aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2020-08-09 18:19:11 +0200
committerAndrea Lepori <alepori@student.ethz.ch>2020-08-09 18:19:11 +0200
commit50798f2814f397fbdd85b70dabca9dfb26d4cd02 (patch)
treedb0489a2a16c23f016fb89d74932fdbb6a8d9b9d
parentremove old migrations (diff)
downloadscout-subs-50798f2814f397fbdd85b70dabca9dfb26d4cd02.tar.gz
scout-subs-50798f2814f397fbdd85b70dabca9dfb26d4cd02.zip
comment code, minor bug fixes
Diffstat (limited to '')
-rw-r--r--accounts/views.py43
-rw-r--r--client/templates/client/approve.html6
-rw-r--r--client/templates/client/index.html42
-rw-r--r--client/views.py83
-rw-r--r--server/templates/server/doc_list.html9
-rw-r--r--server/views.py250
6 files changed, 340 insertions, 93 deletions
diff --git a/accounts/views.py b/accounts/views.py
index 4dd69a4..50266b1 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -11,15 +11,18 @@ from django.http import HttpResponseRedirect
from client.models import UserCode
-import dateparser, os
+import dateparser
+import os
from io import BytesIO
from PIL import Image, UnidentifiedImageError
@sensitive_variables("raw_passsword")
def signup(request):
+ # signup form with terms
if request.method == 'POST':
if "terms_accept" not in request.POST:
+ # if terms not accepted return error and form again
form = UserCreationForm()
context = {
"form": form,
@@ -27,6 +30,7 @@ def signup(request):
"error_text": "Accettare i termini e condizioni prego"
}
return render(request, 'accounts/signup.html', context)
+ # terms accepted create user in db
form = UserCreationForm(request.POST)
if form.is_valid():
form.save()
@@ -35,8 +39,9 @@ def signup(request):
user = authenticate(username=username, password=raw_password)
login(request, user)
return HttpResponseRedirect('/')
- else:
- form = UserCreationForm()
+
+ # create empty form to be filled
+ form = UserCreationForm()
context = {
"form": form,
}
@@ -46,18 +51,25 @@ def signup(request):
@login_required
def personal(request):
context = {}
+ # additional user informations
usercode = UserCode.objects.filter(user=request.user)[0]
+ # medical info
medic = usercode.medic
+ # values for multiple choice box
+ # TODO remove multiple choice
branca_default = ""
branca_castorini = ""
branca_lupetti = ""
branca_esploratori = ""
branca_pionieri = ""
branca_rover = ""
+
+ # variables for throwing errors to the user
error = False
error_text = ""
if request.method == "POST":
+ # requested download
if request.POST['action'] == "download_vac":
if medic.vac_certificate != None:
filename = os.path.basename(medic.vac_certificate.name)
@@ -76,6 +88,7 @@ def personal(request):
filename = filename + ".jpg"
return FileResponse(medic.health_care_certificate.file, as_attachment=True, filename=filename)
+ # set all attributes
request.user.first_name = request.POST["first_name"]
request.user.last_name = request.POST["last_name"]
request.user.email = request.POST["email"]
@@ -114,19 +127,22 @@ def personal(request):
medic.misc = request.POST["misc"]
medic.save()
- #if "branca" in request.POST:
+ # if "branca" in request.POST:
# if request.POST["branca"] != "":
# request.user.groups.clear()
# request.user.groups.add(
# Group.objects.get(name=request.POST["branca"]))
-
+
+ # check if user uploaded a file
if "vac_certificate" in request.FILES:
myfile = request.FILES['vac_certificate']
try:
im = Image.open(myfile)
im_io = BytesIO()
+ # compress image in WEBP
im.save(im_io, 'WEBP', quality=50)
- medic.vac_certificate.save(request.user.username+"_"+myfile.name, im_io)
+ medic.vac_certificate.save(
+ request.user.username+"_"+myfile.name, im_io)
medic.save()
except UnidentifiedImageError:
error = True
@@ -137,14 +153,16 @@ def personal(request):
try:
im = Image.open(myfile)
im_io = BytesIO()
+ # compress image in WEBP
im.save(im_io, 'WEBP', quality=50)
- medic.health_care_certificate.save(request.user.username+"_"+myfile.name, im_io)
+ medic.health_care_certificate.save(
+ request.user.username+"_"+myfile.name, im_io)
medic.save()
except UnidentifiedImageError:
error = True
error_text = "Il file non è un immagine valida"
-
+ # user requested file delete
if request.POST["delete_vac"] == 'vac':
medic.vac_certificate = None
medic.save()
@@ -153,9 +171,11 @@ def personal(request):
medic.health_care_certificate = None
medic.save()
+ # if there wasn't any error redirect to clear POST
if not error:
return HttpResponseRedirect("")
+ # check if user is in a group and set multiple choice to that
if len(request.user.groups.values_list('name', flat=True)) == 0:
branca_default = "selected"
else:
@@ -174,6 +194,7 @@ def personal(request):
else:
branca_default = "selected"
+ # set checkbox status
rega = ""
if medic.rega:
rega = "checked='checked'"
@@ -184,6 +205,7 @@ def personal(request):
if medic.misc_bool:
misc = "checked='checked'"
+ # set file name for uploaded files
if (medic.vac_certificate != None):
vac_name = os.path.basename(medic.vac_certificate.name)
vac_name = vac_name[vac_name.find("_")+1:]
@@ -196,6 +218,7 @@ def personal(request):
else:
card_name = ''
+ # fill context
context = {
'first_name': request.user.first_name,
'last_name': request.user.last_name,
@@ -244,6 +267,8 @@ def personal(request):
return render(request, 'accounts/index.html', context)
+
+# simple terms page, only static html
def terms(request):
context = {}
