Merge main into potvieux

2025-06-28 20:33:00 +02:00 · 2025-01-20 17:43:25 +01:00
parent 2807b6ef44 8fbaa0bdc8
commit 3faf611816
140 changed files with 10432 additions and 5330 deletions
--- a/apps/permission/api/views.py
+++ b/apps/permission/api/views.py
@ -1,9 +1,9 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

-from api.viewsets import ReadOnlyProtectedModelViewSet
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+from api.filters import RegexSafeSearchFilter
+from api.viewsets import ReadOnlyProtectedModelViewSet

 from .serializers import PermissionSerializer, RoleSerializer
 from ..models import Permission, Role
@ -17,9 +17,9 @@ class PermissionViewSet(ReadOnlyProtectedModelViewSet):
    """
    queryset = Permission.objects.order_by('id')
    serializer_class = PermissionSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['model', 'type', 'query', 'mask', 'field', 'permanent', ]
-    search_fields = ['$model__name', '$query', '$description', ]
+    search_fields = ['$model__model', '$query', '$description', ]


 class RoleViewSet(ReadOnlyProtectedModelViewSet):
@ -30,6 +30,6 @@ class RoleViewSet(ReadOnlyProtectedModelViewSet):
    """
    queryset = Role.objects.order_by('id')
    serializer_class = RoleSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
    filterset_fields = ['name', 'permissions', 'for_club', 'memberships__user', ]
    search_fields = ['$name', '$for_club__name', ]
--- a/apps/permission/fixtures/initial.json
+++ b/apps/permission/fixtures/initial.json
--- a/apps/permission/models.py
+++ b/apps/permission/models.py
@ -135,18 +135,18 @@ class Permission(models.Model):

    # A json encoded Q object with the following grammar
    #  query -> [] | {}  (the empty query representing all objects)
-    #  query -> ["AND", query, …]            AND multiple queries
-    #         | ["OR", query, …]             OR multiple queries
+    #  query -> ["AND", query, ...]          AND multiple queries
+    #         | ["OR", query, ...]           OR multiple queries
    #         | ["NOT", query]               Opposite of query
-    #  query -> {key: value, …}              A list of fields and values of a Q object
+    #  query -> {key: value, ...}            A list of fields and values of a Q object
    #  key   -> string                       A field name
    #  value -> int | string | bool | null   Literal values
-    #         | [parameter, …]               A parameter. See compute_param for more details.
+    #         | [parameter, ...]             A parameter. See compute_param for more details.
    #         | {"F": oper}                  An F object
-    #  oper  -> [string, …]                  A parameter. See compute_param for more details.
-    #         | ["ADD", oper, …]             Sum multiple F objects or literal
+    #  oper  -> [string, ...]                A parameter. See compute_param for more details.
+    #         | ["ADD", oper, ...]           Sum multiple F objects or literal
    #         | ["SUB", oper, oper]          Substract two F objects or literal
-    #         | ["MUL", oper, …]             Multiply F objects or literals
+    #         | ["MUL", oper, ...]           Multiply F objects or literals
    #         | int | string | bool | null   Literal values
    #         | ["F", string]                A field
    #
--- a/apps/permission/scopes.py
+++ b/apps/permission/scopes.py
@ -35,6 +35,8 @@ class PermissionScopes(BaseScopes):


 class PermissionOAuth2Validator(OAuth2Validator):
+    oidc_claim_scope = None  # fix breaking change of django-oauth-toolkit 2.0.0
+
    def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
        """
        User can request as many scope as he wants, including invalid scopes,
--- a/apps/permission/tables.py
+++ b/apps/permission/tables.py
@ -36,8 +36,8 @@ class RightsTable(tables.Table):

    def render_roles(self, record):
        # If the user has the right to manage the roles, display the link to manage them
-        roles = record.roles.filter((~(Q(name="Adhérent BDE")
-                                     | Q(name="Adhérent Kfet")
+        roles = record.roles.filter((~(Q(name="Adhérent⋅e BDE")
+                                     | Q(name="Adhérent⋅e Kfet")
                                     | Q(name="Membre de club")
                                     | Q(name="Bureau de club"))
                                     & Q(weirole__isnull=True))).all()
--- a/apps/permission/tests/test_oauth2.py
+++ b/apps/permission/tests/test_oauth2.py
@ -58,7 +58,7 @@ class OAuth2TestCase(TestCase):
        # Create membership to validate permissions
        NoteUser.objects.create(user=self.user)
        membership = Membership.objects.create(user=self.user, club_id=bde.pk)
-        membership.roles.add(Role.objects.get(name="Adhérent BDE"))
+        membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
        membership.save()

