Better right handling in files

830c15a5 · Skia · 1775569e · 830c15a5 · 830c15a5 · 830c15a5
Commit 830c15a5 authored Aug 10, 2016 by Skia
--- a/core/models.py
+++ b/core/models.py
@@ -137,17 +137,22 @@ class User(AbstractBaseUser):
                    return False
            else:
                return False
-        if group_name[-6:] == settings.SITH_BOARD_SUFFIX:
-            if 'club' in settings.INSTALLED_APPS:
-                from club.models import Club
-                name = group_name[:-6]
-                c = Club.objects.filter(unix_name=name).first()
-                mem = c.get_membership_for(self)
-                if mem:
-                    return mem.role >= 2
-                return False
-            else:
-                return False
+        if group_name[-len(settings.SITH_BOARD_SUFFIX):] == settings.SITH_BOARD_SUFFIX:
+            from club.models import Club
+            name = group_name[:-len(settings.SITH_BOARD_SUFFIX)]
+            c = Club.objects.filter(unix_name=name).first()
+            mem = c.get_membership_for(self)
+            if mem:
+                return mem.role > settings.SITH_MAXIMUM_FREE_ROLE
+            return False
+        if group_name[-len(settings.SITH_MEMBER_SUFFIX):] == settings.SITH_MEMBER_SUFFIX:
+            from club.models import Club
+            name = group_name[:-len(settings.SITH_MEMBER_SUFFIX)]
+            c = Club.objects.filter(unix_name=name).first()
+            mem = c.get_membership_for(self)
+            if mem:
+                return True
+            return False
        if group_name == settings.SITH_GROUPS['root']['name'] and self.is_superuser:
            return True
        return self.groups.filter(name=group_name).exists()

--- a/core/templates/core/base.jinja
+++ b/core/templates/core/base.jinja
@@ -13,6 +13,7 @@

    <body>
        {% block header %}
+        {% if not popup %}
        <div id="logo"><a href="{{ url('core:index') }}"><img src="{{ static('core/img/logo.png') }}"
                                                              alt="{% trans %}Logo{% endtrans %}" /></a></div>
        <header>
@@ -25,8 +26,12 @@
            <a href="{{ url('core:logout') }}">{% trans %}Logout{% endtrans %}</a>
            {% endif %}
        </header>
+        {% else %}
+        <div id="popupheader">{{ user.get_display_name() }}</div>
+        {% endif %}
        {% endblock %}
        {% block nav %}
+        {% if not popup %}
        <nav>
            <a href="{{ url('core:user_list') }}">{% trans %}Users{% endtrans %}</a>
            <a href="{{ url('core:page', page_name="Index") }}">{% trans %}Wiki{% endtrans %}</a>
@@ -34,6 +39,7 @@
            <a href="{{ url('club:club_list') }}">{% trans %}Clubs{% endtrans %}</a>
            <a href="{{ url('core:page', "Services") }}">{% trans %}Services{% endtrans %}</a>
        </nav>
+        {% endif %}
        {% endblock %}

        <div id="content">
@@ -59,8 +65,7 @@
        <script src="{{ static('core/js/multiple-select.js') }}"></script>
        <script src="{{ static('core/js/script.js') }}"></script>
        <script>
-    $('select').multipleSelect({
-        filter: true,
+    $('select:not([multiple])').multipleSelect({
        single: true,
        {% if not popup %}
        position: 'top',

--- a/core/templates/core/file.jinja
+++ b/core/templates/core/file.jinja
@@ -21,20 +21,6 @@
 {% endif %}
 {% endmacro %}

-{% block header %}
-{% if popup != "" %}
-<div id="popupheader">{{ user.get_display_name() }}</div>
-{% else %}
-{{ super() }}
-{% endif %}
-{% endblock %}
-{% block nav %}
-{% if popup != "" %}
-{% else %}
-{{ super() }}
-{% endif %}
-{% endblock %}
-
 {% block content %}
 {{ print_file_name(file) }}


--- a/core/templates/core/file_detail.jinja
+++ b/core/templates/core/file_detail.jinja
@@ -12,11 +12,13 @@
 </h3>
 <p>{% trans %}Owner: {% endtrans %}{{ file.owner.get_display_name() }}</p>
 {% if file.is_folder %}
+{% if user.can_edit(file) %}
 <form action="" method="post" enctype="multipart/form-data">
    {% csrf_token %}
    {{ form.as_p() }}
    <p><input type="submit" value="{% trans %}Add{% endtrans %}"></p>
 </form>
+{% endif %}
 <ul>
    {% for f in file.children.order_by('-is_folder', 'name').all() %}
    <li>

--- a/core/templates/core/file_list.jinja
+++ b/core/templates/core/file_list.jinja
@@ -2,11 +2,13 @@

 {% block content %}
 {{ super() }}
+{% if user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) %}
 <form action="" method="post" enctype="multipart/form-data">
    {% csrf_token %}
    {{ form.as_p() }}
    <p><input type="submit" value="{% trans %}Add{% endtrans %}"></p>
 </form>
+{% endif %}
 {% if file_list %}
 <h3>{% trans %}File list{% endtrans %}</h3>
 <ul>

--- a/core/views/__init__.py
+++ b/core/views/__init__.py
@@ -9,7 +9,7 @@ from core.models import Group

 def forbidden(request):
    return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':
-        AuthenticationForm()}))
+        AuthenticationForm(), 'popup': request.resolver_match.kwargs['popup'] or ""}))

 def not_found(request):
    return HttpResponseNotFound(render(request, "core/404.jinja"))

--- a/core/views/files.py
+++ b/core/views/files.py
@@ -62,7 +62,7 @@ class AddFileForm(forms.Form):
                self.add_error(None, _("Error uploading file %(file_name)s: %(msg)s") %
                        {'file_name': f, 'msg': str(e.message)})

-class FileListView(CanViewMixin, ListView, FormMixin):
+class FileListView(ListView, FormMixin):
    template_name = 'core/file_list.jinja'
    context_object_name = "file_list"
    form_class = AddFileForm
@@ -75,7 +75,7 @@ class FileListView(CanViewMixin, ListView, FormMixin):
        self.object_list = self.get_queryset()
        self.form = self.get_form()
        files = request.FILES.getlist('file_field')
-        if self.form.is_valid():
+        if request.user.is_authenticated() and request.user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) and self.form.is_valid():
            self.form.process(parent=None, owner=request.user, files=files)
            if self.form.is_valid():
                return super(FileListView, self).form_valid(self.form)
@@ -141,7 +141,7 @@ class FileEditPropView(CanEditPropMixin, UpdateView):
            kwargs['popup'] = 'popup'
        return kwargs

-class FileView(CanEditMixin, DetailView, FormMixin):
+class FileView(CanViewMixin, DetailView, FormMixin):
    """This class handle the upload of new files into a folder"""
    model = SithFile
    pk_url_kwarg = "file_id"
@@ -157,7 +157,7 @@ class FileView(CanEditMixin, DetailView, FormMixin):
        self.object = self.get_object()
        self.form = self.get_form()
        files = request.FILES.getlist('file_field')
-        if self.form.is_valid():
+        if request.user.is_authenticated() and request.user.can_edit(self.object) and self.form.is_valid():
            self.form.process(parent=self.object, owner=request.user, files=files)
            if self.form.is_valid():
                return super(FileView, self).form_valid(self.form)