- return render(request, 'accounts/terms.html', context) \ No newline at end of file
+ return render(request, 'accounts/terms.html', context)
diff --git a/client/templates/client/approve.html b/client/templates/client/approve.html
index ddfc30c..3da2677 100644
--- a/client/templates/client/approve.html
+++ b/client/templates/client/approve.html
@@ -30,4 +30,10 @@
</div>
</div>
{% endif %}
+{% endblock %}
+
+{% block script %}
+$(document).ready(function(){
+ $('.tooltipped').tooltip();
+});
{% endblock %} \ No newline at end of file
diff --git a/client/templates/client/index.html b/client/templates/client/index.html
index 1915792..1a63c2e 100644
--- a/client/templates/client/index.html
+++ b/client/templates/client/index.html
@@ -373,25 +373,31 @@
{% block script %}
$(document).ready(function(){
- $('.collapsible').collapsible();
- $('.tap-target').tapTarget();
- $('.modal').modal();
$('.tooltipped').tooltip();
- {% if empty %}
- $('.tap-target').tapTarget('open');
+ {% if user.is_authenticated %}
+ {% if user.is_staff or perms.client.approved %}
+ $('.collapsible').collapsible();
+ $('.tap-target').tapTarget();
+ $('.modal').modal();
+ {% if empty %}
+ $('.tap-target').tapTarget('open');
+ {% endif %}
+ {% endif %}
{% endif %}
});
-
-$('*').click(function(event) {
- if (this === event.target) {
- $('.tap-target').tapTarget('close');
+{% if user.is_authenticated %}
+ {% if user.is_staff or perms.client.approved %}
+ $('*').click(function(event) {
+ if (this === event.target) {
+ $('.tap-target').tapTarget('close');
+ }
+ });
+ function send(id) {
+ var form = document.getElementById('form')
+ var action = document.getElementById('action')
+ action.setAttribute('value', id);
+ form.submit()
}
-});
-
-function send(id) {
- var form = document.getElementById('form')
- var action = document.getElementById('action')
- action.setAttribute('value', id);
- form.submit()
-}
-{% endblock %} \ No newline at end of file
+ {% endif %}
+{% endif %}
+{% endblock %}
diff --git a/client/views.py b/client/views.py
index ae5f2d5..b1b8297 100644
--- a/client/views.py
+++ b/client/views.py
@@ -12,12 +12,12 @@ from io import BytesIO
import pdfkit
import base64
-# Create your views here.
-
def index(request):
context = {}
+ # check if user is logged
if (request.user.is_authenticated):
+ # generate code if user has no code
users = UserCode.objects.filter(user=request.user)
code = None
if (len(users) == 0):
@@ -30,16 +30,21 @@ def index(request):
userCode = UserCode(user=request.user, code=code, medic=medic)
userCode.save()
+ # user action
if request.method == "POST":
+ # get document id
document = Document.objects.get(id=request.POST["action"][1:])
+ # check if document is valid to modify
if document.user != request.user:
return
if document.status == "ok" or document.status == "archive":
return
+ # execute action
if request.POST["action"][0] == 'f':
+ # generate approve pdf
template = get_template('client/approve_doc_pdf.html')
context = {'doc': document}
html = template.render(context)
@@ -47,20 +52,22 @@ def index(request):
result = BytesIO(pdf)
result.seek(0)
return FileResponse(result, as_attachment=True, filename=document.document_type.name+".pdf")
-
elif request.POST["action"][0] == 'a':
+ # sign autosign doc
if document.status == "autosign":
document.status = "ok"
document.save()
return HttpResponseRedirect("/")
elif request.POST["action"][0] == 'd':
+ # delete doc
document.delete()
return HttpResponseRedirect("/")
elif request.POST["action"][0] == 'e':
+ # edit doc generate context and render edit page
document_type = document.document_type
context = {
'doctype': document_type,
- }
+ }
context['doc'] = document
context['personal_data'] = document_type.personal_data
context['medical_data'] = document_type.medical_data
@@ -68,15 +75,19 @@ def index(request):
keys = Keys.objects.filter(container=document_type)
out_keys = []
for i in keys:
- out_keys.append([i, KeyVal.objects.filter(Q(container=document) & Q(key=i.key))[0].value])
+ out_keys.append([i, KeyVal.objects.filter(
+ Q(container=document) & Q(key=i.key))[0].value])
context['keys'] = out_keys
context['custom_message'] = document_type.custom_message
context['custom_message_text'] = document_type.custom_message_text
return edit_wrapper(request, context)
- documents = Document.objects.filter(Q(user=request.user) & ~Q(status='archive'))
+ # show only docs of the user and non archived
+ documents = Document.objects.filter(
+ Q(user=request.user) & ~Q(status='archive'))
out = []
for i in documents:
+ # for every document prepare images in base64
personal = None
medical = None
vac_file = ""
@@ -92,11 +103,14 @@ def index(request):
if medical.health_care_certificate.name:
with open(medical.health_care_certificate.name, 'rb') as image_file:
- health_file = base64.b64encode(image_file.read()).decode()
+ health_file = base64.b64encode(
+ image_file.read()).decode()
doc_group = i.user.groups.values_list('name', flat=True)[0]
- out.append([i, KeyVal.objects.filter(container=i), personal, medical, doc_group, vac_file, health_file])
+ out.append([i, KeyVal.objects.filter(container=i),
+ personal, medical, doc_group, vac_file, health_file])
+
context = {
"docs": out,
"empty": len(out) == 0,
@@ -108,6 +122,7 @@ def index(request):
@login_required
def approve(request):
context = {}
