surcharge la vue BO des usagers pour journaliser les actions et la consultation (fixes #17571)

Sont journalisés: - les demandes de ré-initiliasation de mot de passe à la prochaine connexion - les suspensions/ré-activation de comptes - les demande de ré-initialisation de mot de passe par mail - les consultations de fiches, une fois par heure et par session de l'agent
2017-11-13 10:58:15 +01:00 · 2017-11-13 10:58:15 +01:00 · a4a44ad4b1
parent f6b927faf2
commit a4a44ad4b1
3 changed files with 64 additions and 4 deletions
--- a/src/authentic2_cut/apps.py
+++ b/src/authentic2_cut/apps.py
@ -59,7 +59,7 @@ class AppConfig(django.apps.AppConfig):

        user_datas = []

-        if view.__class__.__name__ == 'UserDetailView':
+        if view.__class__.__name__.endswith('UserDetailView'):
            user_datas.append(
                FranceConnectUserData(user, view.request),
            )
@ -199,7 +199,7 @@ class AppConfig(django.apps.AppConfig):
                    if field_name in ['generate_password']:
                        del form.fields[field_name]

-        if view.__class__.__name__ == 'UserDetailView':
+        if view.__class__.__name__.endswith('UserDetailView'):
            if form.instance.ou:
                if form.instance.ou.slug == 'usagers':
                    for field_name in ['username', 'is_superuser', 'validated',
@ -345,7 +345,7 @@ class AppConfig(django.apps.AppConfig):
            url_name = 'cut-manager-user-modifications-journal'
            popup = False

-        if view.__class__.__name__ == 'UserDetailView':
+        if view.__class__.__name__.endswith('UserDetailView'):
            other_actions.append(CUTValidate())
            other_actions.append(CUTJournalActions())
            other_actions.append(CUTJournalModifications())
--- a/src/authentic2_cut/urls.py
+++ b/src/authentic2_cut/urls.py
@ -25,6 +25,10 @@ urlpatterns = required(
        '',
        url('^accounts/edit-core/$', views.edit_core, name='cut-edit-core'),
        url('^accounts/edit-crown/$', views.edit_crown, name='cut-edit-crown'),
+        url(r'^manage/users/(?P<pk>\d+)/$', views.manager_user_detail,
+            name='a2-manager-user-detail'),
+        url(r'^manage/users/uuid:(?P<slug>[a-z0-9]+)/$', views.manager_user_detail,
+            name='a2-manager-user-by-uuid-detail'),
        url('^manage/users/(?P<pk>\d+)/edit-core/$', views.manager_user_edit_core,
            name='cut-manager-user-edit-core'),
        url('^manage/users/(?P<pk>\d+)/actions-journal/$', views.user_actions_journal,
--- a/src/authentic2_cut/views.py
+++ b/src/authentic2_cut/views.py
@ -23,7 +23,7 @@ from django.views.generic.base import TemplateView

 from authentic2.views import EditProfile
 from authentic2.manager.views import SimpleSubTableView
-from authentic2.manager.user_views import UserEditView
+from authentic2.manager.user_views import UserEditView, UserDetailView

 from .custom_settings import CORE_ATTRIBUTES
 from . import tables, models
@ -110,6 +110,62 @@ class UserEditCoreView(UserEditView):
 manager_user_edit_core = UserEditCoreView.as_view()


+class ManagerUserDetailView(UserDetailView):
+    def action_force_password_change(self, request, *args, **kwargs):
+        models.Journal.objects.create(
+            actor=self.request.user,
+            subject=self.object,
+            message=u'obligation de changement de mot de passe à la prochaine connexion')
+        return super(ManagerUserDetailView, self).action_force_password_change(
+            request, *args, **kwargs)
+
+    def action_activate(self, request, *args, **kwargs):
+        models.Journal.objects.create(
+            actor=self.request.user,
+            subject=self.object,
+            message=u'ré-activation du compte')
+        return super(ManagerUserDetailView, self).action_activate(request, *args, **kwargs)
+
+    def action_deactivate(self, request, *args, **kwargs):
+        models.Journal.objects.create(
+            actor=self.request.user,
+            subject=self.object,
+            message=u'suspension du compte')
+        return super(ManagerUserDetailView, self).action_deactivate(request, *args, **kwargs)
+
+    def action_password_reset(self, request, *args, **kwargs):
+        models.Journal.objects.create(
+            actor=self.request.user,
+            subject=self.object,
+            message=u'demande de réinitialisation du mot de passe')
+        return super(ManagerUserDetailView, self).action_password_reset(request, *args, **kwargs)
+
+    def action_delete_password_change(self, request, *args, **kwargs):
+        models.Journal.objects.create(
+            actor=self.request.user,
+            subject=self.object,
+            message=u'supprime l\'obligation de changement de mot de passe à la prochaine '
+                    u'connexion')
+        return super(ManagerUserDetailView, self).action_delete_password_change(
+            request, *args, **kwargs)
+
+    def get(self, request, *args, **kwargs):
+        response = super(ManagerUserDetailView, self).get(request, *args, **kwargs)
+        # journalise les accès aux fiches une fois par heure et par session
+        t = now()
+        key = 'user-looked-%s-%s-%s' % (self.object, t.date(), t.time().hour)
+        if key not in request.session:
+            request.session[key] = True
+            models.Journal.objects.create(
+                actor=self.request.user,
+                subject=self.object,
+                message=u'fiche consultée')
+        return response
+
+
+manager_user_detail = ManagerUserDetailView.as_view()
+
+
 class UserActionsJournal(SimpleSubTableView):
    model = get_user_model()
    table_class = tables.UserActionsTable