project/decorators.py

   1 # -*- encoding: utf-8 -*-
   2 """
   3 Décorateurs AUF
   4 """
   5 from django.core.cache import cache
   6 from django.http import HttpResponseRedirect
   7 from django.conf import settings
   8 from django.contrib import messages
   9 from django.contrib.auth import REDIRECT_FIELD_NAME
  10 from django.db.models import Q
  11 from django.utils.http import urlquote
  12
  13 from project import groups
  14
  15
  16 def redirect_interdiction(request, msg=u"Vous n'avez pas accès à cette page"):
  17     """
  18     Redirection du la page de login avec un message d'erreur.
  19     """
  20     login_url = settings.LOGIN_URL
  21     path = urlquote(request.get_full_path())
  22     tup = login_url, REDIRECT_FIELD_NAME, path
  23     messages.add_message(
  24         request, messages.ERROR,
  25         "Votre compte ne permet pas d'accéder à cette partie de l'application."
  26     )
  27     return HttpResponseRedirect('%s?%s=%s' % tup)
  28
  29
  30 def in_drh_or_admin(user):
  31     """
  32     Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin
  33     """
  34     key = "in_drh_or_admin_%s" % user.id
  35     granted = cache.get(key, None)
  36     if granted is not None:
  37         return granted
  38
  39     user_groups = [g.name for g in user.groups.all()]
  40     if user.is_superuser or \
  41             groups.DRH_NIVEAU_1 in user_groups or \
  42             groups.DRH_NIVEAU_2 in user_groups:
  43         granted = True
  44     else:
  45         granted = False
  46     cache.set(key, granted)
  47     return granted
  48
  49
  50 def drh_or_admin_required(fn):
  51     """
  52     Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin
  53     """
  54     def inner(request, *args, **kwargs):
  55         user = request.user
  56         if in_drh_or_admin(user):
  57             return fn(request, *args, **kwargs)
  58
  59         msg = u"Votre compte ne permet pas d'accéder à " \
  60               u"cette partie de l'application."
  61         return redirect_interdiction(request, msg)
  62
  63     return inner
  64
  65
  66 def region_protected(model):
  67     def wrapper(func):
  68         def wrapped(request, id):
  69             if request.user.is_superuser:
  70                 return func(request, id)
  71             user_groups = [g.name for g in request.user.groups.all()]
  72             if groups.DRH_NIVEAU_1 in user_groups or \
  73                groups.DRH_NIVEAU_2 in user_groups:
  74                 return func(request, id)
  75             if groups.CORRESPONDANT_RH in user_groups or \
  76                groups.ADMINISTRATEURS in user_groups or \
  77                groups.DIRECTEUR_DE_BUREAU in user_groups:
  78                 zones = groups.get_zones_from_user(request.user)
  79                 qkey = '%s__in' % model.prefix_implantation
  80                 q = Q(**{qkey: zones})
  81                 qs = model.objects.filter(q)
  82                 if int(id) in [o.id for o in qs]:
  83                     return func(request, id)
  84             return redirect_interdiction(request)
  85         return wrapped
  86     return wrapper
  87
  88
  89 def in_one_of_group(groups):
  90     """
  91     Test si le user appartient au moins 1 des ces groupes
  92     """
  93     def wrapper(fn):
  94         def wrapped(request, *args, **kwargs):
  95             user_groups = [g.name for g in request.user.groups.all()]
  96             for g in user_groups:
  97                 if g in groups:
  98                     return fn(request, *args, **kwargs)
  99             msg = u"Votre compte ne permet pas d'accéder "\
 100                   u"à cette partie de l'application."
 101             return redirect_interdiction(request, msg)
 102         return wrapped
 103     return wrapper