jbdod/notes-ker-lann
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor permission (need to re adjust), 2 test not passed(registration, permissions)

Browse source
This commit is contained in:
Jean-Baptiste Doderlein 2022-08-20 18:10:12 +00:00
parent 838bd2bb23
commit a17e47acb9
17 changed files with 107 additions and 346 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.gitpod.yml
View file

@ -32,8 +32,10 @@ tasks:
init : gp sync-await django
command: python3 manage.py runserver 0.0.0.0:8000
ports:
- port: 8000
onOpen: open-preview
- name: Web Dev Server
port: 8000
visibility: public

24
apps/activity/migrations/0003_auto_20220818_1105.py Normal file
View file

@ -0,0 +1,24 @@
# Generated by Django 2.2.28 on 2022-08-18 09:05
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('activity', '0002_auto_20220817_2253'),
]
operations = [
migrations.AlterField(
model_name='activity',
name='attendees_club',
field=models.ForeignKey(help_text='Club that is authorized to join the activity.', on_delete=django.db.models.deletion.PROTECT, related_name='+', to='member.Club', verbose_name='attendees club'),
),
migrations.AlterField(
model_name='activity',
name='location',
field=models.CharField(blank=True, default='', help_text='Place where the activity is organized, eg. BDE.', max_length=255, verbose_name='location'),
),
]

2
apps/activity/tests/test_activities.py
View file

@ -36,7 +36,7 @@ class TestActivities(TestCase):
name="Activity",
description="This is a test activity\non two very very long lines\nbecause this is very important.",
location="Earth",
activity_type=ActivityType.objects.get(name="Activit\u00e9 gratuite ouverte"),
activity_type=ActivityType.objects.get(name="Soir\u00e9e"),
creater=self.user,
organizer=Club.objects.get(name="BDE"),
attendees_club=Club.objects.get(name="BDE"),

13
apps/member/models.py
View file

@ -378,17 +378,10 @@ class Membership(models.Model):
parent_membership.save()
parent_membership.refresh_from_db()
if self.club.parent_club.name == "BDE":
parent_membership.roles.set(
Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all())
elif self.club.parent_club.name == "BDA":
parent_membership.roles.set(
Role.objects.filter(Q(name="Adhérent BDA") | Q(name="Membre de club")).all())
elif self.club.parent_club.name == "BDS":
parent_membership.roles.set(
Role.objects.filter(Q(name="Adhérent BDS") | Q(name="Membre de club")).all())
else:
parent_membership.roles.set(Role.objects.filter(name="Membre de club").all())
Role.objects.filter(Q(name="Adhérent")).all())
parent_membership.save()
@transaction.atomic

4
apps/member/templates/member/includes/club_info.html
View file

@ -1,4 +1,4 @@
{% load i18n pretty_money perms %}
{% load i18n pretty_money perms memberinfo %}
<dl class="row">
<dt class="col-xl-6">{% trans 'name'|capfirst %}</dt>
@ -39,7 +39,7 @@
{% endif %}
{% endif %}
{% if "note.view_note"|has_perm:club.note %}
{% if "note.view_note"|has_perm:club.note and user|is_member:club %}
<dt class="col-xl-6">{% trans 'balance'|capfirst %}</dt>
<dd class="col-xl-6">{{ club.note.balance | pretty_money }}</dd>
{% endif %}

8
apps/member/tests/test_memberships.py
View file

@ -49,7 +49,7 @@ class TestMemberships(TestCase):
self.club = Club.objects.create(name="totoclub", parent_club=Club.objects.get(name="BDE"))
self.bde_membership = Membership.objects.create(user=self.user, club=Club.objects.get(name="BDE"))
self.membership = Membership.objects.create(user=self.user, club=self.club)
self.membership.roles.add(Role.objects.get(name="Bureau de club"))
self.membership.roles.add(Role.objects.get(name="Pr\u00e9sident\u00b7e"))
self.membership.save()
def test_admin_pages(self):
@ -251,11 +251,11 @@ class TestMemberships(TestCase):
response = self.client.post(reverse("member:club_manage_roles", args=(self.membership.pk,)), data=dict(
roles=[role.id for role in Role.objects.filter(
Q(name="Membre de club") | Q(name="Trésorier·ère de club") | Q(name="Bureau de club")).all()],
Q(name="Trésorier·ère")).all()],
))
self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200)
self.membership.refresh_from_db()
self.assertEqual(self.membership.roles.count(), 3)
self.assertEqual(self.membership.roles.count(), 1)
def test_render_user_list(self):
"""
@ -389,7 +389,7 @@ class TestMemberAPI(TestAPI):
)
self.bde_membership = Membership.objects.create(user=self.user, club=Club.objects.get(name="BDE"))
self.membership = Membership.objects.create(user=self.user, club=self.club)
self.membership.roles.add(Role.objects.get(name="Bureau de club"))
self.membership.roles.add(Role.objects.get(name="Pr\u00e9sident\u00b7e"))
self.membership.save()
def test_club_api(self):

