From 8b727624be85d5cc1a359f3bf012a5c3eb085e97 Mon Sep 17 00:00:00 2001 From: Xavier Fernandez Date: Tue, 10 Dec 2024 13:57:52 +0100 Subject: [PATCH] remove most LoginRequiredMixin uses & simplify setup() code Since LoginRequiredMiddleware now ensures that the user is authenticated --- itou/www/apply/views/process_views.py | 51 ++++++-------- itou/www/apply/views/submit_views.py | 89 +++++++++--------------- itou/www/approvals_views/views.py | 47 ++++++------- itou/www/dashboard/views.py | 5 +- itou/www/employee_record_views/views.py | 7 +- itou/www/employees_views/views.py | 10 ++- itou/www/job_seekers_views/views.py | 25 +++---- itou/www/logout/views.py | 3 +- itou/www/siae_evaluations_views/views.py | 6 +- itou/www/signup/views.py | 3 +- itou/www/users_views/views.py | 5 +- 11 files changed, 93 insertions(+), 158 deletions(-) diff --git a/itou/www/apply/views/process_views.py b/itou/www/apply/views/process_views.py index f0cf13aa7c..1aef7f4669 100644 --- a/itou/www/apply/views/process_views.py +++ b/itou/www/apply/views/process_views.py @@ -375,7 +375,7 @@ def _show_prescriber_answer_form(wizard): return wizard.job_application.sender_kind == job_applications_enums.SenderKind.PRESCRIBER -class JobApplicationRefuseView(LoginRequiredMixin, NamedUrlSessionWizardView): +class JobApplicationRefuseView(NamedUrlSessionWizardView): STEP_REASON = "reason" STEP_JOB_SEEKER_ANSWER = "job-seeker-answer" STEP_PRESCRIBER_ANSWER = "prescriber-answer" @@ -393,11 +393,10 @@ class JobApplicationRefuseView(LoginRequiredMixin, NamedUrlSessionWizardView): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if request.user.is_authenticated: - self.job_application = get_object_or_404( - JobApplication.objects.is_active_company_member(request.user).select_related("job_seeker"), - pk=kwargs["job_application_id"], - ) + self.job_application = get_object_or_404( + JobApplication.objects.is_active_company_member(request.user).select_related("job_seeker"), + pk=kwargs["job_application_id"], + ) def check_wizard_state(self, *args, **kwargs): # Redirect to job application details if the state is not refusable @@ -727,20 +726,19 @@ class ApplicationOverrideMixin: additionnal_related_models = [] def setup(self, request, *args, **kwargs): - if request.user.is_authenticated: - self.job_application = get_object_or_404( - JobApplication.objects.is_active_company_member(request.user).select_related( - "job_seeker", "to_company", *self.additionnal_related_models - ), - pk=kwargs["job_application_id"], - ) - kwargs["job_seeker_public_id"] = self.job_application.job_seeker.public_id + self.job_application = get_object_or_404( + JobApplication.objects.is_active_company_member(request.user).select_related( + "job_seeker", "to_company", *self.additionnal_related_models + ), + pk=kwargs["job_application_id"], + ) + kwargs["job_seeker_public_id"] = self.job_application.job_seeker.public_id return super().setup(request, *args, **kwargs) class JobApplicationExternalTransferStep2View(ApplicationOverrideMixin, ApplicationJobsView): def dispatch(self, request, *args, **kwargs): - if request.user.is_authenticated and self.company in request.organizations: + if self.company in request.organizations: # This is not an external transfer url = reverse( "apply:job_application_internal_transfer", @@ -785,7 +783,7 @@ class JobApplicationExternalTransferStep3View(ApplicationOverrideMixin, Applicat form_class = TransferJobApplicationForm def dispatch(self, request, *args, **kwargs): - if request.user.is_authenticated and not self.apply_session.exists(): + if not self.apply_session.exists(): return HttpResponseRedirect( reverse( "apply:job_application_external_transfer_step_2", @@ -841,11 +839,7 @@ def get_back_url(self): class JobApplicationExternalTransferStepEndView(ApplicationEndView): def setup(self, request, *args, **kwargs): - job_app_qs = JobApplication.objects.all() - if