From 1a96c83d807792162533108d7e93084c9e8dd6fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20S=C3=A9bille?= Date: Tue, 1 Oct 2024 14:38:22 +0200 Subject: [PATCH] Revert "www.stats: Open "tb 440" to all SIAE" This reverts commit b97cf203bd5cae509ca02257d8127577661a0a08. --- config/settings/base.py | 1 + itou/templates/dashboard/includes/stats.html | 4 +++- itou/www/dashboard/views.py | 1 + itou/www/stats/utils.py | 7 +++++++ itou/www/stats/views.py | 2 ++ tests/www/stats/test_views.py | 1 + 6 files changed, 15 insertions(+), 1 deletion(-) diff --git a/config/settings/base.py b/config/settings/base.py index 566dc3569e..2718e98b8f 100644 --- a/config/settings/base.py +++ b/config/settings/base.py @@ -436,6 +436,7 @@ # Specific experimental stats are progressively being deployed to more and more users and/or companies. # Kept as a setting to not let User pks or Company asp_ids in clear in the code. STATS_SIAE_USER_PK_WHITELIST = json.loads(os.getenv("STATS_SIAE_USER_PK_WHITELIST", "[]")) +STATS_SIAE_PK_WHITELIST = json.loads(os.getenv("STATS_SIAE_PK_WHITELIST", "[]")) STATS_ACI_DEPARTMENT_WHITELIST = ["31", "84"] # Slack notifications sent by Metabase cronjobs. diff --git a/itou/templates/dashboard/includes/stats.html b/itou/templates/dashboard/includes/stats.html index bfb499ca21..2b3dfbae12 100644 --- a/itou/templates/dashboard/includes/stats.html +++ b/itou/templates/dashboard/includes/stats.html @@ -32,7 +32,7 @@ {% endif %} - {% if can_view_stats_siae %} + {% if can_view_stats_siae_orga_etp %}
  • @@ -40,6 +40,8 @@ {% include "dashboard/includes/stats_new_badge.html" %}
    • + {% endif %} + {% if can_view_stats_siae %}
  • diff --git a/itou/www/dashboard/views.py b/itou/www/dashboard/views.py index d64464b54a..231e5576b4 100644 --- a/itou/www/dashboard/views.py +++ b/itou/www/dashboard/views.py @@ -193,6 +193,7 @@ def dashboard_stats(request, template_name="dashboard/dashboard_stats.html"): "can_view_stats_siae": stats_utils.can_view_stats_siae(request), "can_view_stats_siae_aci": stats_utils.can_view_stats_siae_aci(request), "can_view_stats_siae_etp": stats_utils.can_view_stats_siae_etp(request), + "can_view_stats_siae_orga_etp": stats_utils.can_view_stats_siae_orga_etp(request), "can_view_stats_cd": stats_utils.can_view_stats_cd(request), "can_view_stats_cd_aci": stats_utils.can_view_stats_cd_aci(request), "can_view_stats_ft": stats_utils.can_view_stats_ft(request), diff --git a/itou/www/stats/utils.py b/itou/www/stats/utils.py index e892167183..2667b8d572 100644 --- a/itou/www/stats/utils.py +++ b/itou/www/stats/utils.py @@ -61,6 +61,13 @@ def can_view_stats_siae_etp(request): ) +def can_view_stats_siae_orga_etp(request): + """ + Non official stats with very specific access rights. + """ + return can_view_stats_siae(request) and request.current_organization.pk in settings.STATS_SIAE_PK_WHITELIST + + def can_view_stats_cd(request): """ Users of a real CD can view the confidential CD stats for their department only. diff --git a/itou/www/stats/views.py b/itou/www/stats/views.py index ddafb681a6..92674c7aff 100644 --- a/itou/www/stats/views.py +++ b/itou/www/stats/views.py @@ -256,6 +256,8 @@ def stats_siae_orga_etp(request): These stats are about ETP data from the ASP. """ current_org = get_stats_siae_current_org(request) + if not utils.can_view_stats_siae_orga_etp(request): + raise PermissionDenied context = { "page_title": "Suivi des effectifs annuels et mensuels en ETP", "department": current_org.department, diff --git a/tests/www/stats/test_views.py b/tests/www/stats/test_views.py index f1115fa7f3..881725ed2b 100644 --- a/tests/www/stats/test_views.py +++ b/tests/www/stats/test_views.py @@ -128,6 +128,7 @@ def test_stats_siae_log_visit(client, settings, view_name): user = company.members.get() settings.STATS_SIAE_USER_PK_WHITELIST = [user.pk] + settings.STATS_SIAE_PK_WHITELIST = [company.pk] settings.STATS_ACI_DEPARTMENT_WHITELIST = [company.department] client.force_login(user)