Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remplace notre implémentation de PermissionRequiredMixin par celle de Django #6262

Merged
merged 1 commit into from
Mar 23, 2022
Merged

Remplace notre implémentation de PermissionRequiredMixin par celle de Django #6262

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 0 additions & 17 deletions zds/member/decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,23 +29,6 @@ def _can_write_and_read_now(request, *args, **kwargs):
return _can_write_and_read_now


class PermissionRequiredMixin:
"""
Represent the basic code that a Generic Class Based View has to use when one or more
permissions are required simultaneously to execute the view
"""

permissions = []

def check_permissions(self):
if False in [self.request.user.has_perm(p) for p in self.permissions]:
raise PermissionDenied

def dispatch(self, *args, **kwargs):
self.check_permissions()
return super().dispatch(*args, **kwargs)


class LoggedWithReadWriteHability(LoginRequiredMixin):
"""
Represent the basic code that a Generic Class View has to use when a logged in user with
Expand Down
11 changes: 6 additions & 5 deletions zds/member/views/emailproviders.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,23 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.decorators import login_required, permission_required
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.contrib.auth.models import User
from django.shortcuts import redirect, get_object_or_404
from django.views.decorators.http import require_POST
from django.views.generic import CreateView
from django.urls import reverse_lazy
from django.utils.translation import gettext_lazy as _

from zds.member.decorator import LoginRequiredMixin, PermissionRequiredMixin
from zds.member.decorator import LoginRequiredMixin
from zds.member.forms import BannedEmailProviderForm
from zds.member.models import NewEmailProvider, BannedEmailProvider, Profile

from zds.utils.paginator import ZdSPagingListView


class NewEmailProvidersList(LoginRequiredMixin, PermissionRequiredMixin, ZdSPagingListView):
permissions = ["member.change_bannedemailprovider"]
permission_required = "member.change_bannedemailprovider"
paginate_by = settings.ZDS_APP["member"]["providers_per_page"]

model = NewEmailProvider
Expand All @@ -43,7 +44,7 @@ def check_new_email_provider(request, provider_pk):
class BannedEmailProvidersList(LoginRequiredMixin, PermissionRequiredMixin, ZdSPagingListView):
"""List the banned email providers."""

permissions = ["member.change_bannedemailprovider"]
permission_required = "member.change_bannedemailprovider"
paginate_by = settings.ZDS_APP["member"]["providers_per_page"]

model = BannedEmailProvider
Expand All @@ -57,7 +58,7 @@ class BannedEmailProvidersList(LoginRequiredMixin, PermissionRequiredMixin, ZdSP
class MembersWithProviderList(LoginRequiredMixin, PermissionRequiredMixin, ZdSPagingListView):
"""List users using a banned email provider."""

permissions = ["member.change_bannedemailprovider"]
permission_required = "member.change_bannedemailprovider"
paginate_by = settings.ZDS_APP["member"]["members_per_page"]

model = User
Expand All @@ -84,7 +85,7 @@ def get_queryset(self):
class AddBannedEmailProvider(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
"""Add an email provider to the banned list."""

permissions = ["member.change_bannedemailprovider"]
permission_required = "member.change_bannedemailprovider"

model = BannedEmailProvider
template_name = "member/admin/add_banned_email_provider.html"
Expand Down
7 changes: 4 additions & 3 deletions zds/member/views/hats.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.decorators import login_required, permission_required
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.contrib.auth.models import User
from django.core.exceptions import PermissionDenied
from django.db import transaction
Expand All @@ -11,7 +12,7 @@
from django.views.decorators.http import require_POST
from django.views.generic import DetailView, CreateView

from zds.member.decorator import LoginRequiredMixin, PermissionRequiredMixin
from zds.member.decorator import LoginRequiredMixin
from zds.member.forms import HatRequestForm
from zds.pages.models import GroupContact
from zds.utils.models import HatRequest, Hat, get_hat_to_add
Expand Down Expand Up @@ -90,7 +91,7 @@ def get_success_url(self):


class RequestedHatsList(LoginRequiredMixin, PermissionRequiredMixin, ZdSPagingListView):
permissions = ["utils.change_hat"]
permission_required = "utils.change_hat"
paginate_by = settings.ZDS_APP["member"]["requested_hats_per_page"]

model = HatRequest
Expand All @@ -105,7 +106,7 @@ class RequestedHatsList(LoginRequiredMixin, PermissionRequiredMixin, ZdSPagingLi


class SolvedHatRequestsList(LoginRequiredMixin, PermissionRequiredMixin, ZdSPagingListView):
permissions = ["utils.change_hat"]
permission_required = "utils.change_hat"
paginate_by = settings.ZDS_APP["member"]["requested_hats_per_page"]

model = HatRequest
Expand Down
5 changes: 3 additions & 2 deletions zds/member/views/reports.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
from datetime import datetime

from django.contrib import messages
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.shortcuts import redirect, get_object_or_404
from django.template.loader import render_to_string
from django.utils.translation import gettext_lazy as _
from django.views.generic import View

from zds.member.decorator import LoginRequiredMixin, PermissionRequiredMixin
from zds.member.decorator import LoginRequiredMixin
from zds.member.models import Profile
from zds.utils.models import Alert