request.user.is_authenticated: - # Only check the user's ownership if he's authenticated - # because if he's not he will be redirected to login so we don't care - job_app_qs = JobApplication.objects.prescriptions_of(request.user, request.current_organization) + job_app_qs = JobApplication.objects.prescriptions_of(request.user, request.current_organization) job_application = get_object_or_404(job_app_qs, pk=kwargs["job_application_id"]) @@ -863,20 +857,17 @@ def get_context_data(self, **kwargs): } -class JobApplicationInternalTranferView(LoginRequiredMixin, TemplateView): +class JobApplicationInternalTranferView(TemplateView): template_name = "apply/process_internal_transfer.html" def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if request.user.is_authenticated: - self.job_application = get_object_or_404( - JobApplication.objects.is_active_company_member(request.user).select_related( - "job_seeker", "to_company" - ), - pk=kwargs["job_application_id"], - ) - self.company = get_object_or_404(Company.objects.with_has_active_members(), pk=kwargs["company_pk"]) + self.job_application = get_object_or_404( + JobApplication.objects.is_active_company_member(request.user).select_related("job_seeker", "to_company"), + pk=kwargs["job_application_id"], + ) + self.company = get_object_or_404(Company.objects.with_has_active_members(), pk=kwargs["company_pk"]) def get_context_data(self, **kwargs): return super().get_context_data(**kwargs) | { diff --git a/itou/www/apply/views/submit_views.py b/itou/www/apply/views/submit_views.py index ca6327be0b..c959e9d3bd 100644 --- a/itou/www/apply/views/submit_views.py +++ b/itou/www/apply/views/submit_views.py @@ -3,7 +3,6 @@ from dateutil.relativedelta import relativedelta from django.contrib.auth.decorators import login_required -from django.contrib.auth.mixins import LoginRequiredMixin from django.core.exceptions import PermissionDenied from django.core.files.storage import storages from django.forms import ValidationError @@ -81,7 +80,7 @@ def _get_job_seeker_to_apply_for(request): return job_seeker -class ApplyStepBaseView(LoginRequiredMixin, TemplateView): +class ApplyStepBaseView(TemplateView): def __init__(self): super().__init__() self.company = None @@ -100,36 +99,27 @@ def setup(self, request, *args, **kwargs): ) self.apply_session = SessionNamespace(request.session, f"job_application-{self.company.pk}") self.hire_process = kwargs.pop("hire_process", False) - self.prescription_process = ( - not self.hire_process - and request.user.is_authenticated - and ( - request.user.is_prescriber - or (request.user.is_employer and self.company != request.current_organization) - ) + self.prescription_process = not self.hire_process and ( + request.user.is_prescriber or (request.user.is_employer and self.company != request.current_organization) ) self.auto_prescription_process = ( - not self.hire_process - and request.user.is_authenticated - and request.user.is_employer - and self.company == request.current_organization + not self.hire_process and request.user.is_employer and self.company == request.current_organization ) super().setup(request, *args, **kwargs) def dispatch(self, request, *args, **kwargs): if not self.is_gps: - if request.user.is_authenticated: - if self.hire_process and request.user.kind != UserKind.EMPLOYER: - raise PermissionDenied("Seuls les employeurs sont autorisés à déclarer des embauches") - elif self.hire_process and not self.company.has_member(request.user): - raise PermissionDenied("Vous ne pouvez déclarer une embauche que dans votre structure.") - elif request.user.kind not in [ - UserKind.JOB_SEEKER, - UserKind.PRESCRIBER, - UserKind.EMPLOYER, - ]: - raise PermissionDenied("Vous n'êtes pas autorisé à déposer de candidature.") + if self.hire_process and request.user.kind != UserKind.EMPLOYER: + raise PermissionDenied("Seuls les employeurs sont autorisés à déclarer des