+ # if user not approved and has enough data then give instructions how to approve user
if not (request.user.is_staff or request.user.has_perm('approved')):
usercode = UserCode.objects.filter(user=request.user)[0]
okay = False
@@ -118,26 +133,34 @@ def approve(request):
else:
return render(request, 'client/index.html', context)
+
@login_required
def create(request):
context = {}
+ # group name and obj
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
+
+ # get available types for user
doctypes = DocumentType.objects.filter(
(Q(group_private=False) | Q(group=group)) & Q(enabled=True))
out = []
for doc in doctypes:
+ # check if user has already that document type
if len(Document.objects.filter(Q(user=request.user) & Q(document_type=doc))) == 0:
out.append(doc)
context['docs'] = out
if request.method == "POST":
if request.POST["action"] == "details":
+ # user has to select a document type
if "doctype" not in request.POST.keys():
+ # if no type selected throw error
context['error'] = True
context['error_text'] = "Seleziona un documento"
else:
+ # gather data to ask to the user
context['next'] = True
document_type = DocumentType.objects.get(
id=request.POST["doctype"])
@@ -153,71 +176,90 @@ def create(request):
context['custom_message'] = document_type.custom_message
context['custom_message_text'] = document_type.custom_message_text
elif request.POST["action"] == "save":
+ # after type was selected it shows details to complete
+
+ # get selected type
document_type = DocumentType.objects.get(
id=request.POST["doctype"])
+ # get list of docs with that type
current_docs = Document.objects.filter(document_type=document_type)
if len(current_docs) > 0:
+ # if there is already a document with that type abort (user is cheating)
return
+ # set default values
usercode = UserCode.objects.filter(user=request.user)[0]
code = 0
status = "wait"
personal_data = None
medical_data = None
+ # set to auto_sign if it is the case
if document_type.auto_sign:
status = "autosign"
keys = []
+ # copy personal data and medical data
if document_type.personal_data:
personal_data = PersonalData(email=request.user.email, parent_name=usercode.parent_name, via=usercode.via, cap=usercode.cap, country=usercode.country,
- nationality=usercode.nationality, born_date=usercode.born_date, home_phone=usercode.home_phone, phone=usercode.phone)
+ nationality=usercode.nationality, born_date=usercode.born_date, home_phone=usercode.home_phone, phone=usercode.phone)
personal_data.save()
if document_type.medical_data:
medic = usercode.medic
- medical_data = MedicalData(vac_certificate=medic.vac_certificate, health_care_certificate=medic.health_care_certificate, emer_name=medic.emer_name, emer_relative=medic.emer_relative, cell_phone=medic.cell_phone, address=medic.address, emer_phone=medic.emer_phone, health_care=medic.health_care, injuries=medic.injuries, rc=medic.rc, rega=medic.rega, medic_name=medic.medic_name, medic_phone=medic.medic_phone, medic_address=medic.medic_address, sickness=medic.sickness, vaccine=medic.vaccine, tetanus_date=medic.tetanus_date, allergy=medic.allergy, drugs_bool=medic.drugs_bool, drugs=medic.drugs, misc_bool=medic.misc_bool, misc=medic.misc)
+ medical_data = MedicalData(vac_certificate=medic.vac_certificate, health_care_certificate=medic.health_care_certificate, emer_name=medic.emer_name, emer_relative=medic.emer_relative, cell_phone=medic.cell_phone, address=medic.address, emer_phone=medic.emer_phone, health_care=medic.health_care, injuries=medic.injuries,
+ rc=medic.rc, rega=medic.rega, medic_name=medic.medic_name, medic_phone=medic.medic_phone, medic_address=medic.medic_address, sickness=medic.sickness, vaccine=medic.vaccine, tetanus_date=medic.tetanus_date, allergy=medic.allergy, drugs_bool=medic.drugs_bool, drugs=medic.drugs, misc_bool=medic.misc_bool, misc=medic.misc)
medical_data.save()
+ # generate document code
while (True):
code = randint(100000, 999999)
if len(Document.objects.filter(code=code)) == 0:
break
+ # save document
document = Document(
user=request.user, group=document_type.group, code=code, status=status, document_type=document_type, personal_data=personal_data, medical_data=medical_data)
document.save()
+ # attach custom keys
if document_type.custom_data:
for i in request.POST.keys():
- if i == "doctype" or i=="csrfmiddlewaretoken" or i=="action":
+ if i == "doctype" or i == "csrfmiddlewaretoken" or i == "action":
continue
- key = KeyVal(container=document, key=Keys.objects.get(id=i).key, value=request.POST[i])
+ key = KeyVal(container=document, key=Keys.objects.get(
+ id=i).key, value=request.POST[i])
key.save()
return HttpResponseRedirect('/')
return render(request, 'client/doc_create.html', context)
+
+# helper function to call edit_wrapper with empty context
@login_required
def edit(request):
return edit_wrapper(request, {})
+
@login_required
def edit_wrapper(request, context):
if request.method == "POST":
if "action" not in request.POST.keys():
+ # get document
document = Document.objects.get(id=request.POST["doc"])
+ # check if user has permission
if document.user != request.user:
return
-
+
+ # save again all data
usercode = UserCode.objects.filter(user=document.user)[0]
if document.document_type.personal_data:
personal_data = PersonalData(email=request.user.email, parent_name=usercode.parent_name, via=usercode.via, cap=usercode.cap, country=usercode.country,
