Commit | Line | Data |
---|---|---|
e993f3dc | 1 | # -*- encoding: utf-8 -*- |
2 | """ | |
3 | Décorateurs AUF | |
4 | """ | |
9daa9f48 | 5 | from django.core.cache import cache |
e993f3dc | 6 | from django.http import HttpResponseRedirect |
02c1b3dc | 7 | from django.conf import settings |
acbc95a1 | 8 | from django.contrib import messages |
02c1b3dc | 9 | from django.contrib.auth import REDIRECT_FIELD_NAME |
d005588c | 10 | from django.db.models import Q |
02c1b3dc | 11 | from django.utils.http import urlquote |
e993f3dc | 12 | |
c3550a05 | 13 | from project import groups |
ae99002a | 14 | |
018c8eaf | 15 | |
02c1b3dc JPC |
16 | def redirect_interdiction(request, msg=u"Vous n'avez pas accès à cette page"): |
17 | """ | |
18 | Redirection du la page de login avec un message d'erreur. | |
19 | """ | |
20 | login_url = settings.LOGIN_URL | |
21 | path = urlquote(request.get_full_path()) | |
22 | tup = login_url, REDIRECT_FIELD_NAME, path | |
d005588c DB |
23 | messages.add_message( |
24 | request, messages.ERROR, | |
25 | "Votre compte ne permet pas d'accéder à cette partie de l'application." | |
26 | ) | |
02c1b3dc | 27 | return HttpResponseRedirect('%s?%s=%s' % tup) |
d005588c DB |
28 | |
29 | ||
018c8eaf DB |
30 | def in_drh_or_admin(user): |
31 | """ | |
32 | Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin | |
33 | """ | |
9daa9f48 OL |
34 | key = "in_drh_or_admin_%s" % user.id |
35 | granted = cache.get(key, None) | |
36 | if granted is not None: | |
37 | return granted | |
38 | ||
3383b2d1 | 39 | user_groups = [g.name for g in user.groups.all()] |
018c8eaf | 40 | if user.is_superuser or \ |
3383b2d1 OL |
41 | groups.DRH_NIVEAU_1 in user_groups or \ |
42 | groups.DRH_NIVEAU_2 in user_groups: | |
9daa9f48 | 43 | granted = True |
018c8eaf | 44 | else: |
9daa9f48 OL |
45 | granted = False |
46 | cache.set(key, granted) | |
47 | return granted | |
d005588c DB |
48 | |
49 | ||
018c8eaf DB |
50 | def drh_or_admin_required(fn): |
51 | """ | |
52 | Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin | |
53 | """ | |
54 | def inner(request, *args, **kwargs): | |
55 | user = request.user | |
56 | if in_drh_or_admin(user): | |
57 | return fn(request, *args, **kwargs) | |
02c1b3dc | 58 | |
018c8eaf | 59 | msg = u"Votre compte ne permet pas d'accéder à " \ |
9daa9f48 | 60 | u"cette partie de l'application." |
018c8eaf | 61 | return redirect_interdiction(request, msg) |
02c1b3dc | 62 | |
018c8eaf | 63 | return inner |
d005588c DB |
64 | |
65 | ||
ae99002a DB |
66 | def region_protected(model): |
67 | def wrapper(func): | |
68 | def wrapped(request, id): | |
69 | if request.user.is_superuser: | |
70 | return func(request, id) | |
3383b2d1 OL |
71 | user_groups = [g.name for g in request.user.groups.all()] |
72 | if groups.DRH_NIVEAU_1 in user_groups or \ | |
73 | groups.DRH_NIVEAU_2 in user_groups: | |
ae99002a | 74 | return func(request, id) |
3383b2d1 OL |
75 | if groups.CORRESPONDANT_RH in user_groups or \ |
76 | groups.ADMINISTRATEURS in user_groups or \ | |
77 | groups.DIRECTEUR_DE_BUREAU in user_groups: | |
e8b6a20c BS |
78 | zones = groups.get_zones_from_user(request.user) |
79 | qkey = '%s__in' % model.prefix_implantation | |
9daa9f48 | 80 | q = Q(**{qkey: zones}) |
ae99002a DB |
81 | qs = model.objects.filter(q) |
82 | if int(id) in [o.id for o in qs]: | |
83 | return func(request, id) | |
84 | return redirect_interdiction(request) | |
85 | return wrapped | |
86 | return wrapper | |
b0cf30b8 EMS |
87 | |
88 | ||
82c5e37d DB |
89 | def in_one_of_group(groups): |
90 | """ | |
91 | Test si le user appartient au moins 1 des ces groupes | |
92 | """ | |
93 | def wrapper(fn): | |
94 | def wrapped(request, *args, **kwargs): | |
3383b2d1 | 95 | user_groups = [g.name for g in request.user.groups.all()] |
82c5e37d DB |
96 | for g in user_groups: |
97 | if g in groups: | |
98 | return fn(request, *args, **kwargs) | |
9daa9f48 OL |
99 | msg = u"Votre compte ne permet pas d'accéder "\ |
100 | u"à cette partie de l'application." | |
82c5e37d DB |
101 | return redirect_interdiction(request, msg) |
102 | return wrapped | |
103 | return wrapper |