allows mask for Oauth2

2025-10-18 19:26:45 +02:00 · 2025-10-17 17:45:41 +02:00
7 changed files with 19 additions and 12 deletions
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@@ -39,7 +39,15 @@ class PermissionBackend(ModelBackend):

            def permission_filter(membership_obj):
                query = Q(pk=-1)
+                if 'mask' in request.GET:
+                    try:
+                        rank = int(request.GET['mask'])
+                    except:
+                        rank = 42
+                    query &= Q(mask__rank__lte=rank)
                for scope in request.auth.scope.split(' '):
+                    if scope == "openid":
+                        continue
                    permission_id, club_id = scope.split('_')
                    if int(club_id) == membership_obj.club_id:
                        query |= Q(pk=permission_id)
--- a/apps/permission/scopes.py
+++ b/apps/permission/scopes.py
@@ -10,6 +10,7 @@ from note_kfet.middlewares import get_current_request
 from .backends import PermissionBackend
 from .models import Permission

+from django.utils.translation import gettext_lazy as _

 class PermissionScopes(BaseScopes):
    """
@@ -32,7 +33,7 @@ class PermissionScopes(BaseScopes):

        scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
                  for p in Permission.objects.all() for club in Club.objects.all()}
-        scopes['openid'] = "OpenID Connect"
+        scopes['openid'] = _("OpenID Connect (username and email)")
        return scopes

    def get_available_scopes(self, application=None, request=None, *args, **kwargs):
--- a/apps/treasury/models.py
+++ b/apps/treasury/models.py
@@ -338,13 +338,13 @@ class SogeCredit(models.Model):
                last_name=self.user.last_name,
                first_name=self.user.first_name,
                bank="Société générale",
-                valid=True,
+                valid=False,
            )
            credit_transaction._force_save = True
            credit_transaction.save()
            credit_transaction.refresh_from_db()
            self.credit_transaction = credit_transaction
-        elif not self.valid:
+        elif not self.valid_legacy:
            self.credit_transaction.amount = self.amount
            self.credit_transaction._force_save = True
            self.credit_transaction.save()
@@ -371,7 +371,7 @@ class SogeCredit(models.Model):
        The Sogé credit may be created after the user already paid its memberships.
        We query transactions and update the credit, if it is unvalid.
        """
-        if self.valid or not self.pk:
+        if self.valid_legacy or not self.pk:
            return

 # Soge do not pay BDE and kfet memberships since 2022
@@ -403,7 +403,7 @@ class SogeCredit(models.Model):
                        self.transactions.add(m.transaction)

        for tr in self.transactions.all():
-            tr.valid = True
+            tr.valid = False
            tr.save()

    def invalidate(self):
@@ -411,7 +411,7 @@ class SogeCredit(models.Model):
        Invalidating a Société générale delete the transaction of the bank if it was already created.
        Treasurers must know what they do, With Great Power Comes Great Responsibility...
        """
-        if self.valid:
+        if self.valid_legacy:
            self.credit_transaction.valid = False
            self.credit_transaction.save()
        for tr in self.transactions.all():
@@ -420,7 +420,7 @@ class SogeCredit(models.Model):
            tr.save()

    def validate(self, force=False):
-        if self.valid and not force:
+        if self.valid_legacy and not force:
            # The credit is already done
            return

@@ -428,7 +428,6 @@ class SogeCredit(models.Model):
        self.invalidate()
        # Refresh credit amount
        self.save()
-        self.valid = True
        self.credit_transaction.valid = True
        self.credit_transaction._force_save = True
        self.credit_transaction.save()
--- a/apps/treasury/tables.py
+++ b/apps/treasury/tables.py
@@ -56,7 +56,6 @@ class InvoiceTable(tables.Table):
        model = Invoice
        template_name = 'django_tables2/bootstrap4.html'
        fields = ('id', 'name', 'object', 'acquitted', 'invoice',)
-        order_by = ('-id',)


 class RemittanceTable(tables.Table):
--- a/apps/treasury/tests/test_treasury.py
+++ b/apps/treasury/tests/test_treasury.py
@@ -359,7 +359,7 @@ class TestSogeCredits(TestCase):
        ))
        self.assertRedirects(response, reverse("treasury:manage_soge_credit", args=(soge_credit.pk,)), 302, 200)
        soge_credit.refresh_from_db()
-        self.assertTrue(soge_credit.valid)
+        self.assertTrue(soge_credit.valid_legacy)
        self.user.note.refresh_from_db()
        self.assertEqual(
            Transaction.objects.filter(Q(source=self.user.note) | Q(destination=self.user.note)).count(), 3)
--- a/apps/treasury/views.py
+++ b/apps/treasury/views.py
@@ -417,7 +417,7 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
                )

        if "valid" not in self.request.GET or not self.request.GET["valid"]:
-            qs = qs.filter(valid=False)
+            qs = qs.filter(credit_transaction__valid=False)

        return qs

--- a/apps/wei/tests/test_wei_registration.py
+++ b/apps/wei/tests/test_wei_registration.py
@@ -680,7 +680,7 @@ class TestWEIRegistration(TestCase):
            self.assertTrue(soge_credit.exists())
            soge_credit = soge_credit.get()
            self.assertTrue(membership.transaction in soge_credit.transactions.all())
-            self.assertTrue(membership.transaction.valid)
+            self.assertFalse(membership.transaction.valid)

        # Check that if the WEI is started, we can't update a wei
        self.wei.date_start = date(2000, 1, 1)