[auf_rh_dae.git] / project / decorators.py

# -*- encoding: utf-8 -*-
"""
Décorateurs AUF
"""
from django.core.cache import cache
from django.http import HttpResponseRedirect
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.db.models import Q
from django.utils.http import urlquote

from project import groups


def redirect_interdiction(request, msg=u"Vous n'avez pas accès à cette page"):
    """
    Redirection du la page de login avec un message d'erreur.
    """
    login_url = settings.LOGIN_URL
    path = urlquote(request.get_full_path())
    tup = login_url, REDIRECT_FIELD_NAME, path
    messages.add_message(
        request, messages.ERROR,
        "Votre compte ne permet pas d'accéder à cette partie de l'application."
    )
    return HttpResponseRedirect('%s?%s=%s' % tup)


def in_drh_or_admin(user):
    """
    Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin
    """
    key = "in_drh_or_admin_%s" % user.id
    granted = cache.get(key, None)
    if granted is not None:
        return granted

    user_groups = [g.name for g in user.groups.all()]
    if user.is_superuser or \
            groups.DRH_NIVEAU_1 in user_groups or \
            groups.DRH_NIVEAU_2 in user_groups:
        granted = True
    else:
        granted = False
    cache.set(key, granted)
    return granted


def drh_or_admin_required(fn):
    """
    Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin
    """
    def inner(request, *args, **kwargs):
        user = request.user
        if in_drh_or_admin(user):
            return fn(request, *args, **kwargs)

        msg = u"Votre compte ne permet pas d'accéder à " \
              u"cette partie de l'application."
        return redirect_interdiction(request, msg)

    return inner


def region_protected(model):
    def wrapper(func):
        def wrapped(request, id):
            if request.user.is_superuser:
                return func(request, id)
            user_groups = [g.name for g in request.user.groups.all()]
            if groups.DRH_NIVEAU_1 in user_groups or \
               groups.DRH_NIVEAU_2 in user_groups:
                return func(request, id)
            if groups.CORRESPONDANT_RH in user_groups or \
               groups.ADMINISTRATEURS in user_groups or \
               groups.DIRECTEUR_DE_BUREAU in user_groups:
                zones = groups.get_zones_from_user(request.user)
                qkey = '%s__in' % model.prefix_implantation
                q = Q(**{qkey: zones})
                qs = model.objects.filter(q)
                if int(id) in [o.id for o in qs]:
                    return func(request, id)
            return redirect_interdiction(request)
        return wrapped
    return wrapper


def in_one_of_group(groups):
    """
    Test si le user appartient au moins 1 des ces groupes
    """
    def wrapper(fn):
        def wrapped(request, *args, **kwargs):
            user_groups = [g.name for g in request.user.groups.all()]
            for g in user_groups:
                if g in groups:
                    return fn(request, *args, **kwargs)
            msg = u"Votre compte ne permet pas d'accéder "\
                  u"à cette partie de l'application."
            return redirect_interdiction(request, msg)
        return wrapped
    return wrapper
Commit	Line	Data
e993f3dc	1	# -- encoding: utf-8 --
	2	"""
	3	Décorateurs AUF
	4	"""
9daa9f48	5	from django.core.cache import cache
e993f3dc	6	from django.http import HttpResponseRedirect
02c1b3dc	7	from django.conf import settings
acbc95a1	8	from django.contrib import messages
02c1b3dc	9	from django.contrib.auth import REDIRECT_FIELD_NAME
d005588c	10	from django.db.models import Q
02c1b3dc	11	from django.utils.http import urlquote
e993f3dc	12
c3550a05	13	from project import groups
ae99002a	14
018c8eaf	15
02c1b3dc JPC	16	def redirect_interdiction(request, msg=u"Vous n'avez pas accès à cette page"):
	17	"""
	18	Redirection du la page de login avec un message d'erreur.
	19	"""
	20	login_url = settings.LOGIN_URL
	21	path = urlquote(request.get_full_path())
	22	tup = login_url, REDIRECT_FIELD_NAME, path
d005588c DB	23	messages.add_message(
	24	request, messages.ERROR,
	25	"Votre compte ne permet pas d'accéder à cette partie de l'application."
	26	)
02c1b3dc	27	return HttpResponseRedirect('%s?%s=%s' % tup)
d005588c DB	28
d005588c DB	29
018c8eaf DB	30	def in_drh_or_admin(user):
	31	"""
	32	Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin
	33	"""
9daa9f48 OL	34	key = "in_drh_or_admin_%s" % user.id
	35	granted = cache.get(key, None)
	36	if granted is not None:
	37	return granted
	38
3383b2d1	39	user_groups = [g.name for g in user.groups.all()]
018c8eaf	40	if user.is_superuser or \
3383b2d1 OL	41	groups.DRH_NIVEAU_1 in user_groups or \
3383b2d1 OL	42	groups.DRH_NIVEAU_2 in user_groups:
9daa9f48	43	granted = True
018c8eaf	44	else:
9daa9f48 OL	45	granted = False
	46	cache.set(key, granted)
	47	return granted
d005588c DB	48
d005588c DB	49
018c8eaf DB	50	def drh_or_admin_required(fn):
	51	"""
	52	Teste si un user Django fait parti du groupe DRH, DRH2 ou s'il est admin
	53	"""
	54	def inner(request, args, *kwargs):
	55	user = request.user
	56	if in_drh_or_admin(user):
	57	return fn(request, args, *kwargs)
02c1b3dc	58
018c8eaf	59	msg = u"Votre compte ne permet pas d'accéder à " \
9daa9f48	60	u"cette partie de l'application."
018c8eaf	61	return redirect_interdiction(request, msg)
02c1b3dc	62
018c8eaf	63	return inner
d005588c DB	64
d005588c DB	65
ae99002a DB	66	def region_protected(model):
	67	def wrapper(func):
	68	def wrapped(request, id):
	69	if request.user.is_superuser:
	70	return func(request, id)
3383b2d1 OL	71	user_groups = [g.name for g in request.user.groups.all()]
	72	if groups.DRH_NIVEAU_1 in user_groups or \
	73	groups.DRH_NIVEAU_2 in user_groups:
ae99002a	74	return func(request, id)
3383b2d1 OL	75	if groups.CORRESPONDANT_RH in user_groups or \
	76	groups.ADMINISTRATEURS in user_groups or \
	77	groups.DIRECTEUR_DE_BUREAU in user_groups:
e8b6a20c BS	78	zones = groups.get_zones_from_user(request.user)
e8b6a20c BS	79	qkey = '%s__in' % model.prefix_implantation
9daa9f48	80	q = Q(**{qkey: zones})
ae99002a DB	81	qs = model.objects.filter(q)
	82	if int(id) in [o.id for o in qs]:
	83	return func(request, id)
	84	return redirect_interdiction(request)
	85	return wrapped
	86	return wrapper
b0cf30b8 EMS	87
b0cf30b8 EMS	88
82c5e37d DB	89	def in_one_of_group(groups):
	90	"""
	91	Test si le user appartient au moins 1 des ces groupes
	92	"""
	93	def wrapper(fn):
	94	def wrapped(request, args, *kwargs):
3383b2d1	95	user_groups = [g.name for g in request.user.groups.all()]
82c5e37d DB	96	for g in user_groups:
	97	if g in groups:
	98	return fn(request, args, *kwargs)
9daa9f48 OL	99	msg = u"Votre compte ne permet pas d'accéder "\
9daa9f48 OL	100	u"à cette partie de l'application."
82c5e37d DB	101	return redirect_interdiction(request, msg)
	102	return wrapped
	103	return wrapper