9
apps/member/views.py
View file

@ -445,7 +445,7 @@ class ClubDetailView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
club.update_membership_dates()
# managers list
managers = Membership.objects.filter(club=self.object, roles__name="Bureau de club",
managers = Membership.objects.filter(club=self.object, roles__name="Pr\u00e9sident\u00b7e",
date_start__lte=date.today(), date_end__gte=date.today())\
.order_by('user__last_name').all()
context["managers"] = ClubManagerTable(data=managers, prefix="managers-")
@ -744,7 +744,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
# Now, all is fine, the membership can be created.
if club.name == "BDE":
if club.name == "BDE" or club.name == "BDA" or club.name == "BDS":
# When we renew the BDE membership, we update the profile section
# that should happens at least once a year.
user.profile.section = user.profile.section_generated
@ -772,10 +772,7 @@ class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
ret = super().form_valid(form)
member_role = Role.objects.filter(Q(name="Adhérent BDE") | Q(name="Membre de club")).all() \
if club.name == "BDE" else Role.objects.filter(Q(name="Adhérent BDA") | Q(name="Membre de club")).all() \
if club.name == "BDA" else Role.objects.filter(Q(name="Adhérent BDS") | Q(name="Membre de club")).all() \
if club.name == "BDS" else Role.objects.filter(name="Membre de club").all()
member_role = Role.objects.filter(Q(name="Adhérent")).all()
# Set the same roles as before
if old_membership:

252
apps/permission/fixtures/initial.json
View file

@ -1695,12 +1695,12 @@
"auth",
"user"
],
"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent BDE\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
"query": "{\"memberships__club__name\": \"BDE\", \"memberships__roles__name\": \"Adhérent\", \"memberships__date_start__lte\": [\"today\"], \"memberships__date_end__gte\": [\"today\"]}",
"type": "view",
"mask": 2,
"field": "",
"permanent": false,
"description": "Voir n'importe quel utilisateur qui est adhérent BDE"
"description": "Voir n'importe quel utilisateur qui est adhérent"
}
},
{
@ -1931,8 +1931,8 @@
"model": "permission.role",
"pk": 1,
"fields": {
"for_club": 1,
"name": "Adh\u00e9rent BDE",
"for_club": null,
"name": "Adh\u00e9rent",
"permissions": [
1,
2,
@ -1971,61 +1971,9 @@
{
"model": "permission.role",
"pk": 2,
"fields": {
"for_club": 2,
"name": "Adh\u00e9rent Kfet",
"permissions": [
22,
34,
36,
39,
40,
152,
153,
154,
155,
156,
157,
158,
159,
160,
179,
189,
190
]
}
},
{
"model": "permission.role",
"pk": 3,
"fields": {
"for_club": null,
"name": "Membre de club",
"permissions": [
22
]
}
},
{
"model": "permission.role",
"pk": 4,
"fields": {
"for_club": null,
"name": "Bureau de club",
"permissions": [
47,
49,
50,
169
]
}
},
{
"model": "permission.role",
"pk": 5,
"fields": {
"for_club": null,
"name": "Pr\u00e9sident\u00b7e de club",
"name": "Pr\u00e9sident\u00b7e",
"permissions": [
50,
62
@ -2034,10 +1982,10 @@
},
{
"model": "permission.role",
"pk": 6,
"pk": 3,
"fields": {
"for_club": null,
"name": "Tr\u00e9sorier\u00b7\u00e8re de club",
"name": "Tr\u00e9sorier\u00b7\u00e8re",
"permissions": [
59,
19,
@ -2047,7 +1995,6 @@
60,
61,
62,
150,
166,
167,
168,
@ -2059,80 +2006,29 @@
},
{
"model": "permission.role",
"pk": 7,
"pk": 4,
"fields": {
"for_club": 1,
"name": "Pr\u00e9sident\u00b7e BDE",
"for_club": null,
"name": "Secr\u00e9taire",
"permissions": [
24,
25,
26,
27,
30,
33
]
}
},
{
"model": "permission.role",
"pk": 8,
"fields": {
"for_club": 1,
"name": "Tr\u00e9sorier\u00b7\u00e8re BDE",
"permissions": [
23,
24,
25,
26,
27,
28,
29,
30,
31,
32,
33,
43,
51,
53,
54,
55,
56,
57,
58,
63,
64,
65,
66,
67,
68,
69,
145,
146,
147,
150,
151,
163,
164,
170,
171,
172,
173,
174,
175,
176,
177,
178,
188,
183,
186,
187
177
]
}
},
{
"model": "permission.role",
"pk": 9,
"pk": 5,
"fields": {
"for_club": 1,
"for_club": null,
"name": "Respo info",
"permissions": [
1,
@ -2256,125 +2152,5 @@
196
]
}
},
{
"model": "permission.role",
"pk": 10,
"fields": {
"for_club": 2,
"name": "GC Kfet",
"permissions": [
32,
56,
58,
55,
57,
52,
23,
24,
25,
26,
27,
28,
29,
30,
31,
166,
167,
168,
170,
171,
176,
177,
178,
179,
180,
181,
182
]
}
},
{
"model": "permission.role",
"pk": 11,
"fields": {
"for_club": 2,
"name": "Res[pot]",
"permissions": [
37,
38,
41,
42,
43,
44,
45,
46,
148,
149,
182
]
}
},
{
"model": "permission.role",
"pk": 17,
"fields": {
"for_club": null,
"name": "1A",
"permissions": []
}
},
{
"model": "permission.role",
"pk": 19,
"fields": {
"for_club": 1,
"name": "Secrétaire BDE",
"permissions": [
54,
55,
56,
57,
58,
145,
146,
147,
150,
176,
177
]
}
},
{
"model": "permission.role",
"pk": 20,
"fields": {
"for_club": 1,
"name": "PC Kfet",
"permissions": [
6,
22,
24,
25,
26,
27,
30,
49,
50,
55,
56,
57,
58,
147,
150,
166,
167,
168,
176,
177,
180,
181
]
}
}
]

