Limite autorisation de commentaire aux pers. autorisées

2019-02-07 09:24:55 +01:00 · 2019-02-07 09:24:55 +01:00 · f11d20c2f9
commit f11d20c2f9
parent 6dfc3c6e42
6 changed files with 66 additions and 4 deletions
--- a/stages/migrations/0001_squashed_0024_course_public_length2.py
+++ b/stages/migrations/0001_squashed_0024_course_public_length2.py
@ -122,9 +122,9 @@ class Migration(migrations.Migration):
                ('level', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to='stages.Level', verbose_name='Niveau')),
            ],
            options={
-                'verbose_name': 'Période de pratique professionnnelle',
-                'verbose_name_plural': 'Périodes de pratique professionnnelle',
                'ordering': ('-start_date',),
+                'verbose_name': 'Période de pratique professionnelle',
+                'verbose_name_plural': 'Périodes de pratique professionnelle',
            },
        ),
        migrations.CreateModel(
--- a/stages/migrations/0020_teacher_to_user_link.py
+++ b/stages/migrations/0020_teacher_to_user_link.py
@ -0,0 +1,18 @@
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('stages', '0019_teacher_ecg_eps'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='teacher',
+            name='user',
+            field=models.OneToOneField(blank=True, null=True, on_delete=models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL, verbose_name='Compte utilisateur'),
+        ),
+    ]
--- a/stages/models.py
+++ b/stages/models.py
@ -1,5 +1,6 @@
 import json
 from collections import OrderedDict
+from contextlib import suppress
 from datetime import date, timedelta

 from django.conf import settings
@ -104,6 +105,10 @@ class Teacher(models.Model):
    previous_report = models.IntegerField(default=0, verbose_name='Report précédent')
    next_report = models.IntegerField(default=0, verbose_name='Report suivant')
    archived = models.BooleanField(default=False)
+    user = models.OneToOneField(
+        settings.AUTH_USER_MODEL, on_delete=models.SET_NULL, null=True, blank=True,
+        verbose_name='Compte utilisateur'
+    )

    class Meta:
        verbose_name='Enseignant'
@ -362,6 +367,12 @@ class Student(models.Model):
        age_m = int((age - age_y) * 12)
        return '%d ans%s' % (age_y, ' %d m.' % age_m if age_m > 0 else '')

+    def can_comment(self, user):
+        """Return True if user is authorized to edit comments for this student."""
+        with suppress(Teacher.DoesNotExist):
+            return user.has_perm('stages.change_student') or user.teacher == self.klass.teacher
+        return False
+
    def missing_examination_data(self):
        missing = []
        if not self.date_exam:
--- a/stages/tests.py
+++ b/stages/tests.py
@ -17,7 +17,7 @@ from .models import (
 from .utils import school_year


-class StagesTest(TestCase):
+class StagesTests(TestCase):
    @classmethod
    def setUpTestData(cls):
        Section.objects.bulk_create([
@ -132,7 +132,31 @@ class StagesTest(TestCase):
        )
        self.assertNotContains(response, "Factures de supervision")

+    def test_comment_on_student(self):
+        teacher_user = User.objects.create_user('teach', 'teach@example.org', 'passd')
+        teacher = Teacher.objects.get(abrev='JCA')
+        teacher.user = teacher_user
+        teacher.save()
+        student = Student.objects.get(last_name='Dupond')
+        self.client.force_login(teacher_user)
+        response = self.client.get(
+            reverse("student-comment", args=(student.pk,))
+        )
+        # Cannot access form if not master teacher of that class.
+        self.assertNotContains(response, '<form')
+        student.klass.teacher = teacher
+        student.klass.save()
+        response = self.client.get(
+            reverse("student-comment", args=(student.pk,))
+        )
+        self.assertContains(
+            response,
+            '<textarea name="mc_comment" cols="40" rows="10" id="id_mc_comment" hidden="true">\n</textarea>',
+            html=True
+        )
+
    def test_attribution_view(self):
+        self.client.force_login(self.admin)
        response = self.client.get(reverse('attribution'))
        # Section select
        self.assertContains(response,
@ -289,7 +313,7 @@ tél. 032 886 33 00
        self.assertTrue(klass5.is_Ede_ps())


-class PeriodTest(TestCase):
+class PeriodTests(TestCase):
    def setUp(self):
        self.section = Section.objects.create(name="MP_ASE")
        self.level1 = Level.objects.create(name='1')
--- a/stages/views/init.py
+++ b/stages/views/init.py
@ -154,6 +154,13 @@ class StudentCommentView(UpdateView):
    model = Student
    form_class = StudentCommentForm

+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        # Only authorized teachers can comment on the student.
+        if not self.object.can_comment(self.request.user):
+            del context['form']
+        return context
+
    def get_success_url(self):
        messages.success(
            self.request, "L'enregistrement des commentaires pour %s a réussi." % self.object