From a4480258d78e873a4cdc9a8f5d155e9892f25d9e Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 12:45:46 +0100 Subject: [PATCH 01/23] Update file initial.json --- apps/permission/fixtures/initial.json | 48 +++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 00f952cc..44341309 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3832,6 +3832,54 @@ "description": "Voir les profils des membres du club" } }, + { + "model": "permission.permission", + "pk": 244, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_events_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter BDE pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 245, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_art_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Art pour n'importe quel profil" + } + }, + { + "model": "permission.permission", + "pk": 246, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "change", + "mask": 3, + "field": "ml_sport_registration", + "permanent": false, + "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" + } + }, { "model": "permission.role", "pk": 1, From 694a5c7bd8744bae01a4135dcce8522e1df2b17c Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 13:05:10 +0100 Subject: [PATCH 02/23] Update file initial.json --- apps/permission/fixtures/initial.json | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index 44341309..36134dee 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -3880,6 +3880,26 @@ "description": "Modifier l'abonnement à la Newsletter Sport pour n'importe quel profil" } }, + { + "model": "permission.permission", + "pk": 247, + "fields": { + "model": [ + "member", + "profile" + ], + "query": "{}", + "type": "view", + "mask": 3, + "field": [ + "ml_events_registration", + "ml_art_registration", + "ml_sport_registration" + ], + "permanent": false, + "description": "Voir les abonnements aux Newsletters de n'importe quel profil" + } + }, { "model": "permission.role", "pk": 1, From 73aa0098bfa7258c84e4d225e82499d0a55e9ac8 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:20:03 +0100 Subject: [PATCH 03/23] Update file views.py --- apps/member/views.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index 348bf089..1ea88a1c 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -72,11 +72,25 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].required = True form.fields['email'].help_text = _("This address must be valid.") - if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): - context['profile_form'] = self.profile_form(instance=context['user_object'].profile, + #if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): + # context['profile_form'] = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - if not self.object.profile.report_frequency: + # if not self.object.profile.report_frequency: + # del context['profile_form'].fields["last_report"] + + # Vérification des permissions sur le profil + profile_form = self.profile_form(instance=context['user_object'].profile, + data=self.request.POST if self.request.POST else None) + # Désactivation des champs non autorisés + for field_name in profile_form.fields: + if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + profile_form.fields[field_name].widget.attrs['disabled'] = True + + context['profile_form'] = profile_form + + if not self.object.profile.report_frequency: del context['profile_form'].fields["last_report"] + return context From f63e5dcb5a4dc288f15d47a613bfd87ec98945ae Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:26:39 +0100 Subject: [PATCH 04/23] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 1ea88a1c..0f65bb39 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -74,7 +74,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): #if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): # context['profile_form'] = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None) + # data=self.request.POST if self.request.POST else None) # if not self.object.profile.report_frequency: # del context['profile_form'].fields["last_report"] From 6127ced1439055d8d5c24496a7205af03cd0ef0c Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:33:37 +0100 Subject: [PATCH 05/23] Update file views.py --- apps/member/views.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index 0f65bb39..d07bee9a 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -81,14 +81,20 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) + + has_permission = False + # Désactivation des champs non autorisés for field_name in profile_form.fields: - if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + if PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): + has_permission = True + else: profile_form.fields[field_name].widget.attrs['disabled'] = True - context['profile_form'] = profile_form + if has_permission : + context['profile_form'] = profile_form - if not self.object.profile.report_frequency: + if not self.object.profile.report_frequency: del context['profile_form'].fields["last_report"] From bcf21507e51ac2b5be55e4cf0016d2bdfd20bd76 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:39:08 +0100 Subject: [PATCH 06/23] Update file views.py --- apps/member/views.py | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index d07bee9a..7b9a88f8 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -81,20 +81,15 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - - has_permission = False - + # Désactivation des champs non autorisés for field_name in profile_form.fields: - if PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - has_permission = True - else: + if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): profile_form.fields[field_name].widget.attrs['disabled'] = True - if has_permission : - context['profile_form'] = profile_form + context['profile_form'] = profile_form - if not self.object.profile.report_frequency: + if not self.object.profile.report_frequency: del context['profile_form'].fields["last_report"] From eee87dcf13d30455e9b67557f9ecd6a5458d1277 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:42:20 +0100 Subject: [PATCH 07/23] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 7b9a88f8..ba07ab33 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -85,7 +85,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Désactivation des champs non autorisés for field_name in profile_form.fields: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - profile_form.fields[field_name].widget.attrs['disabled'] = True + del profile_form.fields[field_name] context['profile_form'] = profile_form From 6229652dea65522b7dcf1a27f18888ed9b0efeea Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:47:32 +0100 Subject: [PATCH 08/23] Update file views.py --- apps/member/views.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index ba07ab33..559c63ef 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,9 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): data=self.request.POST if self.request.POST else None) # Désactivation des champs non autorisés - for field_name in profile_form.fields: + fields_to_check = list(profile_form.fields.keys()) + + for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): del profile_form.fields[field_name] From b2ccc4aede90e9e55084d8a1beb48573d31eb721 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:50:13 +0100 Subject: [PATCH 09/23] Update file views.py --- apps/member/views.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 559c63ef..f0828e6f 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -81,7 +81,10 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - + + if not self.object.profile.report_frequency: + del profile_form.fields["last_report"] + # Désactivation des champs non autorisés fields_to_check = list(profile_form.fields.keys()) From 05e21ed2295bbfc742ecca1c8f2865b4b464217f Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:51:05 +0100 Subject: [PATCH 10/23] Update file views.py --- apps/member/views.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index f0828e6f..8e7cb7fe 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -93,9 +93,6 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): del profile_form.fields[field_name] context['profile_form'] = profile_form - - if not self.object.profile.report_frequency: - del context['profile_form'].fields["last_report"] return context From 96350045200919d6fe6266677ea098bf3b8f4b69 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 15:56:12 +0100 Subject: [PATCH 11/23] Update file views.py --- apps/member/views.py | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index 8e7cb7fe..f8aef648 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -72,22 +72,15 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].required = True form.fields['email'].help_text = _("This address must be valid.") - #if PermissionBackend.check_perm(self.request, "member.change_profile", context['user_object'].profile): - # context['profile_form'] = self.profile_form(instance=context['user_object'].profile, - # data=self.request.POST if self.request.POST else None) - # if not self.object.profile.report_frequency: - # del context['profile_form'].fields["last_report"] - - # Vérification des permissions sur le profil profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None) - if not self.object.profile.report_frequency: del profile_form.fields["last_report"] - # Désactivation des champs non autorisés + fields_to_check = list(profile_form.fields.keys()) + # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): del profile_form.fields[field_name] From 6ceb43cb667e5fdf04712ad816939ceb563d002c Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:07:30 +0100 Subject: [PATCH 12/23] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index f8aef648..7f457dc7 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - del profile_form.fields[field_name] + profile_form.fields[field_name].widget.attrs['disabled'] = True context['profile_form'] = profile_form From bfd865b3e3bec16ea6f8d6136ad8afc0f12cfc62 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:14:28 +0100 Subject: [PATCH 13/23] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index 7f457dc7..d52ce914 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - profile_form.fields[field_name].widget.attrs['disabled'] = True + profile_form.fields[field_name].widget.attrs['readonly'] = True context['profile_form'] = profile_form From 056c4029f8f9518c2c0c2223788b139afb0647d9 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:19:26 +0100 Subject: [PATCH 14/23] Update file views.py --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index d52ce914..4db3a001 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -83,7 +83,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): - profile_form.fields[field_name].widget.attrs['readonly'] = True + profile_form.fields[field_name].widget = forms.HiddenInput() context['profile_form'] = profile_form From 5707abf9e2d8377de41d99b553d217d23f7a3986 Mon Sep 17 00:00:00 2001 From: thomasl Date: Sun, 9 Feb 2025 16:22:03 +0100 Subject: [PATCH 15/23] Update file views.py --- apps/member/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/member/views.py b/apps/member/views.py index 4db3a001..d5ce2220 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -26,6 +26,7 @@ from note_kfet.middlewares import _set_current_request from permission.backends import PermissionBackend from permission.models import Role from permission.views import ProtectQuerysetMixin, ProtectedCreateView +from django import forms from .forms import UserForm, ProfileForm, ImageForm, ClubForm, MembershipForm, \ CustomAuthenticationForm, MembershipRolesForm From f6649f155ac39e9027628fd85471062dfb811b82 Mon Sep 17 00:00:00 2001 From: quark Date: Sun, 9 Feb 2025 16:51:31 +0100 Subject: [PATCH 16/23] linters --- apps/member/views.