- nationality=usercode.nationality, born_date=usercode.born_date, home_phone=usercode.home_phone, phone=usercode.phone)
+ nationality=usercode.nationality, born_date=usercode.born_date, home_phone=usercode.home_phone, phone=usercode.phone)
personal_data.save()
old_data = document.personal_data
document.personal_data = personal_data
@@ -226,18 +268,21 @@ def edit_wrapper(request, context):
if document.document_type.medical_data:
medic = usercode.medic
- medical_data = MedicalData(vac_certificate=medic.vac_certificate, health_care_certificate=medic.health_care_certificate, emer_name=medic.emer_name, emer_relative=medic.emer_relative, cell_phone=medic.cell_phone, address=medic.address, emer_phone=medic.emer_phone, health_care=medic.health_care, injuries=medic.injuries, rc=medic.rc, rega=medic.rega, medic_name=medic.medic_name, medic_phone=medic.medic_phone, medic_address=medic.medic_address, sickness=medic.sickness, vaccine=medic.vaccine, tetanus_date=medic.tetanus_date, allergy=medic.allergy, drugs_bool=medic.drugs_bool, drugs=medic.drugs, misc_bool=medic.misc_bool, misc=medic.misc)
+ medical_data = MedicalData(vac_certificate=medic.vac_certificate, health_care_certificate=medic.health_care_certificate, emer_name=medic.emer_name, emer_relative=medic.emer_relative, cell_phone=medic.cell_phone, address=medic.address, emer_phone=medic.emer_phone, health_care=medic.health_care, injuries=medic.injuries,
+ rc=medic.rc, rega=medic.rega, medic_name=medic.medic_name, medic_phone=medic.medic_phone, medic_address=medic.medic_address, sickness=medic.sickness, vaccine=medic.vaccine, tetanus_date=medic.tetanus_date, allergy=medic.allergy, drugs_bool=medic.drugs_bool, drugs=medic.drugs, misc_bool=medic.misc_bool, misc=medic.misc)
medical_data.save()
old_data = document.medical_data
document.medical_data = medical_data
document.save()
old_data.delete()
+ # update again custom keys
if document.document_type.custom_data:
for i in request.POST.keys():
- if i == "doc" or i=="csrfmiddlewaretoken":
+ if i == "doc" or i == "csrfmiddlewaretoken":
continue
- key = KeyVal.objects.filter(Q(container=document) & Q(key=Keys.objects.get(id=i).key))[0]
+ key = KeyVal.objects.filter(Q(container=document) & Q(
+ key=Keys.objects.get(id=i).key))[0]
key.value = request.POST[i]
key.save()
@@ -245,11 +290,13 @@ def edit_wrapper(request, context):
return render(request, 'client/doc_edit.html', context)
+
def about(request):
+ # very simple about page, get version from text file
version = ""
with open("version.txt", 'r') as f:
version = f.read()
if version.startswith("0"):
version = "Beta " + version
context = {"version": version}
- return render(request, 'client/about.html', context) \ No newline at end of file
+ return render(request, 'client/about.html', context)
diff --git a/server/templates/server/doc_list.html b/server/templates/server/doc_list.html
index 7bdbb17..66ff997 100644
--- a/server/templates/server/doc_list.html
+++ b/server/templates/server/doc_list.html
@@ -434,6 +434,15 @@
</div>
</div>
</div>
+ <div class="row">
+ <div class="col s12">
+ <div class="card">
+ <div class="card-image">
+ {% if doc.7 %}<img src="data:;base64,{{ doc.7 }}">{% endif %}
+ </div>
+ </div>
+ </div>
+ </div>
</span></div>
</li>
{% endif %}
diff --git a/server/views.py b/server/views.py
index 01e8109..dec4e11 100644
--- a/server/views.py
+++ b/server/views.py
@@ -16,10 +16,12 @@ from datetime import timedelta
import pytz
import pdfkit
from io import BytesIO
-import os, base64
+import os
+import base64
from PIL import Image, UnidentifiedImageError
+# custom staff check function for non primary group staff members
def isStaff(user):
if user.is_staff:
return True
@@ -31,41 +33,46 @@ def isStaff(user):
@user_passes_test(isStaff)
def index(request):
context = {}
+ # primary group name + object
parent_group = request.user.groups.values_list('name', flat=True)[
0]
+ group = Group.objects.get(name=parent_group)
+ # users from younger to older
users = User.objects.filter(groups__name=parent_group).order_by("-id")
users_out = []
+ # only send part of the user data, only if user is approved
for user in users:
if not user.has_perm("client.approved") and not user.is_staff:
continue
users_out.append([user.username, user.first_name,
- user.last_name])
+ user.last_name])
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
+ # if user is staff of not primary show only public types
if request.user.is_staff:
public_types = DocumentType.objects.filter(
Q(group_private=False) | Q(group=group) & Q(enabled=True)).order_by("-id")
else:
public_types = DocumentType.objects.filter(
Q(group_private=False) & Q(enabled=True)).order_by("-id")
+
+ # count documents of that type to show statistics
docs = []
for doc in public_types:
ref_docs = Document.objects.filter(document_type=doc)
docs.append([doc, len(ref_docs)])
+ # don't list users if user is staff of not primary
if request.user.is_staff:
context = {
'docs': docs,
'users': users_out,
- }
+ }
else:
context = {
'docs': docs,
- }
+ }
return render(request, 'server/index.html', context)
@@ -74,13 +81,19 @@ def uapprove(request):
context = {}
data = []
if request.method == "POST":
+ # get group name and obj
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
+
+ # get permission object