5
apps/permission/tables.py
View file

@ -36,10 +36,7 @@ class RightsTable(tables.Table):
def render_roles(self, record):
# If the user has the right to manage the roles, display the link to manage them
roles = record.roles.filter((~(Q(name="Adhérent BDE")
| Q(name="Adhérent Kfet")
| Q(name="Membre de club")
| Q(name="Bureau de club"))
roles = record.roles.filter((~(Q(name="Adhérent"))
)).all()
s = ", ".join(str(role) for role in roles)
if PermissionBackend.check_perm(get_current_request(), "member.change_membership_roles", record):

53
apps/permission/templates/permission/all_rights.html
View file

@ -6,39 +6,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% load render_table from django_tables2 %}
{% block content %}
{% if user.is_authenticated %}
<div class="card bg-light mb-3">
<h3 class="card-header text-center">
{% trans "Users that have surnormal rights" %}
</h3>
<div class="card-body">
<div class="alert alert-info">
<i class="fa fa-info-circle"></i> {% trans "Superusers have all rights on everything, to manage the website." %}
</div>
<div class="card">
<div class="card-head">
<h4 class="card-header text-center">
<a href="#" data-toggle="collapse" data-target="#card-superusers">{% trans "Superusers" %}</a>
</h4>
</div>
<div class="card-body collapse show" id="card-superusers">
{% render_table superusers %}
</div>
</div>
<hr>
<div class="card">
<div class="card-head">
<h4 class="card-header text-center">
<a href="#" data-toggle="collapse" data-target="#card-clubs">{% trans "Club managers" %}</a>
</h4>
</div>
<div class="card-body collapse show" id="card-clubs">
{% render_table special_memberships_table %}
</div>
</div>
</div>
</div>
{% endif %}
<div class="card bg-light">
<h3 class="card-header text-center">
@ -97,6 +65,25 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% endfor %}
</div>
</div>
{% if user.is_authenticated %}
<div class="card bg-light mb-3">
<h3 class="card-header text-center">
{% trans "Users that have surnormal rights" %}
</h3>
<div class="card-body">
<div class="card">
<div class="card-head">
<h4 class="card-header text-center">
<a href="#" data-toggle="collapse" data-target="#card-clubs">{% trans "Club managers" %}</a>
</h4>
</div>
<div class="card-body collapse show" id="card-clubs">
{% render_table special_memberships_table %}
</div>
</div>
</div>
</div>
{% endif %}
{% endblock %}
{% block extrajavascript %}