Expand All @@ -27,7 +28,7 @@ def post(self, request, *args, **kwargs):


class SolveProfileReportView(LoginRequiredMixin, PermissionRequiredMixin, View):
permissions = ["member.change_profile"]
permission_required = "member.change_profile"

def post(self, request, *args, **kwargs):
alert = get_object_or_404(Alert, pk=kwargs["alert_pk"], solved=False, scope="PROFILE")
Expand Down
7 changes: 3 additions & 4 deletions zds/tutorialv2/views/comments.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

from django.conf import settings
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
from django.core.exceptions import PermissionDenied
from django.db import transaction
from django.http import Http404, StreamingHttpResponse, HttpResponse
Expand All @@ -14,7 +14,7 @@
from django.views.generic import FormView

from zds import json_handler
from zds.member.decorator import LoggedWithReadWriteHability, PermissionRequiredMixin
from zds.member.decorator import LoggedWithReadWriteHability
from zds.member.views import get_client_ip
from zds.notification.models import ContentReactionAnswerSubscription
from zds.tutorialv2.forms import NoteForm, NoteEditForm
Expand Down Expand Up @@ -260,8 +260,7 @@ def post(self, request, *args, **kwargs):


class ShowReaction(FormView, LoggedWithReadWriteHability, PermissionRequiredMixin):

permissions = ["tutorialv2.change_contentreaction"]
permission_required = "tutorialv2.change_contentreaction"
http_method_names = ["post"]

@method_decorator(transaction.atomic)
Expand Down
7 changes: 4 additions & 3 deletions zds/tutorialv2/views/editorialization.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404, redirect
from django.utils.decorators import method_decorator
from django.utils.translation import gettext_lazy as _

from zds.member.decorator import LoggedWithReadWriteHability, can_write_and_read_now, PermissionRequiredMixin
from zds.member.decorator import LoggedWithReadWriteHability, can_write_and_read_now
from zds.tutorialv2.forms import RemoveSuggestionForm, EditContentTagsForm
from zds.tutorialv2.mixins import SingleContentFormViewMixin
from zds.tutorialv2.models.database import ContentSuggestion, PublishableContent
Expand All @@ -15,7 +16,7 @@ class RemoveSuggestion(PermissionRequiredMixin, SingleContentFormViewMixin):
form_class = RemoveSuggestionForm
modal_form = True
only_draft_version = True
permissions = ["tutorialv2.change_publishablecontent"]
permission_required = "tutorialv2.change_publishablecontent"

@method_decorator(login_required)
@method_decorator(can_write_and_read_now)
Expand Down Expand Up @@ -55,7 +56,7 @@ def describe_type(self):
class AddSuggestion(LoggedWithReadWriteHability, PermissionRequiredMixin, SingleContentFormViewMixin):
only_draft_version = True
authorized_for_staff = True
permissions = ["tutorialv2.change_publishablecontent"]
permission_required = "tutorialv2.change_publishablecontent"

def post(self, request, *args, **kwargs):
publication = get_object_or_404(PublishableContent, pk=kwargs["pk"])
Expand Down
20 changes: 10 additions & 10 deletions zds/tutorialv2/views/validations_contents.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.models import User
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
from django.core.exceptions import PermissionDenied
from django.urls import reverse
from django.db.models import Q
Expand All @@ -14,7 +14,7 @@
from django.utils.translation import gettext_lazy as _
from django.views.generic import ListView, FormView

from zds.member.decorator import PermissionRequiredMixin, LoggedWithReadWriteHability
from zds.member.decorator import LoggedWithReadWriteHability
from zds.mp.models import mark_read
from zds.tutorialv2.forms import (
AskValidationForm,
Expand Down Expand Up @@ -47,7 +47,7 @@
class ValidationListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
"""List the validations, with possibilities of filters"""

permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"
context_object_name = "validations"
template_name = "tutorialv2/validation/index.html"
subcategory = None
Expand Down Expand Up @@ -279,7 +279,7 @@ def form_valid(self, form):
class ReserveValidation(LoginRequiredMixin, PermissionRequiredMixin, FormView):
"""Reserve or remove the reservation on a content"""

permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"