permission = Permission.objects.get(codename='approved')
+
+ # parse text to array
data = request.POST["codes"]
data.replace("\r", "")
data = data.split("\n")
+ # check if format is right
for i in range(len(data)):
if not data[i].startswith("U"):
data[i] = data[i] + " - Formato errato"
@@ -93,13 +106,16 @@ def uapprove(request):
else:
user = UserCode.objects.filter(code=data[i][1:])[0].user
user.user_permissions.add(permission)
+ # if user not in any group add to the same group as staff
if len(user.groups.values_list('name', flat=True)) == 0:
user.groups.add(group)
data[i] = data[i] + " - Ok"
else:
if user.groups.values_list('name', flat=True)[0] == parent_group:
+ # if user already in group do nothing
data[i] = data[i] + " - Ok"
else:
+ # if user in another group notify staff of group change
user.groups.clear()
user.groups.add(group)
data[i] = data[i] + " - Ok, cambio branca"
@@ -116,19 +132,24 @@ def uapprove(request):
def docapprove(request):
context = {}
data = []
+
+ # group name and obj
parent_group = request.user.groups.values_list('name', flat=True)[
0]
+ group = Group.objects.get(name=parent_group)
+ # if user not staff of primary has only controll of non primary groups
if request.user.is_staff:
groups = request.user.groups.values_list('name', flat=True)
else:
groups = request.user.groups.values_list('name', flat=True)[1:]
- group = Group.objects.get(name=parent_group)
if request.method == "POST":
+ # parse text in array
data = request.POST["codes"]
data.replace("\r", "")
data = data.split("\n")
+ # check if code valid
for i in range(len(data)):
print(Document.objects.filter(code=data[i])[0].group.name)
if not data[i].isdigit():
@@ -138,10 +159,12 @@ def docapprove(request):
elif len(Document.objects.filter(code=data[i])) == 0:
data[i] = data[i] + " - Invalido"
elif Document.objects.filter(code=data[i])[0].group.name not in groups:
+ # check if user has permission to approve document
data[i] = data[i] + " - Invalido"
else:
document = Document.objects.filter(code=data[i])[0]
if document.status == 'ok':
+ # do nothing document already approved
data[i] = data[i] + " - Già approvato"
else:
document.status = 'ok'
@@ -159,54 +182,80 @@ def docapprove(request):
@staff_member_required
def ulist(request):
context = {}
+ # group name and obj
parent_group = request.user.groups.values_list('name', flat=True)[0]
group = Group.objects.get(name=parent_group)
+
if request.method == "POST":
+ # request to download document
if request.POST["action"][0] == 'f':
document = Document.objects.get(id=request.POST["action"][1:])
+ # check if user has permission to view document
if document.group == group:
vac_file = ""
health_file = ""
sign_doc_file = ""
+
+ # prepare pictures in base64
if document.medical_data:
if document.medical_data.vac_certificate.name:
with open(document.medical_data.vac_certificate.name, 'rb') as image_file:
- vac_file = base64.b64encode(image_file.read()).decode()
+ vac_file = base64.b64encode(
+ image_file.read()).decode()
if document.medical_data.health_care_certificate.name:
with open(document.medical_data.health_care_certificate.name, 'rb') as image_file:
- health_file = base64.b64encode(image_file.read()).decode()
+ health_file = base64.b64encode(
+ image_file.read()).decode()
if document.signed_doc:
with open(document.signed_doc.name, 'rb') as image_file:
- sign_doc_file = base64.b64encode(image_file.read()).decode()
+ sign_doc_file = base64.b64encode(
+ image_file.read()).decode()
+ # get template and build context
template = get_template('server/download_doc.html')
- doc = [document, KeyVal.objects.filter(container=document), document.personal_data, document.medical_data, parent_group]
- context = {'doc': doc, 'vac': vac_file, 'health': health_file, 'sign_doc_file': sign_doc_file}
+ doc = [document, KeyVal.objects.filter(
+ container=document), document.personal_data, document.medical_data, parent_group]
+ context = {'doc': doc, 'vac': vac_file,
+ 'health': health_file, 'sign_doc_file': sign_doc_file}
+ # render context
html = template.render(context)
+ # render pdf using wkhtmltopdf
pdf = pdfkit.from_string(html, False)
result = BytesIO(pdf)
result.seek(0)
return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
+
+ # deapprove user
elif request.POST["action"][0] == 'd':
user = User.objects.get(id=request.POST["action"][1:])
+ # check if user has permission to deapprove user
if user.groups.all()[0] == group:
content_type = ContentType.objects.get_for_model(Document)
- permission = Permission.objects.get(content_type=content_type, codename="approved")
+ permission = Permission.objects.get(
+ content_type=content_type, codename="approved")
user.user_permissions.remove(permission)
return HttpResponseRedirect("ulist")
- users = User.objects.filter(groups__name=parent_group).order_by("first_name")
+ # list users with their documents
+ users = User.objects.filter(
+ groups__name=parent_group).order_by("first_name")
out = []
for user in users:
+ # list only approved users
if not user.has_perm("client.approved") and not user.is_staff:
continue
usercode = UserCode.objects.filter(user=user)[0]
- documents = Document.objects.filter(Q(user=user) & ~Q(status='archive') & Q(group__name=parent_group))
+ # get all user documents
+ documents = Document.objects.filter(Q(user=user) & ~Q(
+ status='archive') & Q(group__name=parent_group))
