From a4480258d78e873a4cdc9a8f5d155e9892f25d9e Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 12:45:46 +0100 Subject: [PATCH 01/16] Update file initial.json --- apps/permission/fixtures/initial.json | 48 +++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 00f952cc..44341309 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3832,6 +3832,54 @@ "description": "Voir les profils des membres du club" } }, + { + "model": "permission.permission", + "pk": 244, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_events_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter BDE pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 245, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_art_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Art pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 246, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_sport_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" + } + }, { "model": "permission.role", "pk": 1, From 694a5c7bd8744bae01a4135dcce8522e1df2b17c Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 13:05:10 +0100 Subject: [PATCH 02/16] Update file initial.json --- apps/permission/fixtures/initial.json | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 44341309..36134dee 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3880,6 +3880,26 @@ "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" } }, + { + "model": "permission.permission", + "pk": 247, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "view", + "mask": 3, + "field": [ + "ml_events_registration", + "ml_art_registration", + "ml_sport_registration" + ], + "permanent": false, + "description": "Voir les abonnements aux Newsletters de n'importe quel profil" + } + }, { "model": "permission.role", "pk": 1, From 73aa0098bfa7258c84e4d225e82499d0a55e9ac8 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:20:03 +0100 Subject: [PATCH 03/16] Update file views.py --- apps/member/views.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index 348bf089..1ea88a1c 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -72,11 +72,25 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].required = True form.fields['email'].help_text = _("This address must be valid.") - if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): - context['profile_form'] = self.profile_form(instance=context['user_object'].profile, + #if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): + # context['profile_form'] = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - if not self.object.profile.report_frequency: + # if not self.object.profile.report_frequency: + # del context['profile_form'].fields["last_report"] + + # Vérification des permissions sur le profil + profile_form = self.profile_form(instance=context['user_object'].profile, + data=self.request.POST if self.request.POST else None) + # Désactivation des champs non autorisés + for field_name in profile_form.fields: + if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + profile_form.fields[field_name].widget.attrs['disabled'] = True + + context['profile_form'] = profile_form + + if not self.object.profile.report_frequency: del context['profile_form'].fields["last_report"] + return context From f63e5dcb5a4dc288f15d47a613bfd87ec98945ae Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:26:39 +0100 Subject: [PATCH 04/16] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 1ea88a1c..0f65bb39 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -74,7 +74,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): #if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): # context['profile_form'] = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None) + # data=self.request.POST if self.request.POST else None) # if not self.object.profile.report_frequency: # del context['profile_form'].fields["last_report"] From 6127ced1439055d8d5c24496a7205af03cd0ef0c Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:33:37 +0100 Subject: [PATCH 05/16] Update file views.py --- apps/member/views.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index 0f65bb39..d07bee9a 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -81,14 +81,20 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) + + has_permission = False + # Désactivation des champs non autorisés for field_name in profile_form.fields: - if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + if PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + has_permission = True + else: profile_form.fields[field_name].widget.attrs['disabled'] = True - context['profile_form'] = profile_form + if has_permission : + context['profile_form'] = profile_form - if not self.object.profile.report_frequency: + if not self.object.profile.report_frequency: del context['profile_form'].fields["last_report"] From bcf21507e51ac2b5be55e4cf0016d2bdfd20bd76 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:39:08 +0100 Subject: [PATCH 06/16] Update file views.py --- apps/member/views.py | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index d07bee9a..7b9a88f8 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -81,20 +81,15 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - - has_permission = False - + # Désactivation des champs non autorisés for field_name in profile_form.fields: - if PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - has_permission = True - else: + if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): profile_form.fields[field_name].widget.attrs['disabled'] = True - if has_permission : - context['profile_form'] = profile_form + context['profile_form'] = profile_form - if not self.object.profile.report_frequency: + if not self.object.profile.report_frequency: del context['profile_form'].fields["last_report"] From eee87dcf13d30455e9b67557f9ecd6a5458d1277 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:42:20 +0100 Subject: [PATCH 07/16] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 7b9a88f8..ba07ab33 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -85,7 +85,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Désactivation des champs non autorisés for field_name in profile_form.fields: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - profile_form.fields[field_name].widget.attrs['disabled'] = True + del profile_form.fields[field_name] context['profile_form'] = profile_form From 6229652dea65522b7dcf1a27f18888ed9b0efeea Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:47:32 +0100 Subject: [PATCH 08/16] Update file views.py --- apps/member/views.