def post(self, request, *args, **kwargs):
validation = get_object_or_404(Validation, pk=kwargs["pk"])
Expand Down Expand Up @@ -338,7 +338,7 @@ def post(self, request, *args, **kwargs):
class ValidationHistoryView(LoginRequiredMixin, PermissionRequiredMixin, RequiresValidationViewMixin):

model = PublishableContent
permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"
template_name = "tutorialv2/validation/history.html"

def get_context_data(self, **kwargs):
Expand All @@ -357,7 +357,7 @@ def get_context_data(self, **kwargs):
class RejectValidation(LoginRequiredMixin, PermissionRequiredMixin, ModalFormView):
"""Reject the publication"""

permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"
form_class = RejectValidationForm

modal_form = True
Expand Down Expand Up @@ -429,7 +429,7 @@ def form_valid(self, form):
class AcceptValidation(LoginRequiredMixin, PermissionRequiredMixin, ModalFormView):
"""Publish the content"""

permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"
form_class = AcceptValidationForm

modal_form = True
Expand Down Expand Up @@ -489,7 +489,7 @@ def form_valid(self, form):
class RevokeValidation(LoginRequiredMixin, PermissionRequiredMixin, SingleOnlineContentFormViewMixin):
"""Unpublish a content and reverse the situation back to a pending validation"""

permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"
form_class = RevokeValidationForm
is_public = True

Expand Down Expand Up @@ -565,7 +565,7 @@ def form_valid(self, form):

class MarkObsolete(LoginRequiredMixin, PermissionRequiredMixin, FormView):

permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"

def get(self, request, *args, **kwargs):
raise Http404("Marquer un contenu comme obsolète n'est pas disponible en GET.")
Expand All @@ -588,7 +588,7 @@ class ActivateJSFiddleInContent(LoginRequiredMixin, PermissionRequiredMixin, For
"""Handles changes a validator or staff member can do on the js fiddle support of the provided content
Only these users can do it"""

permissions = ["tutorialv2.change_publishablecontent"]
permission_required = "tutorialv2.change_publishablecontent"
form_class = JsFiddleActivationForm
http_method_names = ["post"]

Expand Down
16 changes: 8 additions & 8 deletions zds/tutorialv2/views/validations_opinions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

from django.conf import settings
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
from django.contrib.auth.models import User
from django.core.exceptions import PermissionDenied
from django.db.models import F
Expand All @@ -15,7 +15,7 @@
from django.views.generic import FormView, ListView

from zds.gallery.models import Gallery
from zds.member.decorator import LoggedWithReadWriteHability, PermissionRequiredMixin
from zds.member.decorator import LoggedWithReadWriteHability
from zds.tutorialv2.forms import (
PublicationForm,
RevokeValidationForm,
Expand Down Expand Up @@ -155,7 +155,7 @@ class DoNotPickOpinion(PermissionRequiredMixin, DoesNotRequireValidationFormView
form_class = DoNotPickOpinionForm
modal_form = False
prefetch_all = False
permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"
template_name = "tutorialv2/validation/opinion-moderation-history.html"

def get_context_data(self):
Expand Down Expand Up @@ -253,7 +253,7 @@ class RevokePickOperation(PermissionRequiredMixin, FormView):

form_class = DoNotPickOpinionForm
prefetch_all = False
permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"

def get(self, request, *args, **kwargs):
raise Http404("Impossible")
Expand All @@ -277,7 +277,7 @@ class PickOpinion(PermissionRequiredMixin, DoesNotRequireValidationFormViewMixin

modal_form = True
prefetch_all = False
permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"

def get(self, request, *args, **kwargs):
raise Http404(_("Valider un contenu n'est pas possible avec la méthode « GET »."))
Expand Down Expand Up @@ -349,7 +349,7 @@ class UnpickOpinion(PermissionRequiredMixin, DoesNotRequireValidationFormViewMix

modal_form = True
prefetch_all = False
permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"

def get(self, request, *args, **kwargs):
raise Http404(_("Enlever un billet des billets choisis n'est pas possible avec la méthode « GET »."))
Expand Down Expand Up @@ -413,7 +413,7 @@ def form_valid(self, form):
class ValidationOpinionListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
"""List the validations, with possibilities of filters"""

permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"
template_name = "tutorialv2/validation/opinions.html"
context_object_name = "contents"
subcategory = None
Expand All @@ -436,7 +436,7 @@ class PromoteOpinionToArticle(PermissionRequiredMixin, DoesNotRequireValidationF

modal_form = True
prefetch_all = False
permissions = ["tutorialv2.change_validation"]
permission_required = "tutorialv2.change_validation"

def get(self, request, *args, **kwargs):
raise Http404(_("Promouvoir un billet en article n'est pas possible avec la méthode « GET »."))
Expand Down