mirror of
https://gitlab.com/allianceauth/allianceauth.git
synced 2025-07-10 13:00:16 +02:00
Prevent altering user states on admin site
This commit is contained in:
parent
64e7c6093e
commit
c6699686ad
@ -5,12 +5,9 @@ from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
|
|||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.utils.text import slugify
|
from django.utils.text import slugify
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.db.models.signals import post_save
|
|
||||||
from authentication.models import State, get_guest_state, CharacterOwnership, UserProfile
|
from authentication.models import State, get_guest_state, CharacterOwnership, UserProfile
|
||||||
from authentication.signals import reassess_on_profile_save
|
|
||||||
from alliance_auth.hooks import get_hooks
|
from alliance_auth.hooks import get_hooks
|
||||||
from services.hooks import ServicesHook
|
from services.hooks import ServicesHook
|
||||||
from services.tasks import validate_services
|
|
||||||
|
|
||||||
|
|
||||||
def make_service_hooks_update_groups_action(service):
|
def make_service_hooks_update_groups_action(service):
|
||||||
@ -107,8 +104,7 @@ class StateAdmin(admin.ModelAdmin):
|
|||||||
|
|
||||||
filter_horizontal = ['member_characters', 'member_corporations', 'member_alliances', 'permissions']
|
filter_horizontal = ['member_characters', 'member_corporations', 'member_alliances', 'permissions']
|
||||||
|
|
||||||
@staticmethod
|
def has_delete_permission(self, request, obj=None):
|
||||||
def has_delete_permission(request, obj=None):
|
|
||||||
if obj == get_guest_state():
|
if obj == get_guest_state():
|
||||||
return False
|
return False
|
||||||
|
|
||||||
@ -117,15 +113,29 @@ admin.site.register(CharacterOwnership)
|
|||||||
|
|
||||||
|
|
||||||
class UserProfileAdminForm(forms.ModelForm):
|
class UserProfileAdminForm(forms.ModelForm):
|
||||||
def save(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
# prevent state reassessment to allow manually overriding states
|
super(UserProfileAdminForm, self).__init__(*args, **kwargs)
|
||||||
post_save.disconnect(reassess_on_profile_save, sender=UserProfile)
|
self.fields['state'].widget.attrs['disabled'] = True
|
||||||
model = super(UserProfileAdminForm, self).save(*args, **kwargs)
|
instance = getattr(self, 'instance', None)
|
||||||
post_save.connect(reassess_on_profile_save, sender=UserProfile)
|
if instance and instance.pk:
|
||||||
validate_services(model.user)
|
self.fields['state'].queryset = State.objects.filter(pk=instance.state.pk)
|
||||||
return model
|
else:
|
||||||
|
self.fields['state'].queryset = State.objects.filter(pk=get_guest_state().pk)
|
||||||
|
|
||||||
|
def clean_state(self):
|
||||||
|
instance = getattr(self, 'instance', None)
|
||||||
|
if instance and instance.pk:
|
||||||
|
return UserProfile.objects.get(pk=instance.pk).state
|
||||||
|
else:
|
||||||
|
return get_guest_state()
|
||||||
|
|
||||||
|
|
||||||
@admin.register(UserProfile)
|
@admin.register(UserProfile)
|
||||||
class UserProfileAdmin(admin.ModelAdmin):
|
class UserProfileAdmin(admin.ModelAdmin):
|
||||||
form = UserProfileAdminForm
|
form = UserProfileAdminForm
|
||||||
|
|
||||||
|
def has_add_permission(self, request):
|
||||||
|
return False
|
||||||
|
|
||||||
|
def has_delete_permission(self, request, obj=None):
|
||||||
|
return False
|
||||||
|
@ -132,7 +132,7 @@ def create_profiles(apps, schema_editor):
|
|||||||
# carry states and mains forward
|
# carry states and mains forward
|
||||||
state = State.objects.get(name=auth.state if auth.state else 'Guest')
|
state = State.objects.get(name=auth.state if auth.state else 'Guest')
|
||||||
char = EveCharacter.objects.get(character_id=auth.main_char_id)
|
char = EveCharacter.objects.get(character_id=auth.main_char_id)
|
||||||
profile = UserProfile.objects.create(user=auth.user, state=state, main_character=char)
|
UserProfile.objects.create(user=auth.user, state=state, main_character=char)
|
||||||
for auth in AuthServicesInfo.objects.exclude(main_char_id__in=unique_mains).select_related('user'):
|
for auth in AuthServicesInfo.objects.exclude(main_char_id__in=unique_mains).select_related('user'):
|
||||||
# prepare empty profiles
|
# prepare empty profiles
|
||||||
state = State.objects.get(name='Guest')
|
state = State.objects.get(name='Guest')
|
||||||
|
@ -30,6 +30,7 @@ class State(models.Model):
|
|||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
ordering = ['-priority']
|
ordering = ['-priority']
|
||||||
|
default_permissions = ('change',)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.name
|
return self.name
|
||||||
|
Loading…
x
Reference in New Issue
Block a user