Merge branch 'respo_comm_permissions' into 'main'

Draft: Respo comm permissions

See merge request bde/nk20!281

apps/activity/views.py

@@ -329,7 +329,7 @@ class ActivityEntryView(LoginRequiredMixin, SingleTableMixin, TemplateView):
         context["noteuser_ctype"] = ContentType.objects.get_for_model(NoteUser).pk
         context["notespecial_ctype"] = ContentType.objects.get_for_model(NoteSpecial).pk
 
-        activities_open = Activity.objects.filter(open=True).filter(
+        activities_open = Activity.objects.filter(open=True, activity_type__manage_entries=True).filter(
             PermissionBackend.filter_queryset(self.request, Activity, "view")).distinct().all()
         context["activities_open"] = [a for a in activities_open
                                       if PermissionBackend.check_perm(self.request,

apps/member/forms.py

@@ -15,7 +15,6 @@ from django.utils.translation import gettext_lazy as _
 from note.models import NoteSpecial, Alias
 from note_kfet.inputs import Autocomplete, AmountInput
 from permission.models import PermissionMask, Role
-from permission.backends import PermissionBackend
 from PIL import Image, ImageSequence
 
 from .models import Profile, Club, Membership
@@ -67,14 +66,6 @@ class ProfileForm(forms.ModelForm):
         super().__init__(*args, **kwargs)
         self.fields['address'].widget.attrs.update({"placeholder": "4 avenue des Sciences, 91190 GIF-SUR-YVETTE"})
         self.fields['promotion'].widget.attrs.update({"max": timezone.now().year})
-    
-    def clean(self):
-        """Force the values of fields that the user does not have permission to modify.."""
-        cleaned_data = super().clean()
-        for field_name in self.fields.keys():
-            if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", self.instance):
-                cleaned_data[field_name] = getattr(self.instance, field_name)  # Force the old value
-        return cleaned_data
 
     @transaction.atomic
     def save(self, commit=True):

apps/member/views.py

@@ -79,13 +79,17 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
             del profile_form.fields["last_report"]
 
         fields_to_check = list(profile_form.fields.keys())
+        fields_modifiable = False 
 
         # Delete the fields for which the user does not have the permission to modify
         for field_name in fields_to_check:
             if not PermissionBackend.check_perm(self.request, f"member.change_profile_{field_name}", context['user_object'].profile):
                 profile_form.fields[field_name].widget = forms.HiddenInput()
+            else :
+                fields_modifiable = True
 
-        context['profile_form'] = profile_form
+        if fields_modifiable :
+            context['profile_form'] = profile_form
 
         return context