embauches") + elif self.hire_process and not self.company.has_member(request.user): + raise PermissionDenied("Vous ne pouvez déclarer une embauche que dans votre structure.") + elif request.user.kind not in [ + UserKind.JOB_SEEKER, + UserKind.PRESCRIBER, + UserKind.EMPLOYER, + ]: + raise PermissionDenied("Vous n'êtes pas autorisé à déposer de candidature.") if not self.company.has_active_members: raise PermissionDenied( @@ -191,9 +181,6 @@ def __init__(self): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if not request.user.is_authenticated: - # Do nothing, LoginRequiredMixin will raise in dispatch() - return self.job_seeker = get_object_or_404( User.objects.filter(kind=UserKind.JOB_SEEKER), public_id=kwargs["job_seeker_public_id"] @@ -352,10 +339,7 @@ def __init__(self): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - - if request.user.is_authenticated: - # Otherwise LoginRequiredMixin will raise in dispatch() - self.previous_applications = self.get_previous_applications_queryset() + self.previous_applications = self.get_previous_applications_queryset() def get_next_url(self): if self.hire_process: @@ -452,7 +436,7 @@ def get_context_data(self, **kwargs): class RequireApplySessionMixin: def dispatch(self, request, *args, **kwargs): - if request.user.is_authenticated and not self.apply_session.exists(): + if not self.apply_session.exists(): return HttpResponseRedirect( reverse( "apply:application_jobs", @@ -495,22 +479,20 @@ def get_next_url(self): ) def dispatch(self, request, *args, **kwargs): - if request.user.is_authenticated: - # Otherwise LoginRequiredMixin will raise in dispatch() - bypass_eligibility_conditions = [ - # Don't perform an eligibility diagnosis is the SIAE doesn't need it, - not self.company.is_subject_to_eligibility_rules, - # Only "authorized prescribers" can perform an eligibility diagnosis. - not ( - request.user.is_prescriber - and request.current_organization - and request.current_organization.is_authorized - ), - # No need for eligibility diagnosis if the job seeker already have a PASS IAE - self.job_seeker.has_valid_approval, - ] - if any(bypass_eligibility_conditions): - return HttpResponseRedirect(self.get_next_url()) + bypass_eligibility_conditions = [ + # Don't perform an eligibility diagnosis is the SIAE doesn't need it, + not self.company.is_subject_to_eligibility_rules, + # Only "authorized prescribers" can perform an eligibility diagnosis. + not ( + request.user.is_prescriber + and request.current_organization + and request.current_organization.is_authorized + ), + # No need for eligibility diagnosis if the job seeker already have a PASS IAE + self.job_seeker.has_valid_approval, + ] + if any(bypass_eligibility_conditions): + return HttpResponseRedirect(self.get_next_url()) return super().dispatch(request, *args, **kwargs) @@ -560,10 +542,6 @@ def __init__(self): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if not request.user.is_authenticated: - # Do nothing, LoginRequiredMixin will raise in dispatch() - return - if self.company.kind != CompanyKind.GEIQ: raise Http404("This form is only for GEIQ") @@ -589,7 +567,7 @@ def get_next_url(self): def dispatch(self, request, *args, **kwargs): # GEIQ eligibility form during job application process is only available to authorized prescribers - if request.user.is_authenticated and not request.user.is_prescriber_with_authorized_org: + if not request.user.is_prescriber_with_authorized_org: return HttpResponseRedirect(self.get_next_url()) return super().dispatch(request, *args, **kwargs) @@ -652,11 +630,6 @@ def get_form_kwargs(self): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - - if not request.user.is_authenticated: - # Do nothing, LoginRequiredMixin will raise in dispatch() - return - self.form = self.form_class(**self.get_form_kwargs()) def get_next_url(self, job_application): diff --git a/itou/www/approvals_views/views.py