+
+ # encode images in base64
vac_file = ""
health_file = ""
+ sign_doc_file = ""
if usercode.medic:
if usercode.medic.vac_certificate.name:
with open(usercode.medic.vac_certificate.name, 'rb') as image_file:
@@ -215,7 +264,8 @@ def ulist(request):
if usercode.medic.health_care_certificate.name:
with open(usercode.medic.health_care_certificate.name, 'rb') as image_file:
health_file = base64.b64encode(image_file.read()).decode()
- out.append([user, usercode, parent_group, documents, vac_file, health_file])
+ out.append([user, usercode, parent_group,
+ documents, vac_file, health_file])
context = {'users': out}
return render(request, 'server/user_list.html', context)
@@ -223,9 +273,12 @@ def ulist(request):
@user_passes_test(isStaff)
def doctype(request):
context = {}
+
+ # error variables to throw at user
error = False
error_text = ""
+ # init checkboxes
public = True
selfsign = True
hidden = False
@@ -242,21 +295,28 @@ def doctype(request):
custom_check = 'checked="checked"'
message_check = 'checked="checked"'
group_check = 'checked="checked"'
+
if request.method == "POST":
selected = []
+ # if user not staff of primary get only non primary groups
if request.user.is_staff:
parent_groups = request.user.groups.values_list('name', flat=True)
else:
- parent_groups = request.user.groups.values_list('name', flat=True)[1:]
+ parent_groups = request.user.groups.values_list('name', flat=True)[
+ 1:]
+
+ # list all selected types
for i in request.POST.keys():
if i.isdigit():
docc = DocumentType.objects.get(id=i)
+ # check if user has permission
if docc.group.name in parent_groups:
selected.append(docc)
else:
error = True
error_text = "Non puoi modificare un documento non del tuo gruppo"
+ # execute action on selected types
for i in selected:
if request.POST["action"] == 'delete':
try:
@@ -271,6 +331,7 @@ def doctype(request):
i.enabled = True
i.save()
+ # check which filters are applied
public = "filter_public" in request.POST
selfsign = "filter_selfsign" in request.POST
hidden = "filter_hidden" in request.POST
@@ -280,6 +341,7 @@ def doctype(request):
message = "filter_message" in request.POST
group_bool = "filter_group" in request.POST
+ # check if request to clear filters
if request.POST["action"] == 'clear':
public = True
selfsign = True
@@ -290,15 +352,20 @@ def doctype(request):
message = True
group_bool = True
+ # group name and obj
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
+
+ # if user not staff of primary group show only public types
if request.user.is_staff:
public_types = DocumentType.objects.filter(
Q(group_private=False) | Q(group=group))
else:
public_types = DocumentType.objects.filter(
Q(group_private=False))
+
+ # apply filters
if not public:
public_types = public_types.filter(group_private=True)
public_check = ""
@@ -324,6 +391,7 @@ def doctype(request):
public_types = public_types.filter(custom_group=False)
group_check = ""
+ # get custom keys from types
out = []
for doc in public_types:
custom_keys = Keys.objects.filter(container=doc)
@@ -342,26 +410,33 @@ def doctype(request):
'group_check': group_check,
'error': error,
'error_text': error_text,
- }
+ }
return render(request, 'server/doc_type.html', context)
@user_passes_test(isStaff)
def doccreate(request):
context = {}
+
+ # if user is not staff of primary set default group to secondary and default public type
if request.user.is_staff:
groups = request.user.groups.values_list('name', flat=True)
parent_group = request.user.groups.values_list('name', flat=True)[
0]
+ group_private = False
+ private_check = 'checked="checked"'
else:
groups = request.user.groups.values_list('name', flat=True)[1:]
parent_group = request.user.groups.values_list('name', flat=True)[
1]
+ group_private = True
+ private_check = ''
+ # get group obj
group = Group.objects.get(name=parent_group)
+ # init checkboxes
enabled = False
- group_private = False
personal_data = False
medical_data = False
custom_data = False
@@ -370,22 +445,15 @@ def doccreate(request):
custom_group = ""
enabled_check = 'checked="checked"'
- private_check = 'checked="checked"'
personal_check = 'checked="checked"'
sign_check = 'checked="checked"'
medical_check = ""
custom_check = ""
custom_message_check = ""
- context = {
- "enabled_check": enabled_check,
- "private_check": private_check,
- "sign_check": sign_check,
- "personal_check": personal_check,
- "medical_check": medical_check,
- "custom_check": custom_check,
- "custom_message_check": custom_message_check,
- }
+
+ # if type create request sent
if request.method == "POST":
+ # gather inserted data
enabled = "enabled" in request.POST.keys()
auto_sign = "sign" not in request.POST.keys()
group_private = "group_private" in request.POST.keys()
@@ -397,12 +465,24 @@ def doccreate(request):
name = request.POST["name"]
custom_group = request.POST["custom_group"]
+ # if group not primary and not public throw error
+ if group_private == True and not request.user.is_staff:
+ context["error"] = "true"
+ context["error_text"] = "Non puoi creare un documento non pubblico per un gruppo non primario"
+ return render(request, 'server/doc_create.html', context)
+
+ # if already existing name throw error
if len(DocumentType.objects.filter(name=name)) > 0:
context["error"] = "true"
context["error_text"] = "Questo nome esiste già. Prego usarne un altro."
