Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vérification du type d'utilisateur pouvant accéder aux vues #5453

Merged
merged 1 commit into from
Jan 24, 2025
Merged

Vérification du type d'utilisateur pouvant accéder aux vues #5453

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions itou/www/apply/views/process_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import sentry_sdk
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.core.exceptions import PermissionDenied
from django.db import transaction
from django.db.models import Count, Exists, F, OuterRef, Q
Expand Down Expand Up @@ -573,9 +573,12 @@ def accept(request, job_application_id, template_name="apply/process_accept.html
)


class AcceptHTMXFragmentView(TemplateView):
class AcceptHTMXFragmentView(UserPassesTestMixin, TemplateView):
NO_ERROR_FIELDS = []

def test_func(self):
return self.request.user.is_employer

def setup(self, request, company_pk=None, *args, **kwargs):
super().setup(request, *args, **kwargs)

Expand Down
5 changes: 5 additions & 0 deletions itou/www/apply/views/submit_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from itou.job_applications.models import JobApplication
from itou.users.enums import UserKind
from itou.users.models import User
from itou.utils.auth import check_user
from itou.utils.session import SessionNamespace
from itou.utils.urls import add_url_params
from itou.www.apply.forms import ApplicationJobsForm, SubmitJobApplicationForm
Expand Down Expand Up @@ -775,6 +776,7 @@ def get_context_data(self, **kwargs):
}


@check_user(lambda user: user.is_employer)
def eligibility_for_hire(
request,
company_pk,
Expand Down Expand Up @@ -811,6 +813,7 @@ def eligibility_for_hire(
)


@check_user(lambda user: user.is_employer)
def geiq_eligibility_for_hire(
request,
company_pk,
Expand Down Expand Up @@ -847,6 +850,7 @@ def geiq_eligibility_for_hire(
)


@check_user(lambda user: user.is_employer)
def geiq_eligibility_criteria_for_hire(request, company_pk, job_seeker_public_id):
company = get_object_or_404(
Company.objects.filter(pk__in={org.pk for org in request.organizations}, kind=CompanyKind.GEIQ), pk=company_pk
Expand All @@ -859,6 +863,7 @@ def geiq_eligibility_criteria_for_hire(request, company_pk, job_seeker_public_id
)


@check_user(lambda user: user.is_employer)
def hire_confirmation(
request,
company_pk,
Expand Down
2 changes: 2 additions & 0 deletions itou/www/approvals_views/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
from itou.files.models import File
from itou.job_applications.enums import JobApplicationState
from itou.utils import constants as global_constants
from itou.utils.auth import check_user
from itou.utils.pagination import ItouPaginator, pager
from itou.utils.perms.company import get_current_company_or_404
from itou.utils.perms.prescriber import get_current_org_or_404
Expand Down Expand Up @@ -487,6 +488,7 @@ def prolongation_requests_list(request, template_name="approvals/prolongation_re


@require_safe
@check_user(lambda user: user.is_prescriber)
def prolongation_request_report_file(request, prolongation_request_id):
prolongation_request = get_object_or_404(
ProlongationRequest,
Expand Down
15 changes: 15 additions & 0 deletions tests/www/apply/__snapshots__/test_submit.ambr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,7 @@
dict({
'origin': list([
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "companies_company"."id",
Expand Down Expand Up @@ -220,6 +221,7 @@
dict({
'origin': list([
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "users_user"."id",
Expand Down Expand Up @@ -307,6 +309,7 @@
'User.new_approval_blocked_by_waiting_period[users/models.py]',
'_check_job_seeker_approval[www/apply/views/submit_views.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "approvals_approval"."id",
Expand Down Expand Up @@ -342,6 +345,7 @@
'User.new_approval_blocked_by_waiting_period[users/models.py]',
'_check_job_seeker_approval[www/apply/views/submit_views.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "eligibility_eligibilitydiagnosis"."id",
Expand Down Expand Up @@ -479,6 +483,7 @@
'User.new_approval_blocked_by_waiting_period[users/models.py]',
'_check_job_seeker_approval[www/apply/views/submit_views.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "approvals_poleemploiapproval"."id",
Expand Down Expand Up @@ -518,6 +523,7 @@
'EligibilityDiagnosisQuerySet.first[<site-packages>/django/db/models/query.py]',
'EligibilityDiagnosisManagerFromEligibilityDiagnosisQuerySet.last_considered_valid[eligibility/models/iae.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "eligibility_eligibilitydiagnosis"."id",
Expand Down Expand Up @@ -651,6 +657,7 @@
'EligibilityDiagnosisQuerySet.first[<site-packages>/django/db/models/query.py]',
'EligibilityDiagnosisManagerFromEligibilityDiagnosisQuerySet.last_considered_valid[eligibility/models/iae.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "eligibility_selectedadministrativecriteria"."id",
Expand All @@ -672,6 +679,7 @@
'EligibilityDiagnosisManagerFromEligibilityDiagnosisQuerySet.last_considered_valid[eligibility/models/iae.py]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "eligibility_eligibilitydiagnosis"."id",
Expand Down Expand Up @@ -807,6 +815,7 @@
'JobSeekerPersonalDataForm.__init__[common_apps/nir/forms.py]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "asp_commune"."id",
Expand All @@ -828,6 +837,7 @@
'JobSeekerPersonalDataForm.__init__[common_apps/nir/forms.py]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "asp_country"."id",
Expand All @@ -845,6 +855,7 @@
'AcceptForm.__init__[www/apply/forms.py]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "companies_jobdescription"."id",
Expand Down Expand Up @@ -904,6 +915,7 @@
'ExtendsNode[apply/submit/hire_confirmation.html]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT %s AS "a"
Expand Down Expand Up @@ -934,6 +946,7 @@
'ExtendsNode[apply/submit/hire_confirmation.html]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "eligibility_selectedadministrativecriteria"."id",
Expand Down Expand Up @@ -964,6 +977,7 @@
'ExtendsNode[apply/submit/hire_confirmation.html]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "asp_commune"."id",
Expand Down Expand Up @@ -991,6 +1005,7 @@
'ExtendsNode[apply/submit/hire_confirmation.html]',
'_accept[www/apply/views/common.py]',
'hire_confirmation[www/apply/views/submit_views.py]',
'_check_user_view_wrapper[utils/auth.py]',
]),
'sql': '''
SELECT "asp_country"."id",
Expand Down
Loading