Staff user admin permissions (#1057)

admin/admin.py

@@ -1,6 +1,8 @@
 from functools import update_wrapper
+from typing import Any
 
 from django.contrib import admin
+from django.http.request import HttpRequest
 from django.shortcuts import render
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect
@@ -31,3 +33,39 @@ def inner(request, *args, **kwargs):
         if not getattr(view, "csrf_exempt", False):
             inner = csrf_protect(inner)
         return update_wrapper(inner, view)
+
+
+class ApilosModelAdmin(admin.ModelAdmin):
+    staff_user_can_view: bool = True
+    staff_user_can_change: bool = True
+    staff_user_can_add: bool = True
+    staff_user_can_delete: bool = False
+
+    def has_module_permission(self, request: HttpRequest) -> bool:
+        if request.user.is_staff:
+            return True
+        return super().has_module_permission(request)
+
+    def has_view_permission(self, request: HttpRequest, obj: Any | None = None) -> bool:
+        if request.user.is_staff and self.staff_user_can_view:
+            return True
+        return super().has_view_permission(request, obj)
+
+    def has_change_permission(
+        self, request: HttpRequest, obj: Any | None = None
+    ) -> bool:
+        if request.user.is_staff and self.staff_user_can_change:
+            return True
+        return super().has_change_permission(request, obj)
+
+    def has_add_permission(self, request: HttpRequest) -> bool:
+        if request.user.is_staff and self.staff_user_can_add:
+            return True
+        return super().has_add_permission(request)
+
+    def has_delete_permission(
+        self, request: HttpRequest, obj: Any | None = None
+    ) -> bool:
+        if request.user.is_staff and self.staff_user_can_delete:
+            return True
+        return super().has_delete_permission(request, obj)

bailleurs/admin.py

@@ -1,12 +1,10 @@
 from django.contrib import admin
 
-# Register your models here.
+from admin.admin import ApilosModelAdmin
 from .models import Bailleur
 
 
-class BailleurAdmin(admin.ModelAdmin):
+@admin.register(Bailleur)
+class BailleurAdmin(ApilosModelAdmin):
     search_fields = ["nom"]
     list_display = ["nom", "nature_bailleur", "sous_nature_bailleur", "ville"]
-
-
-admin.site.register(Bailleur, BailleurAdmin)

comments/admin.py

@@ -1,10 +1,11 @@
 from django.contrib import admin
+from admin.admin import ApilosModelAdmin
 
 from .models import Comment
 
 
 @admin.register(Comment)
-class CommentAdmin(admin.ModelAdmin):
+class CommentAdmin(ApilosModelAdmin):
     readonly_fields = (
         "convention",
         "nom_objet",

conventions/admin.py

@@ -1,4 +1,5 @@
 from django.contrib import admin
+from admin.admin import ApilosModelAdmin
 
 from .models import Convention, Pret, AvenantType
 
@@ -13,7 +14,7 @@ def view_programme(convention):
 
 
 @admin.register(Convention)
-class ConventionAdmin(admin.ModelAdmin):
+class ConventionAdmin(ApilosModelAdmin):
     list_display = (view_programme, "administration", "bailleur", "financement", "uuid")
     search_fields = [
         "programme__ville",
@@ -69,7 +70,7 @@ class ConventionAdmin(admin.ModelAdmin):
 
 
 @admin.register(Pret)
-class PretAdmin(admin.ModelAdmin):
+class PretAdmin(ApilosModelAdmin):
     list_display = (
         "id",
         "convention",
@@ -81,4 +82,7 @@ class PretAdmin(admin.ModelAdmin):
     readonly_fields = ("convention",)
 
 
-admin.site.register(AvenantType)
+@admin.register(AvenantType)
+class AvenantTypeAdmin(ApilosModelAdmin):
+    staff_user_can_change = False
+    staff_user_can_add = False

instructeurs/admin.py

@@ -1,13 +1,10 @@
 from django.contrib import admin
+from admin.admin import ApilosModelAdmin
 
-from .models import (
-    Administration,
-)
+from .models import Administration
 
