kickoff permissions #1383

diff --git a/project/context_processors.py b/project/context_processors.py
new file mode 100644 (file)
index 0000000..566b745
--- /dev/null
+++ b/project/context_processors.py
@@ -0,0 +1,11 @@
+# -*- encoding: utf-8 -*-
+from permissions import is_admin
+
+# Ajout de variables accessibles dans les templates (pour tester permissions dans templates)
+
+def utilisateur(request):
+    return {'utilisateur': request.user}
+    
+def user_is_admin(request):
+    return {'user_is_admin': not request.user.is_anonymous() and is_admin(request.user)}
+

diff --git a/project/dae/views.py b/project/dae/views.py
index f463e74..d673e07 100644 (file)
--- a/project/dae/views.py
+++ b/project/dae/views.py
@@ -6,11 +6,11 @@ from project.dae.forms import PosteForm, PosteFinancementForm
 from project.dae import models as dae
 from project.rh_v1 import models as rh
 
+from project.decorators import admin_required
 
 def index(request):
     return render_to_response('dae/index.html', {}, RequestContext(request))
 
-
 def poste(request, key=None):
     """ Formulaire pour un poste.
 

diff --git a/project/decorators.py b/project/decorators.py
new file mode 100644 (file)
index 0000000..0f46ba3
--- /dev/null
+++ b/project/decorators.py
@@ -0,0 +1,20 @@
+# -*- encoding: utf-8 -*-
+"""
+Décorateurs AUF
+"""
+from django.contrib.auth.decorators import user_passes_test
+from django.core.urlresolvers import reverse
+from django.http import HttpResponseRedirect
+#from helpdesk.models import Ticket, TicketCC
+from permissions import is_employe, is_admin
+
+# Décorateurs des fonctions dans views (pour tester permissions dans views)
+    
+def admin_required(fn):
+    def inner(request, *args, **kwargs):
+        user = request.user
+        if is_admin(user):
+            return fn(request, *args, **kwargs)
+        else :
+            return HttpResponseRedirect(reverse('index'))
+    return inner

diff --git a/project/permissions.py b/project/permissions.py
new file mode 100644 (file)
index 0000000..4ea1554
--- /dev/null
+++ b/project/permissions.py
@@ -0,0 +1,15 @@
+# -*- encoding: utf-8 -*-
+
+from django.contrib.auth.decorators import user_passes_test
+from django.contrib.auth.models import Group
+
+# Logique AUF des permissions
+
+def is_employe(user):
+    return user.is_authenticated() and user.is_active and user.is_staff
+
+def is_admin(user):
+    """
+    Un admin est un employé qui est superuser
+    """
+    return is_employe(user) and user.is_superuser

diff --git a/project/rh/templates/rh/index.html b/project/rh/templates/rh/index.html
index 20c5de5..d1cccdd 100644 (file)
--- a/project/rh/templates/rh/index.html
+++ b/project/rh/templates/rh/index.html
@@ -16,6 +16,5 @@ Voici les modules actuellement disponibles :
 <ul>
     <li><a href="{% url dae_index %}">Demande d'autorisation d'embauche (DAE)</a></li>
 </ul>
-
 {% endblock %}
 

diff --git a/project/settings.py b/project/settings.py
index 9661a13..77826fe 100644 (file)
--- a/project/settings.py
+++ b/project/settings.py
@@ -69,6 +69,8 @@ TEMPLATE_CONTEXT_PROCESSORS = (
     'django.contrib.messages.context_processors.messages',
     'django.core.context_processors.request',
     'auf.django.skin.context_processors.auf',
+    'project.context_processors.utilisateur',
+    'project.context_processors.user_is_admin',
 )
 
 AUTHENTICATION_BACKENDS = (