add permissions RH
[auf_rh_dae.git] / project / rh / views.py
index bd714ed..e6a2354 100644 (file)
@@ -194,6 +194,30 @@ def rapports_remuneration(request):
 
     return render_to_response('rh/rapports/remuneration.html', c, RequestContext(request))
 
 
     return render_to_response('rh/rapports/remuneration.html', c, RequestContext(request))
 
+def region_protected(model):
+    def wrapper(func):
+        def wrapped(request, id):
+            from django.db.models import Q
+            from dae.utils import get_employe_from_user
+            from dae.decorators import redirect_interdiction
+            from dae.workflow import grp_drh, grp_correspondants_rh
+            if request.user.is_superuser:
+                return func(request, id)
+            user_groups = request.user.groups.all()
+            if grp_drh in user_groups:
+                return func(request, id)
+            if grp_correspondants_rh in user_groups:
+                employe = get_employe_from_user(request.user)
+                q = Q(**{model.prefix_implantation: employe.implantation.region})
+                qs = model.objects.filter(q)
+                if id in [o.id for o in qs]:
+                    return func(request, id)
+            return redirect_interdiction(request)
+        return wrapped
+    return wrapper
+
+
+@region_protected(rh.Dossier)
 def dossier_apercu(request, dossier_id):
     c = {
         'is_popup' : request.GET.get('_popup', False),
 def dossier_apercu(request, dossier_id):
     c = {
         'is_popup' : request.GET.get('_popup', False),
@@ -202,6 +226,7 @@ def dossier_apercu(request, dossier_id):
     }
     return render_to_response('admin/rh/dossier/apercu.html', c, RequestContext(request))
 
     }
     return render_to_response('admin/rh/dossier/apercu.html', c, RequestContext(request))
 
+@region_protected(rh.Employe)
 def employe_apercu(request, employe_id):
     employe = get_object_or_404(rh.Employe, pk=employe_id)
     try:
 def employe_apercu(request, employe_id):
     employe = get_object_or_404(rh.Employe, pk=employe_id)
     try:
@@ -216,6 +241,8 @@ def employe_apercu(request, employe_id):
     }
     return render_to_response('admin/rh/employe/apercu.html', c, RequestContext(request))
 
     }
     return render_to_response('admin/rh/employe/apercu.html', c, RequestContext(request))
 
+
+@region_protected(rh.Poste)
 def poste_apercu(request, poste_id):
     c = {
         'is_popup' : request.GET.get('_popup', False),
 def poste_apercu(request, poste_id):
     c = {
         'is_popup' : request.GET.get('_popup', False),