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index ba07ab33..559c63ef 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,9 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): data=self.request.POST if self.request.POST else None) # Désactivation des champs non autorisés - for field_name in profile_form.fields: + fields_to_check = list(profile_form.fields.keys()) + + for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): del profile_form.fields[field_name] From b2ccc4aede90e9e55084d8a1beb48573d31eb721 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:50:13 +0100 Subject: [PATCH 09/16] Update file views.py --- apps/member/views.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 559c63ef..f0828e6f 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -81,7 +81,10 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - + + if not self.object.profile.report_frequency: + del profile_form.fields["last_report"] + # Désactivation des champs non autorisés fields_to_check = list(profile_form.fields.keys()) From 05e21ed2295bbfc742ecca1c8f2865b4b464217f Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:51:05 +0100 Subject: [PATCH 10/16] Update file views.py --- apps/member/views.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index f0828e6f..8e7cb7fe 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -93,9 +93,6 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): del profile_form.fields[field_name] context['profile_form'] = profile_form - - if not self.object.profile.report_frequency: - del context['profile_form'].fields["last_report"] return context From 96350045200919d6fe6266677ea098bf3b8f4b69 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:56:12 +0100 Subject: [PATCH 11/16] Update file views.py --- apps/member/views.py | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index 8e7cb7fe..f8aef648 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -72,22 +72,15 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].required = True form.fields['email'].help_text = _("This address must be valid.") - #if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): - # context['profile_form'] = self.profile_form(instance=context['user_object'].profile, - # data=self.request.POST if self.request.POST else None) - # if not self.object.profile.report_frequency: - # del context['profile_form'].fields["last_report"] - - # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - if not self.object.profile.report_frequency: del profile_form.fields["last_report"] - # Désactivation des champs non autorisés + fields_to_check = list(profile_form.fields.keys()) + # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): del profile_form.fields[field_name] From 6ceb43cb667e5fdf04712ad816939ceb563d002c Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:07:30 +0100 Subject: [PATCH 12/16] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index f8aef648..7f457dc7 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - del profile_form.fields[field_name] + profile_form.fields[field_name].widget.attrs['disabled'] = True context['profile_form'] = profile_form From bfd865b3e3bec16ea6f8d6136ad8afc0f12cfc62 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:14:28 +0100 Subject: [PATCH 13/16] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 7f457dc7..d52ce914 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - profile_form.fields[field_name].widget.attrs['disabled'] = True + profile_form.fields[field_name].widget.attrs['readonly'] = True context['profile_form'] = profile_form From 056c4029f8f9518c2c0c2223788b139afb0647d9 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:19:26 +0100 Subject: [PATCH 14/16] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index d52ce914..4db3a001 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - profile_form.fields[field_name].widget.attrs['readonly'] = True + profile_form.fields[field_name].widget = forms.HiddenInput() context['profile_form'] = profile_form From 5707abf9e2d8377de41d99b553d217d23f7a3986 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:22:03 +0100 Subject: [PATCH 15/16] Update file views.py --- apps/member/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/member/views.py b/apps/member/views.py index 4db3a001..d5ce2220 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -26,6 +26,7 @@ from note_kfet.middlewares import _set_current_request from permission.backends import PermissionBackend from permission.models import Role from permission.views import ProtectQuerysetMixin, ProtectedCreateView +from django import forms from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \ CustomAuthenticationForm, MembershipRolesForm From f6649f155ac39e9027628fd85471062dfb811b82 Mon Sep 17 00:00:00 2001 From: quark Date: Sun, 9 Feb 2025 16:51:31 +0100 Subject: [PATCH 16/16] linters --- apps/member/views.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index d5ce2220..7f266529 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -74,11 +74,10 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].help_text = _("This address must be valid.") profile_form = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None) + data=self.request.POST if self.request.POST else None) if not self.object.profile.report_frequency: del profile_form.fields["last_report"] - fields_to_check = list(profile_form.fields.keys()) # Delete the fields for which the user does not have the permission to modify @@ -87,7 +86,6 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): profile_form.fields[field_name].widget = forms.HiddenInput() context['profile_form'] = profile_form - return context