From b92229f0f16700e4413e6f5ee1f33af51787807a Mon Sep 17 00:00:00 2001
From: Valentin Samir <samir@crans.org>
Date: Mon, 19 Nov 2012 17:09:43 +0100
Subject: [PATCH] =?UTF-8?q?[config,firewall=5Fnew,ipt,ldap=5Fcrans]=20bl?=
 =?UTF-8?q?=5Fcarte=5Fet=5Fdefinitif=20=3D=20True,=20sursis=20d'une=20sema?=
 =?UTF-8?q?ine=20m=C3=AAme=20avec=20bl=5Fcarte=5Fet=5Fdefinitif?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ignore-this: aef64ec3880b96beda0ec95c7c6c255c

darcs-hash:20121119160943-3a55a-309f4e1bf82cc4ef955c7a7a723220704e74ba18.gz
---
 gestion/config.py                 |  4 ++--
 gestion/gen_confs/firewall_new.py | 29 +++++++++++++++++------
 gestion/ipt.py                    | 13 ++++++++---
 gestion/ldap_crans.py             | 38 +++++++++++++++++++++++--------
 4 files changed, 63 insertions(+), 21 deletions(-)

diff --git a/gestion/config.py b/gestion/config.py
index d64fff5d..6f9f45d2 100644
--- a/gestion/config.py
+++ b/gestion/config.py
@@ -40,9 +40,9 @@ else:
 # /!\ Par sécurité, ces valeurs sont considérées comme False si
 #     periode_transitoire est True
 # Soft (au niveau du Squid)
-bl_carte_et_actif = False
+bl_carte_et_actif = True
 # Hard (l'adhérent est considéré comme paiement pas ok)
-bl_carte_et_definitif = False
+bl_carte_et_definitif = True
 
 #Sursis pour les inscription après le 1/11 pour fournir la carte étudiant
 sursis_carte=8*24*3600
diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py
index 63389d7c..71ab47de 100755
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@@ -37,7 +37,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi, BorneWifi
 from affich_tools import *
 from commands import getstatusoutput
 from iptools import AddrInNet, NetSubnets, IpSubnet
-from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users, accueil_route, blacklist_sanctions, blacklist_sanctions_soft
+from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users, accueil_route, blacklist_sanctions, blacklist_sanctions_soft, periode_transitoire
 from ipset import IpsetError, Ipset
 from lc_ldap import lc_ldap
 syslog.openlog('firewall')
@@ -1088,7 +1088,12 @@ class firewall_komaz(firewall_crans) :
             
 
         # Recherche sur le champ paiement seulement (clubs compris) et plus ablacklist pour capturer aussi les deconnection pour chambre invalide et carte étudiant
-        search = db.search('paiement=ok')
+        search = db.search('paiement=%s' % ann_scol)
+        if periode_transitoire:
+            tmp=db.search('paiement=%s' % ann_scol-1)
+            search['adherent'].entend(tmp['adherent'])
+            search['club'].entend(tmp['club'])
+            del tmp
         self.anim = anim("\tBlackliste adhérents+clubs", 2*len(search['adherent']+search['club']))
         for entite in search['adherent'] + search['club']:
             self.anim.cycle()
@@ -1108,7 +1113,9 @@ class firewall_komaz(firewall_crans) :
         print OK
 
         # Recherche sur le champ mblacklist
-        search = db.search('mblacklist=*&paiement=ok')
+        search = db.search('mblacklist=*&paiement=%s' % ann_scol)
+        if periode_transitoire:
+            search['machine'].entend(db.search('mblacklist=*&paiement=%s' % ann_scol-1)['machine'])
         self.anim = anim("\tBlackliste machines", 2*len(search['machine']))
         for entite in search['machine']:
             self.anim.cycle()
@@ -1267,8 +1274,11 @@ class firewall_zamok(firewall_crans) :
         
     def filter_table(self):
         self.anim = anim('\tStructure de la table filter')
-        iptables('-t filter -N SERV_OUT_ADM')
-        iptables('-t filter -N TEST_MAC-IP')
+        try:
+            iptables('-t filter -N SERV_OUT_ADM')
+            iptables('-t filter -N TEST_MAC-IP')
+        except:
+            pass
         iptables("-t filter -A OUTPUT -d 224.0.0.0/4 -j DROP")
 
         # <!> à placer dans filter
@@ -1304,8 +1314,13 @@ class firewall_zamok(firewall_crans) :
 
         self.filter_table()
 
