Commit cc15cb36b066412d2683c8b4bbf38b77353cc27c

Authored by Alexis Koralewski
1 parent aaf35888
Exists in dev

improving user actions checking for user_manager and obsconfig

src/core/pyros_django/dashboard/templates/dashboard/settings.html
... ... @@ -85,7 +85,7 @@
85 85 <div class="setting-section">
86 86 <ul class="setting-grid">
87 87  
88   - {% if USER_LEVEL|ifinlist:"Admin,Unit-PI" %}
  88 + {% if USER_LEVEL|ifinlist:"Admin,Unit-PI,Unit-board" %}
89 89 {% comment %}
90 90 <li>
91 91 <div class="setting-box setting-img-system">
... ...
src/core/pyros_django/dashboard/views.py
... ... @@ -169,8 +169,7 @@ def settings(request):
169 169 '''
170 170 View called to see the settings (for the software, observatory, users...) page
171 171 '''
172   - USER_LEVEL = request.user.get_priority()
173   -
  172 + CAN_VIEW_PERIOD = request.session.get("role") in ("Admin", "Unit-PI", "Observer", "Unit-board")
174 173 return(render(request, "dashboard/settings.html", locals()))
175 174  
176 175 def retrieve_main_icon(request):
... ...
src/core/pyros_django/user_manager/templates/user_manager/user_detail.html
... ... @@ -54,33 +54,36 @@
54 54 <p><strong>Quota : </strong>{{ user.quota }}</p>
55 55 {% endcomment %}
56 56 {% if scientific_programs|length > 0 %}
57   - <p><strong>Scientific Program(s) : </strong> <table class="table table-bordered table-hover table-striped" style="font-family: 'Montserra', sans-serif;">
58   -
59   - <thead>
60   - <tr>
61   - <th>Scientific Program</th>
62   - </tr>
63   - </thead>
64   -
65   - <tbody>
66   - {% for sp in scientific_programs %}
67   - <tr>
68   - <td> <a href="{% url "detail_scientific_program" sp.pk %}">{{ sp }} </a></td>
69   - </tr>
70   - {% endfor %}
71   - </tbody>
72   - </table></p>
  57 + <p><strong>Scientific Program(s) : </strong> <table class="table table-bordered table-hover table-striped" style="font-family: 'Montserra', sans-serif;">
  58 +
  59 + <thead>
  60 + <tr>
  61 + <th>Scientific Program</th>
  62 + </tr>
  63 + </thead>
  64 +
  65 + <tbody>
  66 + {% for sp in scientific_programs %}
  67 + <tr>
  68 + <td> <a href="{% url "detail_scientific_program" sp.pk %}">{{ sp }} </a></td>
  69 + </tr>
  70 + {% endfor %}
  71 + </tbody>
  72 + </table></p>
73 73 {% endif %}
74   - {% if current_user.id is user.id or USER_LEVEL|ifinlist:"Admin,Unit-PI,Unit board"%}
  74 + {% if CAN_VIEW_VALIDATOR %}
75 75 <p><strong>Validator : </strong>{{ user.validator }}</p>
76 76 {% if user.motive_of_registration|length > 0 %}
77 77 <p><strong>Motive of registration : </strong>{{ user.motive_of_registration }}</p>
78 78 {% endif %}
  79 + {% endif %}
  80 + {% if CAN_EDIT_USER %}
79 81 <a href="{% url "user-edit" user.pk %}" class="btn btn-info" role="button">Edit</a>
80   - {% if USER_LEVEL|ifinlist:"Admin,Unit-PI,Unit board" %}
81   - {% if not is_last_user or not user.is_superuser%}
82   - <a href="{% url "change_activate" user.pk current_user.id %}" class="btn btn-danger" role="button">{% active_account user.pk %} </a>
83   - {% endif %}
  82 + {% endif %}
  83 + {% if CAN_ACTIVATE_USER %}
  84 + <a href="{% url "change_activate" user.pk current_user.id %}" class="btn btn-danger" role="button">{% active_account user.pk %} </a>
  85 + {% endif %}
  86 + {% if CAN_DELETE_USER %}
84 87 <button type="button" class="btn btn-danger open-modal" id="open_modal_delete">Delete</button>
85 88 {# start of modal #}
86 89 <div id="modal_delete">
... ... @@ -101,7 +104,6 @@
101 104 </div>
102 105 {# end of modal #}
103 106  
104   - {% endif %}
105 107 {% endif %}
106 108 <a href="{% url "users" %}" class="btn btn-info" role="button">Return to list of users</a>
107 109 {% endblock %}
108 110 \ No newline at end of file
... ...