b/itou/www/approvals_views/views.py index 88907184d2..3c0eea7582 100644 --- a/itou/www/approvals_views/views.py +++ b/itou/www/approvals_views/views.py @@ -5,7 +5,7 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required -from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin +from django.contrib.auth.mixins import UserPassesTestMixin from django.core.exceptions import PermissionDenied from django.core.files.storage import default_storage from django.db import IntegrityError @@ -53,7 +53,7 @@ logger = logging.getLogger(__name__) -class ApprovalBaseViewMixin(LoginRequiredMixin): +class ApprovalBaseViewMixin: model = Approval def __init__(self): @@ -62,11 +62,10 @@ def __init__(self): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if request.user.is_authenticated: - self.siae = get_current_company_or_404(request) + self.siae = get_current_company_or_404(request) - if not self.siae.is_subject_to_eligibility_rules: - raise PermissionDenied + if not self.siae.is_subject_to_eligibility_rules: + raise PermissionDenied def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) @@ -126,7 +125,7 @@ def get_context_data(self, **kwargs): return context -class ApprovalDetailView(LoginRequiredMixin, UserPassesTestMixin, DetailView): +class ApprovalDetailView(UserPassesTestMixin, DetailView): model = Approval queryset = Approval.objects.select_related("user__jobseeker_profile").prefetch_related( # Useful for get_suspensions method and the approval remainder field @@ -138,10 +137,8 @@ class ApprovalDetailView(LoginRequiredMixin, UserPassesTestMixin, DetailView): template_name = "approvals/details.html" def test_func(self): - return self.request.user.is_authenticated and ( - # More checks are performed in get_context_data method - self.request.user.is_prescriber or self.request.user.is_employer or self.request.user.is_job_seeker - ) + # More checks are performed in get_context_data method + return self.request.user.is_prescriber or self.request.user.is_employer or self.request.user.is_job_seeker def get_prolongation_and_requests(self, approval): def _format_for_template(user, org): @@ -406,11 +403,10 @@ def _clear_errors(self): def setup(self, request, approval_id, *args, **kwargs): super().setup(request, *args, **kwargs) - if request.user.is_authenticated: - self.siae = get_current_company_or_404(request) - if not self.siae.is_subject_to_eligibility_rules: - raise PermissionDenied() - self.approval = get_object_or_404(Approval, pk=approval_id) + self.siae = get_current_company_or_404(request) + if not self.siae.is_subject_to_eligibility_rules: + raise PermissionDenied() + self.approval = get_object_or_404(Approval, pk=approval_id) if not self.approval.can_be_prolonged: raise PermissionDenied() @@ -507,20 +503,17 @@ def prolongation_request_report_file(request, prolongation_request_id): return HttpResponseRedirect(default_storage.url(prolongation_request.report_file_id)) -class ProlongationRequestViewMixin(LoginRequiredMixin): +class ProlongationRequestViewMixin: def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if request.user.is_authenticated: - self.prolongation_request = get_object_or_404( - ProlongationRequest.objects.filter( - prescriber_organization=get_current_org_or_404(request) - ).select_related( - "approval__user", - "deny_information", - ), - pk=kwargs["prolongation_request_id"], - ) + self.prolongation_request = get_object_or_404( + ProlongationRequest.objects.filter(prescriber_organization=get_current_org_or_404(request)).select_related( + "approval__user", + "deny_information", + ), + pk=kwargs["prolongation_request_id"], + ) def get_context_data(self, **kwargs): return super().get_context_data(**kwargs) | { diff --git a/itou/www/dashboard/views.py b/itou/www/dashboard/views.py index 783be121de..73c69f1ca7 100644 --- a/itou/www/dashboard/views.py +++ b/itou/www/dashboard/views.py @@ -3,7 +3,6 @@ from django.contrib import auth, messages from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth.decorators import login_required -from django.contrib.auth.mixins import LoginRequiredMixin from django.core.exceptions import PermissionDenied from django.db.models import F from django.http import Http404, HttpResponseForbidden, HttpResponseRedirect @@ -388,11 +387,11 @@ def api_token(request, template_name="dashboard/api_token.html"): return render(request, template_name, context) -class AccountMigrationView(LoginRequiredMixin, TemplateView): +class AccountMigrationView(TemplateView): template_name = "account/activate_inclusion_connect_account.html" def dispatch(self, request, *args, **kwargs): - if request.user.is_authenticated and request.user.kind not in MATOMO_ACCOUNT_TYPE: + if request.user.kind not in MATOMO_ACCOUNT_TYPE: return HttpResponseRedirect(reverse("dashboard:index")) return super().dispatch(request, *args, **kwargs) diff --git a/itou/www/employee_record_views/views.py b/itou/www/employee_record_views/views.py index 568e0123cd..c51e42ec54 100644 --- a/itou/www/employee_record_views/views.py +++ b/itou/www/employee_record_views/views.py @@ -1,6 +1,5 @@ from django.contrib import messages from django.contrib.auth.decorators import login_required -from django.contrib.auth.mixins import LoginRequiredMixin from django.core.exceptions import PermissionDenied, ValidationError from django.db.models import Count from django.http.response import HttpResponseRedirect @@ -66,7 +65,7 @@ def _show_add_choose_approval_form(wizard): return bool(cleaned_data.get("employee")) -class AddView(LoginRequiredMixin, NamedUrlSessionWizardView): +class AddView(NamedUrlSessionWizardView): template_name = "employee_record/add.html" form_list = [ ("choose-employee", AddEmployeeRecordChooseEmployeeForm), @@ -77,10 +76,6 @@ class AddView(LoginRequiredMixin, NamedUrlSessionWizardView): } def dispatch(self, request, *args, **kwargs): - # Do LoginRequiredMixin.dispatch() here so we get the 404 and the redirect before the PermissionDenied - if not request.user.is_authenticated: - return self.handle_no_permission() - self.company = get_current_company_or_404(request) if not self.company.can_use_employee_record: raise PermissionDenied diff --git a/itou/www/employees_views/views.py b/itou/www/employees_views/views.py index 7804f35081..dc43065c71 100644 --- a/itou/www/employees_views/views.py +++ b/itou/www/employees_views/views.py @@ -1,7 +1,6 @@ import contextlib import logging -from django.contrib.auth.mixins import LoginRequiredMixin from django.core.exceptions import PermissionDenied from django.db.models import Exists, OuterRef, Prefetch from django.urls import reverse_lazy @@ -23,7 +22,7 @@ logger = logging.getLogger(__name__) -class EmployeeDetailView(LoginRequiredMixin, DetailView): +class EmployeeDetailView(DetailView): model = User queryset = User.objects.filter(kind=UserKind.JOB_SEEKER).select_related("jobseeker_profile") template_name = "employees/detail.html" @@ -33,11 +32,10 @@ class EmployeeDetailView(LoginRequiredMixin, DetailView): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if request.user.is_authenticated: - self.siae = get_current_company_or_404(request) + self.siae = get_current_company_or_404(request) - if not self.siae.is_subject_to_eligibility_rules: - raise PermissionDenied + if not self.siae.is_subject_to_eligibility_rules: + raise PermissionDenied def get_queryset(self): return ( diff --git a/itou/www/job_seekers_views/views.py b/itou/www/job_seekers_views/views.py index d8beecf36f..475d243b81 100644 --- a/itou/www/job_seekers_views/views.py +++ b/itou/www/job_seekers_views/views.py @@ -1,7 +1,7 @@ import logging from django.contrib import messages -from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin +from django.contrib.auth.mixins import UserPassesTestMixin from django.core.exceptions import