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/member/views.py b/apps/member/views.py index d5ce2220..7f266529 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -74,11 +74,10 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].help_text = _("This address must be valid.") profile_form = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None) + data=self.request.POST if self.request.POST else None) if not self.object.profile.report_frequency: del profile_form.fields["last_report"] - fields_to_check = list(profile_form.fields.keys()) # Delete the fields for which the user does not have the permission to modify @@ -87,7 +86,6 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): profile_form.fields[field_name].widget = forms.HiddenInput() context['profile_form'] = profile_form - return context From c841fb6068cea648f7a041a0c3f5620a3572c08b Mon Sep 17 00:00:00 2001 From: thomasl Date: Wed, 12 Feb 2025 23:46:19 +0100 Subject: [PATCH 17/23] Some corrections for report_frequency --- apps/member/forms.py | 4 ++-- apps/member/models.py | 4 ++-- locale/fr/LC_MESSAGES/django.po | 16 ++++++++-------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/apps/member/forms.py b/apps/member/forms.py index 352a5625..55fc0eab 100644 --- a/apps/member/forms.py +++ b/apps/member/forms.py @@ -45,9 +45,9 @@ class ProfileForm(forms.ModelForm): A form for the extras field provided by the :model:`member.Profile` model. """ # Remove widget=forms.HiddenInput() if you want to use report frequency. - report_frequency = forms.IntegerField(required=False, initial=0, label=_("Report frequency"), widget=forms.HiddenInput()) + report_frequency = forms.IntegerField(required=False, initial=0, label=_("Statement frequency (in days)")) - last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last report date")) + last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last statement date")) VSS_charter_read = forms.BooleanField( required=True, diff --git a/apps/member/models.py b/apps/member/models.py index 78d59667..e71e1fa7 100644 --- a/apps/member/models.py +++ b/apps/member/models.py @@ -114,12 +114,12 @@ class Profile(models.Model): ) report_frequency = models.PositiveSmallIntegerField( - verbose_name=_("report frequency (in days)"), + verbose_name=_("Statement frequency (in days)"), default=0, ) last_report = models.DateTimeField( - verbose_name=_("last report date"), + verbose_name=_("Last statement date"), default=timezone.now, ) diff --git a/locale/fr/LC_MESSAGES/django.po b/locale/fr/LC_MESSAGES/django.po index 2af3257e..da4865c1 100644 --- a/locale/fr/LC_MESSAGES/django.po +++ b/locale/fr/LC_MESSAGES/django.po @@ -794,12 +794,12 @@ msgid "Permission mask" msgstr "Masque de permissions" #: apps/member/forms.py:46 -msgid "Report frequency" -msgstr "Fréquence des rapports (en jours)" +msgid "Statement frequency (in days)" +msgstr "Fréquence des relevés (en jours)" #: apps/member/forms.py:48 -msgid "Last report date" -msgstr "Date de dernier rapport" +msgid "Last statement date" +msgstr "Date de dernier relevé" #: apps/member/forms.py:52 msgid "" @@ -1044,12 +1044,12 @@ msgstr "" "artistiques sur le campus (1 mail par semaine)" #: apps/member/models.py:117 -msgid "report frequency (in days)" -msgstr "fréquence des rapports (en jours)" +msgid "Statement frequency (in days)" +msgstr "Fréquence des relevés (en jours)" #: apps/member/models.py:122 -msgid "last report date" -msgstr "date de dernier rapport" +msgid "Last statement date" +msgstr "Date de dernier relevé" #: apps/member/models.py:127 msgid "email confirmed" From 0ec771b5ee9764b7fef29f2f26b1508d876fddd5 Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 00:39:05 +0100 Subject: [PATCH 18/23] Add some security --- apps/member/forms.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/apps/member/forms.py b/apps/member/forms.py index 55fc0eab..5c58b190 100644 --- a/apps/member/forms.py +++ b/apps/member/forms.py @@ -44,7 +44,7 @@ class ProfileForm(forms.ModelForm): """ A form for the extras field provided by the :model:`member.Profile` model. """ - # Remove widget=forms.HiddenInput() if you want to use report frequency. + report_frequency = forms.IntegerField(required=False, initial=0, label=_("Statement frequency (in days)")) last_report = forms.DateTimeField(required=False, disabled=True, label=_("Last statement date")) @@ -66,6 +66,14 @@ class ProfileForm(forms.ModelForm): super().__init__(*args, **kwargs) self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"}) self.fields['promotion'].widget.attrs.update({"max": timezone.now().year}) + + def clean(self): + """Force the values of fields that the user does not have permission to modify..""" + cleaned_data = super().clean() + for field_name in self.fields.keys(): + if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", self.instance): + cleaned_data[field_name] = getattr(self.instance, field_name) # Force the old value + return cleaned_data @transaction.atomic def save(self, commit=True): From 238ba78f4fa8ef61bce4eb22b3656343b314b018 Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 00:54:55 +0100 Subject: [PATCH 19/23] Forgot to import PermissionBackend --- apps/member/forms.py | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/member/forms.py b/apps/member/forms.py index 5c58b190..20f04a04 100644 --- a/apps/member/forms.py +++ b/apps/member/forms.py @@ -15,6 +15,7 @@ from django.utils.translation import gettext_lazy as _ from note.models import NoteSpecial, Alias from note_kfet.inputs import Autocomplete, AmountInput from permission.models import PermissionMask, Role +from permission.backends import PermissionBackend from PIL import Image, ImageSequence from .models import Profile, Club, Membership From e5567c6c8a43a9f1ab46ca54f7758a82f380b112 Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 18:59:22 +0100 Subject: [PATCH 20/23] Fix some errors --- apps/member/forms.py | 3 ++- apps/member/views.