 
-class AdministrationAdmin(admin.ModelAdmin):
+@admin.register(Administration)
+class AdministrationAdmin(ApilosModelAdmin):
     search_fields = ["nom", "code"]
     list_display = ["nom", "code", "ville_signature"]
-
-
-admin.site.register(Administration, AdministrationAdmin)

programmes/admin.py

@@ -1,4 +1,5 @@
 from django.contrib import admin
+from admin.admin import ApilosModelAdmin
 
 from bailleurs.models import Bailleur
 from instructeurs.models import Administration
@@ -15,7 +16,7 @@
 
 
 @admin.register(Programme)
-class ProgrammeAdmin(admin.ModelAdmin):
+class ProgrammeAdmin(ApilosModelAdmin):
     list_display = ("nom", "uuid")
     fields = (
         "uuid",
@@ -50,7 +51,7 @@ def view_programme(lot):
 
 
 @admin.register(Lot)
-class LotAdmin(admin.ModelAdmin):
+class LotAdmin(ApilosModelAdmin):
     list_display = (view_programme, "financement", "uuid")
 
     fields = (
@@ -70,12 +71,12 @@ class LotAdmin(admin.ModelAdmin):
 
 
 @admin.register(Annexe)
-class AnnexeAdmin(admin.ModelAdmin):
+class AnnexeAdmin(ApilosModelAdmin):
     list_select_related = ("logement",)
 
 
 @admin.register(Logement)
-class LogementAdmin(admin.ModelAdmin):
+class LogementAdmin(ApilosModelAdmin):
     readonly_fields = ("lot",)
     list_display = (
         "id",
@@ -86,7 +87,7 @@ class LogementAdmin(admin.ModelAdmin):
 
 
 @admin.register(ReferenceCadastrale)
-class ReferenceCadastraleAdmin(admin.ModelAdmin):
+class ReferenceCadastraleAdmin(ApilosModelAdmin):
     readonly_fields = ("programme",)
 
 
@@ -96,4 +97,6 @@ class TypeStationnementAdmin(admin.ModelAdmin):
     readonly_fields = ("lot",)
 
 
-admin.site.register(IndiceEvolutionLoyer)
+@admin.register(IndiceEvolutionLoyer)
+class IndiceEvolutionLoyerAdmin(ApilosModelAdmin):
+    pass

upload/admin.py

@@ -1,6 +1,10 @@
 from django.contrib import admin
 
-# Register your models here.
+from admin.admin import ApilosModelAdmin
 from .models import UploadedFile
 
-admin.site.register(UploadedFile)
+
+@admin.register(UploadedFile)
+class UploadedFileAdmin(ApilosModelAdmin):
+    staff_user_can_change = False
+    staff_user_can_add = False

users/admin.py

@@ -1,12 +1,14 @@
 from django.contrib import admin
-from django.contrib.auth.admin import UserAdmin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
 
+from admin.admin import ApilosModelAdmin
 from bailleurs.models import Bailleur
 from instructeurs.models import Administration
 from .models import User, Role
 
 
-class CustomAdministrationAdmin(admin.ModelAdmin):
+@admin.register(Role)
+class CustomAdministrationAdmin(ApilosModelAdmin):
     def formfield_for_foreignkey(self, db_field, request, **kwargs):
         if db_field.name == "administration":
             kwargs["queryset"] = Administration.objects.order_by("nom")
@@ -17,5 +19,6 @@ def formfield_for_foreignkey(self, db_field, request, **kwargs):
         return super().formfield_for_foreignkey(db_field, request, **kwargs)
 
 
-admin.site.register(User, UserAdmin)
-admin.site.register(Role, CustomAdministrationAdmin)
+@admin.register(User)
+class UserAdmin(BaseUserAdmin, ApilosModelAdmin):
+    pass

users/models.py

@@ -127,10 +127,12 @@ def has_object_permission(self, obj):
 
     def has_perm(self, perm, obj=None):
         if self.is_staff or self.is_superuser:
-            return True
+            return super().has_perm(perm, obj)
+
         # check object permission
         if obj is not None and not self.has_object_permission(obj):
             return False
+
         # check permission itself
         permissions = []
         for role in self.roles.all():