PermissionDenied from django.db import transaction from django.db.models import Count, DateTimeField, Exists, IntegerField, Max, OuterRef, Subquery @@ -44,7 +44,7 @@ logger = logging.getLogger(__name__) -class JobSeekerDetailView(LoginRequiredMixin, UserPassesTestMixin, DetailView): +class JobSeekerDetailView(UserPassesTestMixin, DetailView): model = User queryset = User.objects.select_related("jobseeker_profile") template_name = "job_seekers_views/details.html" @@ -53,9 +53,7 @@ class JobSeekerDetailView(LoginRequiredMixin, UserPassesTestMixin, DetailView): context_object_name = "job_seeker" def test_func(self): - return self.request.user.is_authenticated and ( - self.request.user.is_prescriber or self.request.user.is_employer - ) + return self.request.user.is_prescriber or self.request.user.is_employer def get_context_data(self, **kwargs): geiq_eligibility_diagnosis = None @@ -112,7 +110,7 @@ def get_context_data(self, **kwargs): } -class JobSeekerListView(LoginRequiredMixin, UserPassesTestMixin, ListView): +class JobSeekerListView(UserPassesTestMixin, ListView): model = User queryset = ( User.objects.filter(kind=UserKind.JOB_SEEKER).order_by("first_name", "last_name").prefetch_related("approvals") @@ -133,7 +131,7 @@ def setup(self, request, *args, **kwargs): ) def test_func(self): - return self.request.user.is_authenticated and self.request.user.is_prescriber + return self.request.user.is_prescriber def get_template_names(self): return ["job_seekers_views/includes/list_results.html" if self.request.htmx else "job_seekers_views/list.html"] @@ -186,7 +184,7 @@ def get_queryset(self): return query -class JobSeekerBaseView(LoginRequiredMixin, TemplateView): +class JobSeekerBaseView(TemplateView): def __init__(self): super().__init__() self.company = None @@ -211,7 +209,6 @@ def setup(self, request, *args, session_uuid, hire_process=False, **kwargs): self.prescription_process = ( not self.hire_process and not self.is_gps - and request.user.is_authenticated and ( request.user.is_prescriber or (request.user.is_employer and self.company != request.current_organization) @@ -220,7 +217,6 @@ def setup(self, request, *args, session_uuid, hire_process=False, **kwargs): self.auto_prescription_process = ( not self.hire_process and not self.is_gps - and request.user.is_authenticated and request.user.is_employer and self.company == request.current_organization ) @@ -285,7 +281,7 @@ def setup(self, request, *args, **kwargs): self.form = CheckJobSeekerNirForm(job_seeker=self.job_seeker, data=request.POST or None) def dispatch(self, request, *args, **kwargs): - if request.user.is_authenticated and not self.job_seeker.is_job_seeker: + if not self.job_seeker.is_job_seeker: logger.info(f"dispatch ({request.path}) : {request.user.kind} in jobseeker tunnel") return HttpResponseRedirect(reverse("apply:start", kwargs={"company_pk": self.company.pk})) return super().dispatch(request, *args, **kwargs) @@ -764,9 +760,7 @@ def get_job_seeker_queryset(self): def setup(self, request, *args, **kwargs): self.job_seeker = get_object_or_404(self.get_job_seeker_queryset(), public_id=kwargs["job_seeker_public_id"]) self.job_seeker_session = SessionNamespace(request.session, f"job_seeker-{self.job_seeker.public_id}") - if request.user.is_authenticated and ( - request.user.is_job_seeker or not request.user.can_view_personal_information(self.job_seeker) - ): + if request.user.is_job_seeker or not request.user.can_view_personal_information(self.job_seeker): # Since the link leading to this process isn't visible to those users, this should never happen raise PermissionDenied("Votre utilisateur n'est pas autorisé à vérifier les informations de ce candidat") super().setup(request, *args, **kwargs) @@ -824,9 +818,6 @@ def get_job_seeker_queryset(self): def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if not request.user.is_authenticated: - # Do