        # User is now a member and can now see its own user detail
@ -85,7 +85,7 @@ class OAuth2TestCase(TestCase):
        bde = Club.objects.get(name="BDE")
        NoteUser.objects.create(user=self.user)
        membership = Membership.objects.create(user=self.user, club_id=bde.pk)
-        membership.roles.add(Role.objects.get(name="Adhérent BDE"))
+        membership.roles.add(Role.objects.get(name="Adhérent⋅e BDE"))
        membership.save()

        resp = self.client.get(reverse('permission:scopes'))
--- a/apps/permission/views.py
+++ b/apps/permission/views.py
@ -12,6 +12,7 @@ from django.forms import HiddenInput
 from django.http import Http404
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import UpdateView, TemplateView, CreateView
+from django_tables2 import MultiTableMixin
 from member.models import Membership

 from .backends import PermissionBackend
@ -35,11 +36,9 @@ class ProtectQuerysetMixin:
        try:
            return super().get_object(queryset)
        except Http404 as e:
-            try:
-                super().get_object(self.get_queryset(filter_permissions=False))
-                raise PermissionDenied()
-            except Http404:
+            if self.get_queryset(filter_permissions=False).count() == self.get_queryset().count():
                raise e
+            raise PermissionDenied()

    def get_form(self, form_class=None):
        form = super().get_form(form_class)
@ -107,10 +106,31 @@ class ProtectedCreateView(LoginRequiredMixin, CreateView):
        return super().dispatch(request, *args, **kwargs)


-class RightsView(TemplateView):
+class RightsView(MultiTableMixin, TemplateView):
    template_name = "permission/all_rights.html"
    extra_context = {"title": _("Rights")}

+    tables = [
+        lambda data: RightsTable(data, prefix="clubs-"),
+        lambda data: SuperuserTable(data, prefix="superusers-"),
+    ]
+
+    def get_tables_data(self):
+        special_memberships = Membership.objects.filter(
+            date_start__lte=date.today(),
+            date_end__gte=date.today(),
+        ).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent⋅e BDE")
+                                                  | Q(name="Adhérent⋅e Kfet")
+                                                  | Q(name="Membre de club")
+                                                  | Q(name="Bureau de club"))
+                                                & Q(weirole__isnull=True))))\
+            .order_by("club__name", "user__last_name")\
+            .distinct().all()
+        return [
+            special_memberships,
+            User.objects.filter(is_superuser=True).order_by("last_name"),
+        ]
+
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)

@ -128,19 +148,9 @@ class RightsView(TemplateView):
            role.clubs = [membership.club for membership in active_memberships if role in membership.roles.all()]

        if self.request.user.is_authenticated:
-            special_memberships = Membership.objects.filter(
-                date_start__lte=date.today(),
-                date_end__gte=date.today(),
-            ).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent BDE")
-                                                      | Q(name="Adhérent Kfet")
-                                                      | Q(name="Membre de club")
-                                                      | Q(name="Bureau de club"))
-                                                    & Q(weirole__isnull=True))))\
-                .order_by("club__name", "user__last_name")\
-                .distinct().all()
-            context["special_memberships_table"] = RightsTable(special_memberships, prefix="clubs-")
-            context["superusers"] = SuperuserTable(User.objects.filter(is_superuser=True).order_by("last_name").all(),
-                                                   prefix="superusers-")
+            tables = context["tables"]
+            for name, table in zip(["special_memberships_table", "superusers"], tables):
+                context[name] = table

        return context