templates/registration/base_client.html +++ b/templates/registration/base_client.html @@ -14,7 +14,7 @@ {% block nav %} {% endblock %} <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} |