projets / auf_rh_dae.git / blame
| Commit | Line | Data |
|---|---|---|
| e993f3dc | 1 | # -*- encoding: utf-8 -*- |
| 2 | """ | |
| 3 | Décorateurs AUF | |
| 4 | """ | |
| e993f3dc | 5 | from django.http import HttpResponseRedirect |
| 02c1b3dc | 6 | from django.conf import settings |
| acbc95a1 | 7 | from django.contrib import messages |
| 02c1b3dc | 8 | from django.contrib.auth import REDIRECT_FIELD_NAME |
| d005588c | 9 | from django.db.models import Q |
| 02c1b3dc | 10 | from django.utils.http import urlquote |
| e993f3dc | 11 | |
| ae99002a | 12 | from project.groups import grp_drh, grp_drh2, grp_correspondants_rh |
| afd3be54 | 13 | from project.groups import get_employe_from_user |
| ae99002a | 14 | |
| 018c8eaf | 15 | |
| 02c1b3dc JPC |
16 | def redirect_interdiction(request, msg=u"Vous n'avez pas accès à cette page"): |
| 17 | """ | |
| 18 | Redirection du la page de login avec un message d'erreur. | |
| 19 | """ | |
| 20 | login_url = settings.LOGIN_URL | |
| 21 | path = urlquote(request.get_full_path()) | |
| 22 | tup = login_url, REDIRECT_FIELD_NAME, path | |
| d005588c DB |
23 | messages.add_message( |
| 24 | request, messages.ERROR, | |
| 25 | "Votre compte ne permet pas d'accéder à cette partie de l'application." | |
| 26 | ) | |
| 02c1b3dc | 27 | return HttpResponseRedirect('%s?%s=%s' % tup) |
| d005588c DB |
28 | |
| 29 | ||
| 018c8eaf DB |
30 | def in_drh_or_admin(user): |
| 31 | """ | |
| 32 | Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin | |
| 33 | """ | |
| 34 | groups = user.groups.all() | |
| 35 | if user.is_superuser or \ | |
| 36 | grp_drh in groups or \ | |
| 37 | grp_drh2 in groups: | |
| 38 | return True | |
| 39 | else: | |
| 40 | return False | |
| d005588c DB |
41 | |
| 42 | ||
| 018c8eaf DB |
43 | def drh_or_admin_required(fn): |
| 44 | """ | |
| 45 | Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin | |
| 46 | """ | |
| 47 | def inner(request, *args, **kwargs): | |
| 48 | user = request.user | |
| 49 | if in_drh_or_admin(user): | |
| 50 | return fn(request, *args, **kwargs) | |
| 02c1b3dc | 51 | |
| 018c8eaf DB |
52 | msg = u"Votre compte ne permet pas d'accéder à " \ |
| 53 | u"cette partie de l'application." | |
| 54 | return redirect_interdiction(request, msg) | |
| 02c1b3dc | 55 | |
| 018c8eaf | 56 | return inner |
| d005588c DB |
57 | |
| 58 | ||
| ae99002a DB |
59 | def region_protected(model): |
| 60 | def wrapper(func): | |
| 61 | def wrapped(request, id): | |
| 62 | if request.user.is_superuser: | |
| 63 | return func(request, id) | |
| 64 | user_groups = request.user.groups.all() | |
| 65 | if grp_drh in user_groups: | |
| 66 | return func(request, id) | |
| 67 | if grp_correspondants_rh in user_groups: | |
| 68 | employe = get_employe_from_user(request.user) | |
| 69 | q = Q(**{ | |
| 70 | model.prefix_implantation: employe.implantation.region | |
| 71 | }) | |
| 72 | qs = model.objects.filter(q) | |
| 73 | if int(id) in [o.id for o in qs]: | |
| 74 | return func(request, id) | |
| 75 | return redirect_interdiction(request) | |
| 76 | return wrapped | |
| 77 | return wrapper |