4
apps/permission/tests/test_oauth2.py
View file

@ -58,7 +58,7 @@ class OAuth2TestCase(TestCase):
# Create membership to validate permissions
NoteUser.objects.create(user=self.user)
membership = Membership.objects.create(user=self.user, club_id=bde.pk)
membership.roles.add(Role.objects.get(name="Adhérent BDE"))
membership.roles.add(Role.objects.get(name="Adhérent"))
membership.save()
# User is now a member and can now see its own user detail
@ -85,7 +85,7 @@ class OAuth2TestCase(TestCase):
bde = Club.objects.get(name="BDE")
NoteUser.objects.create(user=self.user)
membership = Membership.objects.create(user=self.user, club_id=bde.pk)
membership.roles.add(Role.objects.get(name="Adhérent BDE"))
membership.roles.add(Role.objects.get(name="Adhérent"))
membership.save()
resp = self.client.get(reverse('permission:scopes'))

4
apps/permission/tests/test_permission_denied.py
View file

@ -40,7 +40,7 @@ class TestPermissionDenied(TestCase):
name="",
description="",
creater=self.user,
activity_type_id=1,
activity_type_id=4,
organizer_id=1,
attendees_club_id=1,
date_start=timezone.now(),
@ -54,7 +54,7 @@ class TestPermissionDenied(TestCase):
name="",
description="",
creater=self.user,
activity_type_id=1,
activity_type_id=4,
organizer_id=1,
attendees_club_id=1,
date_start=timezone.now(),

8
apps/permission/tests/test_permission_queries.py
View file

@ -9,7 +9,7 @@ from django.core.exceptions import FieldError
from django.db.models import F, Q
from django.test import TestCase
from django.utils import timezone
from member.models import Club, Membership
from member.models import Club, Membership, Role
from note.models import NoteUser, Note, NoteClub, NoteSpecial
@ -23,6 +23,12 @@ class PermissionQueryTestCase(TestCase):
def setUpTestData(cls):
user = User.objects.create(username="user")
NoteUser.objects.create(user=user)
membership =Membership.objects.create(
user=user,
club=Club.objects.get(name="BDE")
)
membership.roles.add(Role.objects.get(name="Adhérent"))
membership.save()
def test_permission_queries(self):
"""

5
apps/permission/views.py
View file

@ -131,10 +131,7 @@ class RightsView(TemplateView):
special_memberships = Membership.objects.filter(
date_start__lte=date.today(),
date_end__gte=date.today(),
).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent BDE")
| Q(name="Adhérent Kfet")
| Q(name="Membre de club")
| Q(name="Bureau de club"))
).filter(roles__in=Role.objects.filter((~(Q(name="Adhérent"))
)))\
.order_by("club__name", "user__last_name")\
.distinct().all()