src/core/pyros_django/user_manager/templates/user_manager/user_detail_edit.html
... ... @@ -4,7 +4,7 @@
4 4 <form id="siteForm" action="" method="post">
5 5 {% csrf_token %}
6 6 {{ form.as_p }}
7   - {% if current_user.id is user.id or USER_LEVEL|ifinlist:"Admin,Unit-PI,Unit board" %}
  7 + {% if CAN_EDIT_ROLE %}
8 8 <label> Roles : </label>
9 9 {% for role in roles %}
10 10 <br>
... ...
src/core/pyros_django/user_manager/templates/user_manager/users_management.html
... ... @@ -17,7 +17,7 @@
17 17  
18 18 <div id="div_users"class="row">
19 19 <h3>List of active users </h3>
20   - {% if user.get_priority >= 6 %}
  20 + {% if CAN_ADD_USER %}
21 21 <a href="{% url "create_user" %}" class="btn btn-info" role="button">Create new user </a>
22 22 {% endif %}
23 23 <div class="table-responsive">
... ...
src/core/pyros_django/user_manager/views.py
... ... @@ -146,16 +146,6 @@ def login_validation(request):
146 146 error = True
147 147 return(render(request, "user_manager/home_login.html", locals()))
148 148  
149   -@login_required
150   -def profile(request):
151   - '''
152   - View called to see the current user profile
153   - '''
154   - #current_user = request.user
155   - #USER_LEVEL = request.user.get_priority()
156   - #if (current_user.get_priority() < 4):
157   - # return(render(request, "user_manager/user_detail.html", {'user': current_user, 'admin': 0}))
158   - return(render(request, "user_manager/profile.html", locals()))
159 149  
160 150 @login_required
161 151 def superoperator_return(request):
... ... @@ -211,9 +201,17 @@ def users(request):
211 201 for user in SP_Period_User.objects.filter(SP_Period=sp.SP_Period).exclude(user=current_user).values_list("user",flat=True):
212 202 pyros_users_with_roles.append(PyrosUser.objects.get(id=user))
213 203 nb_of_scientific_program = ScientificProgram.objects.count()
  204 + CAN_ADD_USER = request.session.get("role") in ("Admin,Unit-PI,Unit board")
214 205 # need the negative to calculate in the template for adjusting correctly the information display
215 206 negative_nb_scientific_program = -nb_of_scientific_program
216   - return render(request, 'user_manager/users_management.html', {'pyros_users_with_roles': pyros_users_with_roles,"inactive_pyros_users":inactive_pyros_users,"nb_of_scientific_program": nb_of_scientific_program,"negative_nb_scientific_program":negative_nb_scientific_program,"common_scientific_programs":common_scientific_programs})
  207 + return render(request, 'user_manager/users_management.html', {
  208 + 'pyros_users_with_roles': pyros_users_with_roles,
  209 + "inactive_pyros_users":inactive_pyros_users,
  210 + "nb_of_scientific_program": nb_of_scientific_program,
  211 + "negative_nb_scientific_program":negative_nb_scientific_program,
  212 + "common_scientific_programs":common_scientific_programs,
  213 + "CAN_ADD_USER": CAN_ADD_USER
  214 + })
217 215  
218 216 @login_required
219 217 @level_required("Admin","Unit-PI","Unit board")
... ... @@ -256,17 +254,31 @@ def change_activate(request, pk, current_user_id):