return render(request, 'server/doc_create.html', context)
+ # check if custom group permissions not met or non public document
if custom_group != "":
+ if group_private == True:
+ context["error"] = "true"
+ context["error_text"] = "Non puoi creare un documento non pubblico per un gruppo non primario"
+ return render(request, 'server/doc_create.html', context)
if custom_group not in groups:
context["error"] = "true"
context["error_text"] = "Non puoi creare un tipo assegnato ad un gruppo di cui non fai parte"
@@ -411,9 +491,12 @@ def doccreate(request):
group = Group.objects.filter(name=custom_group)[0]
custom_group_bool = True
+ # create type
doctype = DocumentType(
custom_group=custom_group_bool, auto_sign=auto_sign, custom_message=custom_message, custom_message_text=custom_message_text, name=request.POST["name"], enabled=enabled, group_private=group_private, group=group, personal_data=personal_data, medical_data=medical_data, custom_data=custom_data)
doctype.save()
+
+ # create custom keys
if custom_data:
custom = request.POST["custom"]
custom.replace("\r", "")
@@ -421,27 +504,46 @@ def doccreate(request):
for i in custom:
key = Keys(key=i, container=doctype)
key.save()
+
return HttpResponseRedirect('doctype')
+ # build context
+ context = {
+ "enabled_check": enabled_check,
+ "private_check": private_check,
+ "sign_check": sign_check,
+ "personal_check": personal_check,
+ "medical_check": medical_check,
+ "custom_check": custom_check,
+ "custom_message_check": custom_message_check,
+ }
+
return render(request, 'server/doc_create.html', context)
@user_passes_test(isStaff)
def doclist(request):
context = {}
+
+ # group name and obj
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
+ # if user not staff of primary get secondary groups
if request.user.is_staff:
parent_groups = request.user.groups.values_list('name', flat=True)
else:
parent_groups = request.user.groups.values_list('name', flat=True)[1:]
+ # create typezone
zurich = pytz.timezone('Europe/Zurich')
+
+ # init error variables for users
error = False
error_text = ""
+ # init checkboxes for filter
hidden = False
wait = True
selfsign = True
@@ -453,8 +555,12 @@ def doclist(request):
selfsign_check = 'checked="checked"'
ok_check = 'checked="checked"'
signdoc_check = 'checked="checked"'
+
+ # set default dates for filters
newer = zurich.localize(dateparser.parse("1970-01-01"))
older = zurich.localize(datetime.now())
+
+ # init chips values
owner = []
types = []
groups = []
@@ -463,28 +569,38 @@ def doclist(request):
chips_groups = []
if request.method == "POST":
+ # if download request
if request.POST["action"][0] == 'k':
document = Document.objects.get(id=request.POST["action"][1:])
+ # check if user has permission to view doc
if document.group.name in parent_groups:
vac_file = ""
health_file = ""
sign_doc_file = ""
+
+ # prepare images in base64
if document.medical_data:
if document.medical_data.vac_certificate.name:
with open(document.medical_data.vac_certificate.name, 'rb') as image_file:
- vac_file = base64.b64encode(image_file.read()).decode()
+ vac_file = base64.b64encode(
+ image_file.read()).decode()
if document.medical_data.health_care_certificate.name:
with open(document.medical_data.health_care_certificate.name, 'rb') as image_file:
- health_file = base64.b64encode(image_file.read()).decode()
-
+ health_file = base64.b64encode(
+ image_file.read()).decode()
+
if document.signed_doc:
with open(document.signed_doc.name, 'rb') as image_file:
- sign_doc_file = base64.b64encode(image_file.read()).decode()
+ sign_doc_file = base64.b64encode(
+ image_file.read()).decode()
+ # build with template and render
template = get_template('server/download_doc.html')
- doc = [document, KeyVal.objects.filter(container=document), document.personal_data, document.medical_data, parent_group]
- context = {'doc': doc, 'vac': vac_file, 'health': health_file, 'sign_doc_file': sign_doc_file}
+ doc = [document, KeyVal.objects.filter(
+ container=document), document.personal_data, document.medical_data, parent_group]
+ context = {'doc': doc, 'vac': vac_file,
+ 'health': health_file, 'sign_doc_file': sign_doc_file}
html = template.render(context)
pdf = pdfkit.from_string(html, False)
result = BytesIO(pdf)
@@ -492,6 +608,7 @@ def doclist(request):
return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
+ # get selected documents and check if user has permission to view
selected = []
for i in request.POST.keys():
if i.isdigit():
@@ -499,6 +616,7 @@ def doclist(request):
if docc.group.name in parent_groups:
selected.append(docc)
+ # execute action on selected documents
for i in selected:
if request.POST["action"] == 'delete' and settings.DEBUG:
i.delete()
@@ -522,35 +640,41 @@ def doclist(request):
else:
error = True
error_text = "Non puoi dearchiviare un documento non archiviato"
-
+
+ # get filter values
hidden = "filter_hidden" in request.POST
wait = "filter_wait" in request.POST
selfsign = "filter_selfsign" in request.POST
ok = "filter_ok" in request.POST
signdoc = "filter_signdoc" in request.POST
newer = zurich.localize(dateparser.parse(request.POST["newer"]))
- older = zurich.localize(dateparser.parse(request.POST["older"]) + timedelta(days=1))
+ older = zurich.localize(dateparser.parse(
+ request.POST["older"]) + timedelta(days=1))
owner = request.POST["owner"].split("^|")
types = request.POST["type"].split("^|")
groups = request.POST["groups"].split("^|")
+ # clear filters