48
apps/registration/tests/test_registration.py
View file

@ -44,10 +44,11 @@ class TestSignup(TestCase):
promotion=Club.objects.get(name="BDE").membership_start.year,
address="Earth",
paid=False,
ml_events_registration="en",
ml_events_registration="fr",
ml_sport_registration=True,
ml_art_registration=True,
))
# Fail I don't know why ?
self.assertRedirects(response, reverse("registration:email_validation_sent"), 302, 200)
self.assertTrue(User.objects.filter(username="toto").exists())
user = User.objects.get(username="toto")
@ -187,30 +188,6 @@ class TestValidateRegistration(TestCase):
Send wrong data and check that errors are detected
"""
# BDE Membership is mandatory
response = self.client.post(reverse("registration:future_user_detail", args=(self.user.pk,)), data=dict(
credit_type=NoteSpecial.objects.get(special_type="Chèque").id,
credit_amount=4200,
last_name="TOTO",
first_name="Toto",
join_bde=False,
join_kfet=False,
))
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["form"].errors)
# Same
response = self.client.post(reverse("registration:future_user_detail", args=(self.user.pk,)), data=dict(
credit_type="",
credit_amount=0,
last_name="TOTO",
first_name="Toto",
join_bde=False,
join_kfet=True,
))
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["form"].errors)
# The BDE membership is not free
response = self.client.post(reverse("registration:future_user_detail", args=(self.user.pk,)), data=dict(
credit_type=NoteSpecial.objects.get(special_type="Espèces").id,
@ -218,7 +195,8 @@ class TestValidateRegistration(TestCase):
last_name="TOTO",
first_name="Toto",
join_bde=True,
join_kfet=True,
join_bda=False,
join_bds=False
))
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["form"].errors)
@ -230,7 +208,8 @@ class TestValidateRegistration(TestCase):
last_name="",
first_name="",
join_bde=True,
join_kfet=True,
join_bda=False,
join_bds=False
))
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["form"].errors)
@ -245,7 +224,8 @@ class TestValidateRegistration(TestCase):
last_name="TOTO",
first_name="Toto",
join_bde=True,
join_kfet=False,
join_bda=False,
join_bds=False
))
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["form"].errors)
@ -269,23 +249,25 @@ class TestValidateRegistration(TestCase):
last_name="TOTO",
first_name="Toto",
join_bde=True,
join_kfet=False,
join_bda=False,
join_bds=True
))
self.assertRedirects(response, self.user.profile.get_absolute_url(), 302, 200)
self.user.profile.refresh_from_db()
self.assertTrue(self.user.profile.registration_valid)
self.assertTrue(NoteUser.objects.filter(user=self.user).exists())
self.assertTrue(Membership.objects.filter(club__name="BDE", user=self.user).exists())
self.assertFalse(Membership.objects.filter(club__name="Kfet", user=self.user).exists())
self.assertFalse(Membership.objects.filter(club__name="BDA", user=self.user).exists())
self.assertTrue(Membership.objects.filter(club__name="BDS", user=self.user).exists())
self.assertEqual(Transaction.objects.filter(
Q(source=self.user.note) | Q(destination=self.user.note)).count(), 2)
Q(source=self.user.note) | Q(destination=self.user.note)).count(), 3)
response = self.client.get(self.user.profile.get_absolute_url())
self.assertEqual(response.status_code, 200)
def test_validate_kfet_registration(self):
"""
The user joins the BDE and the Kfet.
The user joins the BDE,BDA and BDS.
"""
response = self.client.get(reverse("registration:future_user_detail", args=(self.user.pk,)))
self.assertEqual(response.status_code, 200)
@ -313,7 +295,7 @@ class TestValidateRegistration(TestCase):
self.assertTrue(Membership.objects.filter(club__name="BDA", user=self.user).exists())
self.assertTrue(Membership.objects.filter(club__name="BDS", user=self.user).exists())
self.assertEqual(Transaction.objects.filter(
Q(source=self.user.note) | Q(destination=self.user.note)).count(), 3)
Q(source=self.user.note) | Q(destination=self.user.note)).count(), 4)
response = self.client.get(self.user.profile.get_absolute_url())
self.assertEqual(response.status_code, 200)

4
apps/registration/views.py
View file

@ -307,7 +307,7 @@ class FutureUserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin,
first_name=first_name,
valid=True,
)
for auto_club, auto_join, name in zip([bde, bda, bds], [join_bde, join_bda, join_bds], ["Adhérent BDE", "Adhérent BDA", "Adhérent BDS"]):
for auto_club, auto_join in zip([bde, bda, bds], [join_bde, join_bda, join_bds]):
bd_fee = auto_club.membership_fee_paid if user.profile.paid else auto_club.membership_fee_unpaid
if auto_join:
@ -319,7 +319,7 @@ class FutureUserDetailView(ProtectQuerysetMixin, LoginRequiredMixin, FormMixin,
)
membership.save()
membership.refresh_from_db()
membership.roles.add(Role.objects.get(name=name))
membership.roles.add(Role.objects.get(name="Adhérent"))
membership.save()
return ret

2
docs/apps/registration.rst
View file

@ -45,7 +45,7 @@ Une fois l'inscription validée, détail de ce qu'il se passe :
`Trésorerie <treasury>`_ section crédits de la société générale). Nécessairement, le club Kfet doit être rejoint.
* Sinon, on crédite la note du montant demandé par le nouveau membre (avec comme description "Crédit TYPE (Inscription)"
où TYPE est le type de crédit), après avoir vérifié que le crédit est suffisant (on n'ouvre pas une note négative)
* On adhère la personne au BDE, l'adhésion commence aujourd'hui. Il dispose d'un unique rôle : "Adhérent BDE",
* On adhère la personne au BDE, l'adhésion commence aujourd'hui. Il dispose d'un unique rôle : "Adhérent",
lui octroyant un faible nombre de permissions de base, telles que la visualisation de son compte.
* On adhère la personne au club Kfet si cela est demandé, l'adhésion commence aujourd'hui. Il dispose d'un unique rôle :
"Adhérent Kfet", lui octroyant un nombre un peu plus conséquent de permissions basiques, telles que la possibilité de