256 254 def user_detail_view(request,pk):
257 255 try:
258 256 is_last_user = PyrosUser.objects.count() == 1
259   - user_id=PyrosUser.objects.get(pk=pk)
  257 + user=PyrosUser.objects.get(pk=pk)
260 258 current_user = request.user
261 259 roles = current_user.get_list_of_roles()
262   - sp_periods = SP_Period_User.objects.filter(user=user_id)
  260 + sp_periods = SP_Period_User.objects.filter(user=user)
  261 + CAN_VIEW_VALIDATOR = request.user.id == pk or request.session.get("role") in ("Admin","Unit-PI","Unit-board")
  262 + CAN_DELETE_USER = not is_last_user and request.session.get("role") in ("Admin","Unit-PI","Unit-board") and not user.is_superuser
  263 + CAN_ACTIVATE_USER = not is_last_user and request.session.get("role") in ("Admin","Unit-PI","Unit-board") and not user.is_superuser
  264 + CAN_EDIT_USER = request.user.id == pk or request.session.get("role") in ("Admin","Unit-PI","Unit-board")
263 265 scientific_programs = []
264 266 for sp_period in sp_periods:
265 267  
266 268 scientific_programs.append(sp_period.SP_Period.scientific_program)
267 269 except PyrosUser.DoesNotExist:
268 270 raise Http404("User does not exist")
269   - return render(request, 'user_manager/user_detail.html', context={'user' : user_id, 'current_user' : current_user, 'USER_LEVEL': request.user.get_priority(), 'is_last_user' : is_last_user,"roles" : roles,"scientific_programs":scientific_programs})
  271 + return render(request, 'user_manager/user_detail.html', context={
  272 + 'user' : user,
  273 + 'current_user' : current_user,
  274 + 'is_last_user' : is_last_user,
  275 + "roles" : roles,
  276 + "scientific_programs":scientific_programs,
  277 + "CAN_VIEW_VALIDATOR": CAN_VIEW_VALIDATOR,
  278 + "CAN_DELETE_USER": CAN_DELETE_USER,
  279 + "CAN_ACTIVATE_USER": CAN_ACTIVATE_USER,
  280 + "CAN_EDIT_USER": CAN_EDIT_USER
  281 + })
270 282  
271 283 @login_required
272 284 @level_required()
... ... @@ -281,6 +293,7 @@ def user_detail_edit(request,pk):
281 293 edit = get_object_or_404(PyrosUser, pk=pk)
282 294 is_sp_pi = ScientificProgram.objects.filter(sp_pi=edit).count() > 0
283 295 form = UserForm(request.POST or None, instance=edit)
  296 + CAN_EDIT_ROLE = request.session.get("role") in ("Admin","Unit-PI","Unit-board")
284 297 # creating list of roles for the formular excluding visitor of the list
285 298 roles = UserLevel.objects.exclude(name="Visitor")
286 299 if form.is_valid():
... ... @@ -302,7 +315,14 @@ def user_detail_edit(request,pk):
302 315  
303 316 obj.save()
304 317 return redirect('user_detail', pk=pk)
305   - return render(request, 'user_manager/user_detail_edit.html', {'form': form,"roles":roles, "pk":pk,"user_edit":edit,'USER_LEVEL': request.user.get_priority(),"is_sp_pi":is_sp_pi})
  318 + return render(request, 'user_manager/user_detail_edit.html', {
  319 + 'form': form,
  320 + "roles":roles,
  321 + "pk":pk,
  322 + "user_edit":edit,
  323 + "is_sp_pi":is_sp_pi,
  324 + "CAN_EDIT_ROLE": CAN_EDIT_ROLE
  325 + })
306 326  
307 327  
308 328 def set_active_role(request):
... ...