add permissions RH
[auf_rh_dae.git] / project / rh / lib.py
index e915ed8..e073356 100644 (file)
@@ -30,16 +30,23 @@ class LinkedInline(admin.options.InlineModelAdmin):
 class ProtectRegionMixin(object):
 
     def queryset(self, request):
+        from dae.workflow import grp_drh, grp_correspondants_rh
         qs = super(ProtectRegionMixin, self).queryset(request)
 
         if request.user.is_superuser:
             return qs
 
-        employe = get_employe_from_user(request.user)
+        user_groups = request.user.groups.all()
 
-        q = Q(**{self.model.prefix_implantation: employe.implantation.region})
-        qs = qs.filter(q).distinct()
-        return qs
+        if grp_drh in user_groups:
+            return qs
+
+        if grp_correspondants_rh in user_groups:
+            employe = get_employe_from_user(request.user)
+            q = Q(**{self.model.prefix_implantation: employe.implantation.region})
+            qs = qs.filter(q).distinct()
+            return qs
+        return qs.none()
 
     def has_change_permission(self, request, obj=None):
         if request.user.is_superuser:
@@ -280,9 +287,6 @@ class DossierAdmin(AUFMetadataAdminMixin, ProtectRegionMixin, admin.ModelAdmin,)
         }),
     )
 
-    def queryset(self, request):
-        return self.model.actifs.all()
-
     class Media:
         js = ('js/dossier.js',)