def _check_perm_for_management(request, element, group_element_year):
actions_needing_perm_on_parent = [
"up",
"down",
]
if _get_data_from_request(request, 'action') in actions_needing_perm_on_parent:
# In this case, element can be EducationGroupYear OR LearningUnitYear because we check perm on its parent
perms.can_change_education_group(request.user, group_element_year.parent)
def _update_education_group_year(request, root_id, education_group_year,
groupelementyear_formset):
# Protect the view
can_change_education_group(request.user, education_group_year)
root = get_object_or_404(EducationGroupYear, pk=root_id)
view_function = _get_view(
education_group_year.education_group_type.category)
return view_function(request, education_group_year, root,
groupelementyear_formset)
def get_form_kwargs(self):
kwargs = super().get_form_kwargs()
try:
perms.can_change_education_group(self.request.user,
self.get_object().parent)
except PermissionDenied as e:
msg = "{}: {}".format(str(self.get_object().parent), str(e))
display_warning_messages(self.request, msg)
if not self.detach_strategy.is_valid():
display_error_messages(self.request, self.detach_strategy.errors)
return kwargs
def update_education_group(request, root_id, education_group_year_id):
education_group_year = get_object_or_404(EducationGroupYear,
pk=education_group_year_id)
# Store root in the instance to avoid to pass the root in methods
# it will be used in the templates.
education_group_year.root = root_id
if request.user.groups.filter(name=FACULTY_MANAGER_GROUP).exists() and\
education_group_year.academic_year.year < current_academic_year().year:
return update_certificate_aims(request, root_id, education_group_year)
# Proctect the view
can_change_education_group(request.user, education_group_year)
return update_education_group_year(request, root_id, education_group_year)
def get(self, request, *args, **kwargs):
error_messages = []
try:
perms.can_change_education_group(self.request.user,
self.education_group_year)
except PermissionDenied as e:
error_messages.append(str(e))
elements_to_attach = fetch_elements_selected(self.request.GET,
self.request.user)
if not elements_to_attach:
error_messages.append(_("Please select an item before adding it"))
error_messages.extend(
_check_attach(self.education_group_year, elements_to_attach))
return JsonResponse({"error_messages": error_messages})
def get_redirect_url(self, *args, **kwargs):
self.pattern_name = 'group_element_year_create'
try:
perms.can_change_education_group(self.request.user,
self.education_group_year)
except PermissionDenied as e:
display_warning_messages(self.request, str(e))
cached_data = ElementCache(self.request.user).cached_data
if cached_data:
action_from_cache = cached_data.get('action')
if action_from_cache == ElementCache.ElementCacheAction.CUT.value:
kwargs['group_element_year_id'] = fetch_source_link(
self.request.GET, self.request.user).id
self.pattern_name = 'group_element_year_move'
return super().get_redirect_url(*args, **kwargs)
def _check_perm_for_management(request, element, group_element_year):
actions_needing_perm_on_parent = [
"detach",
"up",
"down",
]
actions_needing_perm_on_education_group_year_itself = [
"attach",
]
if _get_data_from_request(request,
'action') in actions_needing_perm_on_parent:
# In this case, element can be EducationGroupYear OR LearningUnitYear because we check perm on its parent
perms.can_change_education_group(request.user,
group_element_year.parent)
elif _get_data_from_request(
request,
'action') in actions_needing_perm_on_education_group_year_itself:
# In this case, element MUST BE an EducationGroupYear (we cannot take action on a learning_unit_year)
if type(element) != EducationGroupYear:
raise ValidationError(
"It is forbidden to update the content of an object which is not an EducationGroupYear"
)
perms.can_change_education_group(request.user, element)