diff options
author | Andrea Lepori <alepori@student.ethz.ch> | 2020-07-30 20:36:49 +0200 |
---|---|---|
committer | Andrea Lepori <alepori@student.ethz.ch> | 2020-07-30 20:36:49 +0200 |
commit | e8cf20110599c16df4f8a33ee36c3fe282cefa3a (patch) | |
tree | 8d0ca9e022e80c74dcaf4f656e56f01a20d12ec9 /server | |
parent | block debug actions and confirm for approve doc (diff) | |
download | scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.tar.gz scout-subs-e8cf20110599c16df4f8a33ee36c3fe282cefa3a.zip |
perm staff for non primary group
Diffstat (limited to '')
-rw-r--r-- | server/templates/server/doc_list.html | 2 | ||||
-rw-r--r-- | server/templates/server/doc_type.html | 2 | ||||
-rw-r--r-- | server/templates/server/index.html | 6 | ||||
-rw-r--r-- | server/templates/server/user_list.html | 2 | ||||
-rw-r--r-- | server/views.py | 109 |
5 files changed, 90 insertions, 31 deletions
diff --git a/server/templates/server/doc_list.html b/server/templates/server/doc_list.html index 12b64cd..302a1d9 100644 --- a/server/templates/server/doc_list.html +++ b/server/templates/server/doc_list.html @@ -9,7 +9,7 @@ <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a> <a href="{% url 'doclist' %}" class="breadcrumb hide-on-med-and-down">Documenti</a> <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} diff --git a/server/templates/server/doc_type.html b/server/templates/server/doc_type.html index d102664..01db1be 100644 --- a/server/templates/server/doc_type.html +++ b/server/templates/server/doc_type.html @@ -9,7 +9,7 @@ <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a> <a ref="{% url 'doctype' %}" class="breadcrumb hide-on-med-and-down">Tipo Doc</a> <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} diff --git a/server/templates/server/index.html b/server/templates/server/index.html index 4c82618..2e299d1 100644 --- a/server/templates/server/index.html +++ b/server/templates/server/index.html @@ -9,6 +9,7 @@ {% block content %} <div class="row"> + {% if user.is_staff %} <div class="col l4 s12"> <div class="card large"> <div class="card-content"> @@ -35,7 +36,12 @@ </div> </div> </div> + {% endif %} + {% if user.is_staff %} <div class="col l8 s12"> + {% else %} + <div class="col s12"> + {% endif %} <div class="card large"> <div class="card-content"> <ul class="collection"> diff --git a/server/templates/server/user_list.html b/server/templates/server/user_list.html index 653e33d..721f284 100644 --- a/server/templates/server/user_list.html +++ b/server/templates/server/user_list.html @@ -9,7 +9,7 @@ <a href="{% url 'server'%}" class="breadcrumb hide-on-med-and-down">Admin</a> <a href="#!" class="breadcrumb hide-on-med-and-down">Lista Utenti</a> <ul class="right"> - {% if user.is_staff %} + {% if user.is_staff or perms.client.staff %} <li><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} {% if user.is_authenticated %} diff --git a/server/views.py b/server/views.py index c23e8c8..b3db149 100644 --- a/server/views.py +++ b/server/views.py @@ -7,6 +7,7 @@ from django.db.models.deletion import ProtectedError from django.template.loader import get_template from django.conf import settings from django.contrib.admin.views.decorators import staff_member_required +from django.contrib.auth.decorators import user_passes_test from django.contrib.contenttypes.models import ContentType import dateparser @@ -19,7 +20,15 @@ import os, base64 from PIL import Image, UnidentifiedImageError -@staff_member_required +def isStaff(user): + if user.is_staff: + return True + if user.has_perm("client.staff"): + return True + return False + + +@user_passes_test(isStaff) def index(request): context = {} parent_group = request.user.groups.values_list('name', flat=True)[ @@ -37,17 +46,26 @@ def index(request): parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) - public_types = DocumentType.objects.filter( - Q(group_private=False) | Q(group=group) & Q(enabled=True)) + if request.user.is_staff: + public_types = DocumentType.objects.filter( + Q(group_private=False) | Q(group=group) & Q(enabled=True)) + else: + public_types = DocumentType.objects.filter( + Q(group_private=False) & Q(enabled=True)) docs = [] for doc in public_types: ref_docs = Document.objects.filter(document_type=doc) docs.append([doc, len(ref_docs)]) - context = { - 'docs': docs, - 'users': users_out, - } + if request.user.is_staff: + context = { + 'docs': docs, + 'users': users_out, + } + else: + context = { + 'docs': docs, + } return render(request, 'server/index.html', context) @@ -94,25 +112,32 @@ def uapprove(request): return render(request, 'server/approve_user.html', context) -@staff_member_required +@user_passes_test(isStaff) def docapprove(request): context = {} data = [] parent_group = request.user.groups.values_list('name', flat=True)[ 0] + + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + group = Group.objects.get(name=parent_group) if request.method == "POST": data = request.POST["codes"] data.replace("\r", "") data = data.split("\n") for i in range(len(data)): + print(Document.objects.filter(code=data[i])[0].group.name) if not data[i].isdigit(): data[i] = data[i] + " - Formato errato" elif int(data[i]) < 100000 or int(data[i]) > 999999: data[i] = data[i] + " - Formato errato" elif len(Document.objects.filter(code=data[i])) == 0: data[i] = data[i] + " - Invalido" - elif