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/member/forms.py b/apps/member/forms.py index 20f04a04..438dadbe 100644 --- a/apps/member/forms.py +++ b/apps/member/forms.py @@ -63,8 +63,9 @@ class ProfileForm(forms.ModelForm): self.add_error("promotion", _("You can't register to the note if you come from the future.")) return promotion - def __init__(self, *args, **kwargs): + def __init__(self, *args, request=None, **kwargs): super().__init__(*args, **kwargs) + self.request = request self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"}) self.fields['promotion'].widget.attrs.update({"max": timezone.now().year}) diff --git a/apps/member/views.py b/apps/member/views.py index 7f266529..f809be3c 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -74,7 +74,8 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].help_text = _("This address must be valid.") profile_form = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None) + data=self.request.POST if self.request.POST else None, + self.request = request) if not self.object.profile.report_frequency: del profile_form.fields["last_report"] From 6e49140900c60dd5b2a43dc0efe583c9bcf23b03 Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 19:09:27 +0100 Subject: [PATCH 21/23] Fix some errors --- apps/member/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/member/views.py b/apps/member/views.py index f809be3c..7f5644a8 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -75,7 +75,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): profile_form = self.profile_form(instance=context['user_object'].profile, data=self.request.POST if self.request.POST else None, - self.request = request) + request=self.request) if not self.object.profile.report_frequency: del profile_form.fields["last_report"] From 62baad7b69d7ff5017a926af5b9acff22ebabb05 Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 19:40:04 +0100 Subject: [PATCH 22/23] Cancel modifications --- apps/member/forms.py | 11 +---------- apps/member/views.py | 3 +-- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/apps/member/forms.py b/apps/member/forms.py index 438dadbe..e578c837 100644 --- a/apps/member/forms.py +++ b/apps/member/forms.py @@ -63,19 +63,10 @@ class ProfileForm(forms.ModelForm): self.add_error("promotion", _("You can't register to the note if you come from the future.")) return promotion - def __init__(self, *args, request=None, **kwargs): + def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.request = request self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"}) self.fields['promotion'].widget.attrs.update({"max": timezone.now().year}) - - def clean(self): - """Force the values of fields that the user does not have permission to modify..""" - cleaned_data = super().clean() - for field_name in self.fields.keys(): - if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", self.instance): - cleaned_data[field_name] = getattr(self.instance, field_name) # Force the old value - return cleaned_data @transaction.atomic def save(self, commit=True): diff --git a/apps/member/views.py b/apps/member/views.py index 7f5644a8..7f266529 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -74,8 +74,7 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): form.fields['email'].help_text = _("This address must be valid.") profile_form = self.profile_form(instance=context['user_object'].profile, - data=self.request.POST if self.request.POST else None, - request=self.request) + data=self.request.POST if self.request.POST else None) if not self.object.profile.report_frequency: del profile_form.fields["last_report"] From 9e7f7df7218722079b0afd5bf38b5c5b3901138b Mon Sep 17 00:00:00 2001 From: thomasl Date: Thu, 13 Feb 2025 20:09:45 +0100 Subject: [PATCH 23/23] Some improvements --- apps/member/forms.py | 1 - apps/member/views.py | 6 +++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/member/forms.py b/apps/member/forms.py index e578c837..ecf7fb59 100644 --- a/apps/member/forms.py +++ b/apps/member/forms.py @@ -15,7 +15,6 @@ from django.utils.translation import gettext_lazy as _ from note.models import NoteSpecial, Alias from note_kfet.inputs import Autocomplete, AmountInput from permission.models import PermissionMask, Role -from permission.backends import PermissionBackend from PIL import Image, ImageSequence from .models import Profile, Club, Membership diff --git a/apps/member/views.py b/apps/member/views.py index 7f266529..3bbc167f 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -79,13 +79,17 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): del profile_form.fields["last_report"] fields_to_check = list(profile_form.fields.keys()) + fields_modifiable = False # Delete the fields for which the user does not have the permission to modify for field_name in fields_to_check: if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): profile_form.fields[field_name].widget = forms.HiddenInput() + else : + fields_modifiable = True - context['profile_form'] = profile_form + if fields_modifiable : + context['profile_form'] = profile_form return context