diff --git a/apps/member/views.py b/apps/member/views.py index 348bf089..7f266529 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -26,6 +26,7 @@ from note_kfet.middlewares import _set_current_request from permission.backends import PermissionBackend from permission.models import Role from permission.views import ProtectQuerysetMixin, ProtectedCreateView +from django import forms from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \ CustomAuthenticationForm, MembershipRolesForm @@ -72,11 +73,19 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].required = True form.fields['email'].help_text = _("This address must be valid.") - if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): - context['profile_form'] = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None) - if not self.object.profile.report_frequency: - del context['profile_form'].fields["last_report"] + profile_form = self.profile_form(instance=context['user_object'].profile, + data=self.request.POST if self.request.POST else None) + if not self.object.profile.report_frequency: + del profile_form.fields["last_report"] + + fields_to_check = list(profile_form.fields.keys()) + + # Delete the fields for which the user does not have the permission to modify + for field_name in fields_to_check: + if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + profile_form.fields[field_name].widget = forms.HiddenInput() + + context['profile_form'] = profile_form return context diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 00f952cc..36134dee 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3832,6 +3832,74 @@ "description": "Voir les profils des membres du club" } }, + { + "model": "permission.permission", + "pk": 244, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_events_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter BDE pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 245, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_art_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Art pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 246, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_sport_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 247, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "view", + "mask": 3, + "field": [ + "ml_events_registration", + "ml_art_registration", + "ml_sport_registration" + ], + "permanent": false, + "description": "Voir les abonnements aux Newsletters de n'importe quel profil" + } + }, { "model": "permission.role", "pk": 1,