Document.objects.filter(code=data[i])[0].group != group: + elif Document.objects.filter(code=data[i])[0].group.name not in groups: data[i] = data[i] + " - Invalido" else: document = Document.objects.filter(code=data[i])[0] @@ -195,7 +220,7 @@ def ulist(request): return render(request, 'server/user_list.html', context) -@staff_member_required +@user_passes_test(isStaff) def doctype(request): context = {} error = False @@ -219,7 +244,10 @@ def doctype(request): group_check = 'checked="checked"' if request.method == "POST": selected = [] - parent_groups = request.user.groups.values_list('name', flat=True) + if request.user.is_staff: + parent_groups = request.user.groups.values_list('name', flat=True) + else: + parent_groups = request.user.groups.values_list('name', flat=True)[1:] for i in request.POST.keys(): if i.isdigit(): docc = DocumentType.objects.get(id=i) @@ -265,8 +293,12 @@ def doctype(request): parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) - public_types = DocumentType.objects.filter( - Q(group_private=False) | Q(group=group)) + if request.user.is_staff: + public_types = DocumentType.objects.filter( + Q(group_private=False) | Q(group=group)) + else: + public_types = DocumentType.objects.filter( + Q(group_private=False)) if not public: public_types = public_types.filter(group_private=True) public_check = "" @@ -314,12 +346,20 @@ def doctype(request): return render(request, 'server/doc_type.html', context) -@staff_member_required +@user_passes_test(isStaff) def doccreate(request): context = {} - parent_group = request.user.groups.values_list('name', flat=True)[ - 0] + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + parent_group = request.user.groups.values_list('name', flat=True)[ + 0] + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + parent_group = request.user.groups.values_list('name', flat=True)[ + 1] + group = Group.objects.get(name=parent_group) + enabled = False group_private = False personal_data = False @@ -363,7 +403,7 @@ def doccreate(request): return render(request, 'server/doc_create.html', context) if custom_group != "": - if custom_group not in request.user.groups.values_list('name', flat=True): + if custom_group not in groups: context["error"] = "true" context["error_text"] = "Non puoi creare un tipo assegnato ad un gruppo di cui non fai parte" return render(request, 'server/doc_create.html', context) @@ -386,12 +426,18 @@ def doccreate(request): return render(request, 'server/doc_create.html', context) -@staff_member_required +@user_passes_test(isStaff) def doclist(request): context = {} parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) + + if request.user.is_staff: + parent_groups = request.user.groups.values_list('name', flat=True) + else: + parent_groups = request.user.groups.values_list('name', flat=True)[1:] + zurich = pytz.timezone('Europe/Zurich') error = False error_text = "" @@ -419,7 +465,7 @@ def doclist(request): if request.method == "POST": if request.POST["action"][0] == 'k': document = Document.objects.get(id=request.POST["action"][1:]) - if document.group == group: + if document.group.name in parent_groups: vac_file = "" health_file = "" sign_doc_file = "" @@ -447,7 +493,6 @@ def doclist(request): return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf") selected = [] - parent_groups = request.user.groups.values_list('name', flat=True) for i in request.POST.keys(): if i.isdigit(): docc = Document.objects.get(id=i) @@ -497,7 +542,6 @@ def doclist(request): types = [] groups = [] - parent_groups = request.user.groups.values_list('name', flat=True) q_obj = Q() for i in parent_groups: q_obj |= Q(group__name=i) @@ -598,11 +642,17 @@ def doclist(request): } return render(request, 'server/doc_list.html', context) -@staff_member_required + +@user_passes_test(isStaff) def upload_doc(request): parent_group = request.user.groups.values_list('name', flat=True)[ 0] group = Group.objects.get(name=parent_group) + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + message = "" error = False success = False @@ -620,7 +670,7 @@ def upload_doc(request): elif len(Document.objects.filter(code=data)) == 0: error_text = "Codice invalido" error = True - elif Document.objects.filter(code=data)[0].group != group: + elif Document.objects.filter(code=data)[0].group.name not in groups: error_text = "Codice invalido" error = True else: @@ -659,19 +709,22 @@ def upload_doc(request): } return render(request, 'server/upload_doc.html', context) + +@user_passes_test(isStaff) def docpreview(request): context = {} - parent_group = request.user.groups.values_list('name', flat=True)[ - 0] - group = Group.objects.get(name=parent_group) + if request.user.is_staff: + groups = request.user.groups.values_list('name', flat=True) + else: + groups = request.user.groups.values_list('name', flat=True)[1:] + if request.method == "POST": - print(request.POST) code = request.POST["preview"] if not code.isdigit(): return render(request, 'server/download_doc.html', context) if len(Document.objects.filter(code=code)) == 0: return render(request, 'server/download_doc.html', context) - if Document.objects.filter(code=code)[0].group != group: + if Document.objects.filter(code=code)[0].group.name not in groups: return render(request, 'server/download_doc.html', context) document = Document.objects.filter(code=code)[0] |