nothing, LoginRequiredMixin will raise in dispatch() - return if not self.job_seeker_session.exists(): self.job_seeker_session.init({"user": {}}) session_nir = self.job_seeker_session.get("profile", {}).get("nir") diff --git a/itou/www/logout/views.py b/itou/www/logout/views.py index 0fed061ff2..2b38e9ed88 100644 --- a/itou/www/logout/views.py +++ b/itou/www/logout/views.py @@ -1,11 +1,10 @@ -from django.contrib.auth.mixins import LoginRequiredMixin from django.shortcuts import redirect from django.views.generic import TemplateView from itou.www.logout.enums import LogoutWarning -class LogoutWarningView(LoginRequiredMixin, TemplateView): +class LogoutWarningView(TemplateView): """ Logout view used when the perms middleware detects an issue """ diff --git a/itou/www/siae_evaluations_views/views.py b/itou/www/siae_evaluations_views/views.py index 81b3047dec..18079d351c 100644 --- a/itou/www/siae_evaluations_views/views.py +++ b/itou/www/siae_evaluations_views/views.py @@ -1,6 +1,5 @@ from django.contrib import messages from django.contrib.auth.decorators import login_not_required, login_required -from django.contrib.auth.mixins import LoginRequiredMixin from django.core.files.storage import default_storage from django.db.models import Q from django.http import Http404, HttpResponseForbidden, HttpResponseRedirect @@ -209,15 +208,14 @@ def evaluation_campaign_data_context(evaluated_siae): return context -class InstitutionEvaluatedSiaeNotifyMixin(LoginRequiredMixin, SingleObjectMixin): +class InstitutionEvaluatedSiaeNotifyMixin(SingleObjectMixin): model = EvaluatedSiae context_object_name = "evaluated_siae" pk_url_kwarg = "evaluated_siae_pk" def setup(self, request, *args, **kwargs): super().setup(request, *args, **kwargs) - if request.user.is_authenticated: - self.institution = get_current_institution_or_404(self.request) + self.institution = get_current_institution_or_404(self.request) def get_queryset(self): return ( diff --git a/itou/www/signup/views.py b/itou/www/signup/views.py index d0c64f17dc..664de9eea7 100644 --- a/itou/www/signup/views.py +++ b/itou/www/signup/views.py @@ -10,7 +10,6 @@ from django.contrib import auth, messages from django.contrib.auth import REDIRECT_FIELD_NAME, login from django.contrib.auth.decorators import login_not_required, login_required -from django.contrib.auth.mixins import LoginRequiredMixin from django.core.exceptions import PermissionDenied from django.db import Error, transaction from django.http import HttpResponseRedirect @@ -293,7 +292,7 @@ def get_context_data(self, **kwargs): } -class CompanyJoinView(LoginRequiredMixin, CompanyBaseView): +class CompanyJoinView(CompanyBaseView): def get(self, request, *args, **kwargs): if not request.user.is_employer: logger.error("A non staff user tried to join a company") diff --git a/itou/www/users_views/views.py b/itou/www/users_views/views.py index 8b74eb3d6b..b4389afa4d 100644 --- a/itou/www/users_views/views.py +++ b/itou/www/users_views/views.py @@ -1,4 +1,3 @@ -from django.contrib.auth.mixins import LoginRequiredMixin from django.core.exceptions import PermissionDenied from django.urls import reverse_lazy from django.views.generic import DetailView @@ -9,7 +8,7 @@ from itou.www.gps.views import is_allowed_to_use_gps -class UserDetailsView(LoginRequiredMixin, DetailView): +class UserDetailsView(DetailView): model = User queryset = User.objects.select_related("follow_up_group", "jobseeker_profile").prefetch_related( "follow_up_group__memberships" @@ -20,7 +19,7 @@ class UserDetailsView(LoginRequiredMixin, DetailView): context_object_name = "beneficiary" def setup(self, request, *args, **kwargs): - if request.user.is_authenticated and not is_allowed_to_use_gps(request.user): + if not is_allowed_to_use_gps(request.user): raise PermissionDenied("Votre utilisateur n'est pas autorisé à accéder à ces informations.") super().setup(request, *args, **kwargs)