manager: adapt responses to restricted access on home (#57163)
This commit is contained in:
parent
d3554167b9
commit
494a2b3798
|
@ -13,7 +13,9 @@
|
|||
<a href="{% url 'chrono-manager-absence-reason-list' %}">{% trans 'Absence reasons' %}</a>
|
||||
<a href="{% url 'chrono-manager-category-list' %}">{% trans 'Categories' %}</a>
|
||||
{% endif %}
|
||||
{% if has_access_to_unavailability_calendars %}
|
||||
<a href="{% url 'chrono-manager-unavailability-calendar-list' %}">{% trans 'Unavailability calendars' %}</a>
|
||||
{% endif %}
|
||||
{% if user.is_staff %}
|
||||
<a href="{% url 'chrono-manager-resource-list' %}">{% trans 'Resources' %}</a>
|
||||
<a rel="popup" href="{% url 'chrono-manager-agenda-add' %}">{% trans 'New' %}</a>
|
||||
|
@ -36,19 +38,12 @@
|
|||
</div>
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% if user.is_staff %}
|
||||
<div class="big-msg-info">
|
||||
{% blocktrans %}
|
||||
This site doesn't have any agenda yet. Click on the "New" button in the top
|
||||
right of the page to add a first one.
|
||||
{% endblocktrans %}
|
||||
</div>
|
||||
{% else %}
|
||||
<div class="big-msg-sorry">
|
||||
<p>{% trans 'This screen display agendas you can access.' %}</p>
|
||||
<p>{% trans 'Unfortunately, there is still no agenda configurated this way.' %}</p>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% endblock %}
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
{% extends "chrono/manager_base.html" %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block appbar %}
|
||||
<h2>{% trans 'Agendas' %}</h2>
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="big-msg-sorry">
|
||||
<p>{% trans 'This screen displays agendas you can access.' %}</p>
|
||||
<p>{% trans 'Unfortunately, there is still no agenda configured this way.' %}</p>
|
||||
</div>
|
||||
{% endblock %}
|
|
@ -125,14 +125,34 @@ class HomepageView(ListView):
|
|||
queryset = queryset.filter(Q(view_role_id__in=group_ids) | Q(edit_role_id__in=group_ids))
|
||||
return queryset.order_by('category__label', 'label')
|
||||
|
||||
def has_access_to_unavailability_calendars(self):
|
||||
if self.request.user.is_staff:
|
||||
return True
|
||||
group_ids = [x.id for x in self.request.user.groups.all()]
|
||||
queryset = UnavailabilityCalendar.objects.filter(
|
||||
Q(view_role_id__in=group_ids) | Q(edit_role_id__in=group_ids)
|
||||
)
|
||||
return queryset.exists()
|
||||
|
||||
def has_access(self):
|
||||
return self.request.user.is_staff or self.get_queryset().exists()
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context['has_access_to_unavailability_calendars'] = self.has_access_to_unavailability_calendars()
|
||||
return context
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
self.object_list = self.get_queryset()
|
||||
context = self.get_context_data()
|
||||
if self.request.user.is_staff or self.object_list.count():
|
||||
status = 200
|
||||
else:
|
||||
status = 403
|
||||
return self.render_to_response(context, status=status)
|
||||
if not self.has_access():
|
||||
if self.has_access_to_unavailability_calendars():
|
||||
return HttpResponseRedirect(reverse('chrono-manager-unavailability-calendar-list'))
|
||||
self.template_name = 'chrono/manager_no_access.html'
|
||||
return super().get(request, *args, **kwargs)
|
||||
|
||||
def render_to_response(self, context, **response_kwargs):
|
||||
if self.template_name == 'chrono/manager_no_access.html':
|
||||
response_kwargs['status'] = 403
|
||||
return super().render_to_response(context, **response_kwargs)
|
||||
|
||||
|
||||
homepage = HomepageView.as_view()
|
||||
|
@ -3190,7 +3210,9 @@ unavailability_calendar_add_unavailability = UnavailabilityCalendarAddUnavailabi
|
|||
def menu_json(request):
|
||||
if not request.user.is_staff:
|
||||
homepage_view = HomepageView(request=request)
|
||||
if not homepage_view.get_queryset().exists():
|
||||
if not (
|
||||
homepage_view.get_queryset().exists() or homepage_view.has_access_to_unavailability_calendars()
|
||||
):
|
||||
return HttpResponseForbidden()
|
||||
label = _('Agendas')
|
||||
json_str = json.dumps(
|
||||
|
|
|
@ -353,13 +353,20 @@ def test_unavailability_calendar_homepage_permission(app, manager_user):
|
|||
unavailability_calendar.view_role = group
|
||||
unavailability_calendar.edit_role = None
|
||||
unavailability_calendar.save()
|
||||
resp = app.get('/manage/', status=403)
|
||||
resp = resp.click('Unavailability calendars')
|
||||
resp = app.get('/manage/', status=302)
|
||||
resp = resp.follow()
|
||||
assert 'Calendar 1' in resp.text
|
||||
|
||||
agenda = Agenda.objects.create(label='Agenda', kind='meetings')
|
||||
agenda.view_role = group
|
||||
agenda.save()
|
||||
resp = app.get('/manage/')
|
||||
assert 'Unavailability calendars' in resp.text
|
||||
|
||||
unavailability_calendar.view_role = None
|
||||
unavailability_calendar.edit_role = group
|
||||
unavailability_calendar.save()
|
||||
resp = app.get('/manage/', status=403)
|
||||
resp = resp.click('Unavailability calendars')
|
||||
resp = app.get('/manage/')
|
||||
assert 'Unavailability calendars' not in resp.text
|
||||
|
||||
|
||||
def test_unavailability_calendar_list_permissions(app, manager_user):
|
||||
|
|
Loading…
Reference in New Issue