if request.POST["action"] == 'clear':
hidden = False
wait = True
selfsign = True
ok = True
+ signdoc = False
newer = zurich.localize(dateparser.parse("1970-01-01"))
older = zurich.localize(datetime.now())
owner = []
types = []
groups = []
+ # filter documents based on group of staff
q_obj = Q()
for i in parent_groups:
q_obj |= Q(group__name=i)
documents = Document.objects.filter(q_obj)
+ # filter documents
if not hidden:
documents = documents.filter(~Q(status="archive"))
hidden_check = ""
@@ -566,8 +690,10 @@ def doclist(request):
if not signdoc:
signdoc_check = ""
+ # filter date range
documents = documents.filter(compilation_date__range=[newer, older])
+ # filter types, owner, groups using chips
if len(types) > 0:
if types[0] != "":
q_obj = Q()
@@ -598,14 +724,17 @@ def doclist(request):
out = []
for i in documents:
+ # filter for confirmed with attachment documents and approved
if signdoc:
if i.status == "ok" and not i.signed_doc:
continue
+ # prepare images in base64
personal = None
medical = None
vac_file = ""
health_file = ""
+ sign_doc_file = ""
if i.personal_data:
personal = i.personal_data
if i.medical_data:
@@ -618,12 +747,21 @@ def doclist(request):
with open(medical.health_care_certificate.name, 'rb') as image_file:
health_file = base64.b64encode(image_file.read()).decode()
+ if i.signed_doc:
+ with open(i.signed_doc.name, 'rb') as image_file:
+ sign_doc_file = base64.b64encode(
+ image_file.read()).decode()
+
doc_group = i.user.groups.values_list('name', flat=True)[0]
- out.append([i, KeyVal.objects.filter(container=i), personal, medical, doc_group, vac_file, health_file])
+ out.append([i, KeyVal.objects.filter(container=i), personal,
+ medical, doc_group, vac_file, health_file, sign_doc_file])
- auto_types = DocumentType.objects.filter(Q(group_private=False) | Q(group=group))
+ # get types and users for chips autocompletation
+ auto_types = DocumentType.objects.filter(
+ Q(group_private=False) | Q(group=group))
users = User.objects.filter(groups__name=parent_group)
+
context = {
"types": auto_types,
"users": users,
@@ -642,12 +780,13 @@ def doclist(request):
'error': error,
'error_text': error_text,
'settings': settings,
- }
+ }
return render(request, 'server/doc_list.html', context)
@user_passes_test(isStaff)
def upload_doc(request):
+ # setup group based on staff primary or not
parent_group = request.user.groups.values_list('name', flat=True)[
0]
group = Group.objects.get(name=parent_group)
@@ -656,12 +795,14 @@ def upload_doc(request):
else:
groups = request.user.groups.values_list('name', flat=True)[1:]
- message = ""
+ # setup variables for error text and success text
error = False
success = False
error_text = ""
success_text = ""
+
document = None
+ # parse document code and check for permissions
if request.method == "POST":
data = request.POST["code"]
if not data.isdigit():
@@ -677,7 +818,10 @@ def upload_doc(request):
error_text = "Codice invalido"
error = True
else:
+ # get document
document = Document.objects.filter(code=data)[0]
+
+ # prepare success message
if document.status == 'ok':
success_text = "File caricato"
success = True
@@ -687,11 +831,13 @@ def upload_doc(request):
success_text = "Documento approvato e file caricato"
success = True
+ # check for errors and upload files
if "doc_sign" in request.FILES and not error:
myfile = request.FILES['doc_sign']
try:
im = Image.open(myfile)
im_io = BytesIO()
+ # compress image in WEBP
im.save(im_io, 'WEBP', quality=50)
document.signed_doc.save(data+"_"+myfile.name, im_io)
document.save()
@@ -703,26 +849,29 @@ def upload_doc(request):
error_text = "Prego caricare un file"
context = {
- "message": message,
"error": error,
"error_text": error_text,
"success": success,
"success_text": success_text,
-
}
+
return render(request, 'server/upload_doc.html', context)
@user_passes_test(isStaff)
def docpreview(request):
context = {}
+ # check for permissions
if request.user.is_staff:
groups = request.user.groups.values_list('name', flat=True)
else:
groups = request.user.groups.values_list('name', flat=True)[1:]
if request.method == "POST":
+ # get document code
code = request.POST["preview"]
+
+ # check if code valid and user has permission
if not code.isdigit():
return render(request, 'server/download_doc.html', context)
if len(Document.objects.filter(code=code)) == 0:
@@ -730,7 +879,10 @@ def docpreview(request):
if Document.objects.filter(code=code)[0].group.name not in groups:
return render(request, 'server/download_doc.html', context)
+ # get document
document = Document.objects.filter(code=code)[0]
+
+ # prepare images in base64
vac_file = ""
health_file = ""
sign_doc_file = ""
@@ -746,8 +898,10 @@ def docpreview(request):
with open(document.signed_doc.name, 'rb') as image_file:
sign_doc_file = base64.b64encode(image_file.read()).decode()
- template = get_template('server/download_doc.html')
- doc = [document, KeyVal.objects.filter(container=document), document.personal_data, document.medical_data, parent_group]
- context = {'doc': doc, 'vac': vac_file, 'health': health_file, 'sign_doc_file': sign_doc_file}
+ # prepare context
+ doc = [document, KeyVal.objects.filter(
+ container=document), document.personal_data, document.medical_data, parent_group]
+ context = {'doc': doc, 'vac': vac_file,
+ 'health': health_file, 'sign_doc_file': sign_doc_file}
- return render(request, 'server/download_doc.html', context) \ No newline at end of file
+ return render(request, 'server/download_doc.html', context)