-        # Recherche sur le champ ablacklist (clubs compris)
-        search = db.search('ablacklist=*&paiement=ok')
+        # Recherche des adherent blacklisté (club compris)
+        search = db.search('paiement=%s' % ann_scol)
+        if periode_transitoire:
+            tmp=db.search('paiement=%s' % ann_scol-1)
+            search['adherent'].entend(tmp['adherent'])
+            search['club'].entend(tmp['club'])
+            del tmp
         self.anim = anim("\tBlackliste des comptes Crans", len(search['adherent']))
         for adh in search['adherent']:
             self.anim.cycle()
diff --git a/gestion/ipt.py b/gestion/ipt.py
index ff4191b1..39717932 100755
--- a/gestion/ipt.py
+++ b/gestion/ipt.py
@@ -25,7 +25,7 @@ import os, re, syslog, cPickle
 from ldap_crans import crans_ldap, hostname
 from commands import getstatusoutput
 from config import NETs, role, prefix, mid, output_file, filter_policy
-from config import blacklist_sanctions, blacklist_sanctions_soft, file_pickle
+from config import blacklist_sanctions, blacklist_sanctions_soft, file_pickle, ann_scol, periode_transitoire
 from iptools import AddrInNet
 from midtools import Mid
 import subprocess
@@ -667,14 +667,21 @@ def blacklist(ipt):
 
     blcklst = []
 
-    s = db.search('paiement=ok')
+    s = db.search('paiement=%s' % ann_scol)
+    if periode_transitoire:
+        tmp=db.search('paiement=%s' % ann_scol-1)
+        s['adherent'].entend(tmp['adherent'])
+        s['club'].entend(tmp['club'])
+        del tmp
 
     for target in s['adherent'] + s['club']:
         sanctions = target.blacklist_actif()
         if [x for x in sanctions if x in blacklist_sanctions]:
             blcklst.extend(target.machines())
 
-    s = db.search('mblacklist=*&paiement=ok')
+    s = db.search('mblacklist=*&paiement=%s' % ann_scol)
+    if periode_transitoire:
+        s['machine'].entend(db.s('mblacklist=*&paiement=%s' % ann_scol-1)['machine'])
             
     for target in s['machine']:
         sanctions = target.blacklist_actif()
diff --git a/gestion/ldap_crans.py b/gestion/ldap_crans.py
index bed5a614..1a863e33 100644
--- a/gestion/ldap_crans.py
+++ b/gestion/ldap_crans.py
@@ -892,7 +892,7 @@ class CransLdap:
         if uid == "grosminet":
             proprio = self.search("nom=grosminet", mode)['adherent'][0]
         return proprio
-
+        
     __machines = ()
     def all_machines(self, graphic=False):
         """
@@ -907,8 +907,14 @@ class CransLdap:
             # Machines de l'assoce
             self.__machines = AssociationCrans(conn = self.conn).machines()
             # Machines des adhérents et clubs de l'année en cours
-            base = self.search('paiement=ok')
+            #base = self.search('paiement=ok')
+            base = self.search('paiement=%s' % ann_scol)
             base = base['adherent'] + base['club']
+            if config.periode_transitoire:
+                tmp=self.search('paiement=%s' % ann_scol-1)
+                base.entend(tmp['adherent'] + tmp['club'])
+                del tmp
+            base=[a for a in base if a.paiement_ok()]
             if graphic: a = anim('\tTri des machines', len(base))
             for adh in base:
                 if graphic: a.cycle()
@@ -976,13 +982,8 @@ class BaseClasseCrans(CransLdap):
             bl_liste += p.blacklist()
         elif isinstance(self, Adherent) and (config.ann_scol in self.paiement()):
             # blacklistes virtuelle si on est un adhérent pour carte étudiant et chambre invalides
-            if not config.periode_transitoire and config.bl_carte_et_actif and not (config.ann_scol in self.carteEtudiant()):
-                for h in self.historique()[::-1]:
-                    x=re.match("(.*),.* : .*(paiement\+%s|inscription).*" % config.ann_scol,h)
-                    if x != None:
-                        if (time.time()-time.mktime(time.strptime(x.group(1),'%d/%m/%Y %H:%M')))>config.sursis_carte:
-                            actifs['carte_etudiant']=('-','-')
-                        break
+            if not config.periode_transitoire and config.bl_carte_et_actif and not (config.ann_scol in self.carteEtudiant()) and not self.sursis_carte():
+                actifs['carte_etudiant']=('-','-')
             if self.chbre() == '????':
                 actifs['chambre_invalide']=('-','-')
 
@@ -1735,6 +1736,25 @@ class BaseProprietaire(BaseClasseCrans):
                 si négatif le supprime
         """
         return self._an('paiement', action)
+        
+    def sursis_carte(self):
+        for h in self.historique()[::-1]:
+            x=re.match("(.*),.* : .*(paiement\+%s|inscription).*" % config.ann_scol,h)
+            if x != None:
+                if (time.time()-time.mktime(time.strptime(x.group(1),'%d/%m/%Y %H:%M')))<=config.sursis_carte:
+                    return True
+            break
+        return False
+
+    def paiement_ok(self):
+        if config.ann_scol in self.paiement() or (config.periode_transitoire and (config.ann_scol-1) in self.paiement()):
+            if config.periode_transitoire or not isinstance(self, Adherent) or not config.bl_carte_et_definitif or config.ann_scol in self.carteEtudiant():
+                return True
+            else:
+                return self.sursis_carte()
+        else:
+            return False
+                        
 
     def delete(self, comment=''):
         """Destruction du propriétaire"""