ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-04-29 18:12:38 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: ynerant:85706690435cd9420d675d4db4a448aaf7f37fd2
Branches Tags
ynerant:main
ynerant:food_traceability
ynerant:update_invoice_template
ynerant:time-display
ynerant:guests_schools
ynerant:export_members_ml
ynerant:notekfet_wrapped
ynerant:Add_some_permissions
ynerant:permissions_fo_parent_clubs
ynerant:respo_comm_permissionsV2
ynerant:fix_activity_view
ynerant:Automation_mailing_lists
ynerant:potvieux
ynerant:New_permission
ynerant:finito_sda
ynerant:beta
ynerant:non-BDE-members-permission-fix
ynerant:survey_wei_2024
ynerant:migration-django-4-2
ynerant:summary_notes
ynerant:traduction_inclusive_fr
ynerant:migration-django-5-0
ynerant:qrcode
ynerant:VSS
ynerant:update_permission
ynerant:fix_pipeline
ynerant:permission_var
ynerant:inclusive
ynerant:nix-shell
ynerant:sheets
ynerant:svg_icons
ynerant:faster_ci
ynerant:v1.0.3
ynerant:v1.0.2
ynerant:v1.0.1
ynerant:v1.0.0
..
compare: ynerant:9a90b1cb5e91be3a6f3c30d3c39b13ab38c640be
Branches Tags
ynerant:main
ynerant:food_traceability
ynerant:update_invoice_template
ynerant:time-display
ynerant:guests_schools
ynerant:export_members_ml
ynerant:notekfet_wrapped
ynerant:Add_some_permissions
ynerant:permissions_fo_parent_clubs
ynerant:respo_comm_permissionsV2
ynerant:fix_activity_view
ynerant:Automation_mailing_lists
ynerant:potvieux
ynerant:New_permission
ynerant:finito_sda
ynerant:beta
ynerant:non-BDE-members-permission-fix
ynerant:survey_wei_2024
ynerant:migration-django-4-2
ynerant:summary_notes
ynerant:traduction_inclusive_fr
ynerant:migration-django-5-0
ynerant:qrcode
ynerant:VSS
ynerant:update_permission
ynerant:fix_pipeline
ynerant:permission_var
ynerant:inclusive
ynerant:nix-shell
ynerant:sheets
ynerant:svg_icons
ynerant:faster_ci
ynerant:v1.0.3
ynerant:v1.0.2
ynerant:v1.0.1
ynerant:v1.0.0

1 Commits
8570669043 ... 9a90b1cb5e

Author SHA1 Message Date
thomasl
9a90b1cb5e Merge branch 'respo_comm_permissions' into 'main' 
Draft: Respo comm permissions

See merge request bde/nk20!281
 2025-02-13 00:54:58 +01:00
2 changed files with 10 additions and 5 deletions
Show Stats Expand all files Collapse all files

9
apps/member/forms.py
View File

@ -15,6 +15,7 @@ from django.utils.translation import gettext_lazy as _
from note.models import NoteSpecial, Alias from note.models import NoteSpecial, Alias
from note_kfet.inputs import Autocomplete, AmountInput from note_kfet.inputs import Autocomplete, AmountInput
from permission.models import PermissionMask, Role from permission.models import PermissionMask, Role
from permission.backends import PermissionBackend
from PIL import Image, ImageSequence from PIL import Image, ImageSequence
from .models import Profile, Club, Membership from .models import Profile, Club, Membership
@ -67,6 +68,14 @@ class ProfileForm(forms.ModelForm):
self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"}) self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"})
self.fields['promotion'].widget.attrs.update({"max": timezone.now().year}) self.fields['promotion'].widget.attrs.update({"max": timezone.now().year})
def clean(self):
"""Force the values of fields that the user does not have permission to modify.."""
cleaned_data = super().clean()
for field_name in self.fields.keys():
if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", self.instance):
cleaned_data[field_name] = getattr(self.instance, field_name) # Force the old value
return cleaned_data
@transaction.atomic @transaction.atomic
def save(self, commit=True): def save(self, commit=True):
if not self.instance.section or (("department" in self.changed_data if not self.instance.section or (("department" in self.changed_data

4
apps/member/views.py
View File

@ -79,16 +79,12 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
del profile_form.fields["last_report"] del profile_form.fields["last_report"]
fields_to_check = list(profile_form.fields.keys()) fields_to_check = list(profile_form.fields.keys())
fields_modifiable = False
# Delete the fields for which the user does not have the permission to modify # Delete the fields for which the user does not have the permission to modify
for field_name in fields_to_check: for field_name in fields_to_check:
if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile): if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile):
profile_form.fields[field_name].widget = forms.HiddenInput() profile_form.fields[field_name].widget = forms.HiddenInput()
else :
fields_modifiable = True
if fields_modifiable :
context['profile_form'] = profile_form context['profile_form'] = profile_form
return context return context