Commit fa90c853 authored by Patrick's avatar Patrick

Security an cms_toolbar alignment

parent cf25b6c8
......@@ -276,9 +276,7 @@ class BankAccountAdmin(ImportExportMixin, admin.ModelAdmin):
return False
def has_change_permission(self, request, bank_account=None):
if request.user.groups.filter(name__in=[COORDINATION_GROUP, INVOICE_GROUP]).exists() or request.user.is_superuser:
return True
return False
return self.has_add_permission(request)
def get_readonly_fields(self, request, obj=None):
readonly_fields = [
......
......@@ -168,23 +168,17 @@ class BoxAdmin(TranslatableAdmin):
'duplicate_box'
]
def has_delete_permission(self, request, obj=None):
def has_delete_permission(self, request, box=None):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
def has_add_permission(self, request):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
return self.has_delete_permission(request)
def has_change_permission(self, request, obj=None):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
def has_change_permission(self, request, box=None):
return self.has_delete_permission(request, box)
def flip_flop_select_for_offer_status(self, request, queryset):
task_box.flip_flop_is_into_offer(queryset)
......
......@@ -252,10 +252,13 @@ class CustomerWithUserDataAdmin(ImportExportMixin, admin.ModelAdmin):
return False
def has_add_permission(self, request):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
def has_change_permission(self, request, obj=None):
return True
return self.has_add_permission(request)
def get_email(self, customer):
if customer.user is not None:
......
......@@ -9,7 +9,7 @@ from django.utils.translation import ugettext_lazy as _
from repanier.admin.admin_filter import PurchaseFilterByProducerForThisPermanence, \
ProductFilterByDepartmentForThisProducer, OfferItemFilter
from repanier.const import PERMANENCE_CLOSED, PERMANENCE_OPENED
from repanier.const import PERMANENCE_CLOSED, PERMANENCE_OPENED, ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP
from repanier.models import Permanence, Product, LUT_DepartmentForCustomer, Producer
from repanier.tools import sint, update_offer_item
......@@ -142,7 +142,10 @@ class OfferItemClosedAdmin(admin.ModelAdmin):
return False
def has_change_permission(self, request, obj=None):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
def get_actions(self, request):
actions = super(OfferItemClosedAdmin, self).get_actions(request)
......
......@@ -74,7 +74,8 @@ class PermanenceDoneAdmin(TranslatableAdmin):
return False
def has_change_permission(self, request, obj=None):
if request.user.groups.filter(name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
......
......@@ -164,10 +164,7 @@ class PermanenceInPreparationAdmin(TranslatableAdmin):
return self.has_delete_permission(request)
def has_change_permission(self, request, obj=None):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
return self.has_delete_permission(request, obj)
def get_fields(self, request, permanence=None):
fields = [
......
......@@ -228,10 +228,14 @@ class ProducerAdmin(ImportExportMixin, admin.ModelAdmin):
return False
def has_add_permission(self, request):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP,
CONTRIBUTOR_GROUP]).exists() or request.user.is_superuser:
return True
return False
def has_change_permission(self, request, obj=None):
return True
return self.has_add_permission(request)
def get_urls(self):
urls = super(ProducerAdmin, self).get_urls()
......
......@@ -308,10 +308,14 @@ class ProductAdmin(ImportExportMixin, TranslatableAdmin):
return False
def has_add_permission(self, request):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP,
CONTRIBUTOR_GROUP]).exists() or request.user.is_superuser:
return True
return False
def has_change_permission(self, request, obj=None):
return True
return self.has_add_permission(request)
def flip_flop_select_for_offer_status(self, request, queryset):
task_product.flip_flop_is_into_offer(queryset)
......
......@@ -153,7 +153,10 @@ class CustomerSendAdmin(admin.ModelAdmin):
return False
def has_change_permission(self, request, obj=None):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
def get_actions(self, request):
actions = super(CustomerSendAdmin, self).get_actions(request)
......
......@@ -115,7 +115,6 @@ class OfferItemSendDataForm(forms.ModelForm):
previous_unit_deposit = FormMoneyField(
max_digits=8, decimal_places=2, required=False, initial=REPANIER_MONEY_ZERO)
def __init__(self, *args, **kwargs):
getcontext().rounding = ROUND_HALF_UP
super(OfferItemSendDataForm, self).__init__(*args, **kwargs)
......@@ -272,7 +271,10 @@ class OfferItemSendAdmin(admin.ModelAdmin):
return False
def has_change_permission(self, request, obj=None):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
def get_actions(self, request):
actions = super(OfferItemSendAdmin, self).get_actions(request)
......
......@@ -134,10 +134,7 @@ class StaffWithUserDataAdmin(TranslatableAdmin):
return False
def has_change_permission(self, request, staff=None):
if request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or request.user.is_superuser:
return True
return False
return self.has_add_permission(request)
def get_form(self, request, obj=None, **kwargs):
form = super(StaffWithUserDataAdmin, self).get_form(request, obj, **kwargs)
......
......@@ -19,15 +19,23 @@ class RepanierToolbar(CMSToolbar):
from apps import REPANIER_SETTINGS_PERMANENCES_NAME, REPANIER_SETTINGS_INVOICE
if settings.DJANGO_SETTINGS_DEMO:
self.toolbar.get_or_create_menu("demo-menu", _('Demo (%s)') % (DEMO_EMAIL,))
if self.request.user.groups.filter(
name__in=[ORDER_GROUP, INVOICE_GROUP, COORDINATION_GROUP]).exists() or self.request.user.is_superuser:
display_all = True
elif self.request.user.groups.filter(
name=CONTRIBUTOR_GROUP).exists():
display_all = False
else:
return
admin_menu = self.toolbar.get_or_create_menu(ADMIN_MENU_IDENTIFIER, _('Manage'))
position = admin_menu.get_alphabetical_insert_position(
_('Parameters'),
SubMenu
)
if not position:
# TODO : Check this part of the code
# position = admin_menu.get_alphabetical_insert_position(
# _('Parameters'),
# SubMenu
# )
# if not position:
position = 0
admin_menu.add_break('custom-break', position=position)
if display_all:
office_menu = admin_menu.get_or_create_menu(
'parameter-menu',
_('Parameters ...'),
......@@ -47,15 +55,16 @@ class RepanierToolbar(CMSToolbar):
office_menu.add_sideframe_item(_('Delivery Point List'), url=url)
url = reverse('admin:repanier_lut_departmentforcustomer_changelist')
office_menu.add_sideframe_item(_('Departement for Customer List'), url=url)
position += 1
url = reverse('admin:repanier_customer_changelist')
admin_menu.add_sideframe_item(_('Customer List'), url=url, position=position)
position += 1
url = reverse('admin:repanier_producer_changelist')
admin_menu.add_sideframe_item(_('Producer List'), url=url, position=position)
if display_all:
position += 1
url = "%s?is_into_offer__exact=1" % reverse('admin:repanier_box_changelist')
admin_menu.add_sideframe_item(_('Box List'), url=url, position=position)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment