From: Olivier Larchevêque Date: Tue, 20 Mar 2012 15:38:53 +0000 (-0400) Subject: protect against usurpation X-Git-Tag: 1.6.5~184 X-Git-Url: http://git.auf.org/?p=auf_rh_dae.git;a=commitdiff_plain;h=5fe6986f6aad5187a652545ac93f37b9f1f307ee protect against usurpation --- diff --git a/project/recrutement/admin.py b/project/recrutement/admin.py index 79c7c75..6b346c2 100644 --- a/project/recrutement/admin.py +++ b/project/recrutement/admin.py @@ -496,8 +496,13 @@ class CandidatEvaluationAdmin(admin.ModelAdmin): }), ) - ### Actions à afficher def get_actions(self, request): + # on stocke l'evaluateur connecté (pas forcément la meilleure place...) + try: + self.evaluateur = Evaluateur.objects.get(user=request.user) + except: + self.evaluateur = None + actions = super(CandidatEvaluationAdmin, self).get_actions(request) del actions['delete_selected'] return actions @@ -511,9 +516,16 @@ class CandidatEvaluationAdmin(admin.ModelAdmin): """ page = self.model.__name__.lower() redirect_url = 'admin:recrutement_%s_change' % page + if obj.note is None: - return "Candidat non évalué" % (reverse(redirect_url, args=(obj.id,))) - return "%s" % (reverse(redirect_url, args=(obj.id,)), obj.note) + label = "Candidat non évalué" + else: + label = obj.note + + if self.evaluateur == obj.evaluateur: + return "%s" % (reverse(redirect_url, args=(obj.id,)), label) + else: + return label _note.allow_tags = True _note.short_description = "Note" _note.admin_order_field = 'note' @@ -625,7 +637,7 @@ class MesCandidatEvaluationAdmin(CandidatEvaluationAdmin): except: is_evaluateur = False - if obj is None or is_evaluateur: + if obj is None and is_evaluateur: return True try: