diff options
author | Andrea Lepori <alepori@student.ethz.ch> | 2021-08-19 10:42:10 +0200 |
---|---|---|
committer | Andrea Lepori <alepori@student.ethz.ch> | 2021-08-19 10:42:30 +0200 |
commit | 9fec5d58b2381a55731f0fae91a9a7fc473bbd44 (patch) | |
tree | 06769a15b26500a9ea4a5f9ef091093b130be643 | |
parent | fix group change and ucode parsing (diff) | |
download | scout-subs-9fec5d58b2381a55731f0fae91a9a7fc473bbd44.tar.gz scout-subs-9fec5d58b2381a55731f0fae91a9a7fc473bbd44.zip |
RO documents for non primary groups
Diffstat (limited to '')
-rw-r--r-- | client/templates/client/index.html | 2 | ||||
-rw-r--r-- | client/views.py | 25 | ||||
-rw-r--r-- | server/templates/server/index.html | 89 | ||||
-rw-r--r-- | server/views.py | 142 | ||||
-rw-r--r-- | templates/registration/base_client.html | 4 | ||||
-rw-r--r-- | version.txt | 2 |
6 files changed, 123 insertions, 141 deletions
diff --git a/client/templates/client/index.html b/client/templates/client/index.html index da65a0d..092fe7f 100644 --- a/client/templates/client/index.html +++ b/client/templates/client/index.html @@ -20,7 +20,7 @@ <div id="modal_capi" class="modal"> <div class="modal-content"> <h4>Attenzione</h4> - <p>Il tuo capo branca verrà notificato dell'accesso alla pagina dei documenti.<br> + <p>I capi gruppo interessati verranno notificati dell'accesso alla pagina dei documenti.<br> Sei sicuro di voler continuare? </p> </div> diff --git a/client/views.py b/client/views.py index 4b8b11d..841b254 100644 --- a/client/views.py +++ b/client/views.py @@ -1,17 +1,16 @@ -from random import randint +from django.template.loader import get_template from client.models import GroupSettings, UserCode, Keys, DocumentType, Document, PersonalData, KeyVal, MedicalData from django.db.models import Q from django.http import HttpResponseRedirect, FileResponse from django.contrib.auth.decorators import login_required - from django.shortcuts import render -from django.template.loader import get_template from io import BytesIO import pdfkit from subprocess import check_output from datetime import datetime import pytz +from random import randint def index(request): context = {} @@ -39,16 +38,18 @@ def index(request): context = {"user_code": user_code} else: # get user group - groups = request.user.groups.values_list('name', flat=True) - group = groups[0] - - # get group settings - settings = GroupSettings.objects.filter(group__name=group) + groups = request.user.groups.all() + + # check if any group has enabled RO documents + if request.user.is_staff or len(groups.filter(name="capi")) == 0: + # if user is staff then not needed + gr = [] + elif request.user.has_perm("client.staff"): + gr = GroupSettings.objects.filter(group__in=groups).filter(view_documents=True).filter(~Q(group=groups[0])) + else: + gr = GroupSettings.objects.filter(group__in=groups).filter(view_documents=True) - # check if settings exists and user is in group capi - if len(settings) != 0 and "capi" in groups: - # set settings value - group_view = settings[0].view_documents + group_view = len(gr) != 0 # user action if request.method == "POST": diff --git a/server/templates/server/index.html b/server/templates/server/index.html index a6c25aa..af95153 100644 --- a/server/templates/server/index.html +++ b/server/templates/server/index.html @@ -8,27 +8,41 @@ {% block content %} <div class="row"> - {% if user.is_staff %} <div class="col l5 s12"> <div class="card large"> - <div class="card-content"> - <p> - <table> - <tr> - <th>Username</th> - <th>Nome</th> - <th>Cognome</th> - </tr> - {% for user in users %} - <tr> - {% for att in user %} - <td>{{att}}</td> - {% endfor %} - </tr> - {% endfor %} - </table> - </p> + <div class="card-content" style="overflow: auto"> + <form id="form" action="{% url 'server'%}" method="post"> + {% csrf_token %} + <div class="row"> + <div class="col s12"> + <p> + Documenti di questo gruppo saranno visibili a persone nel gruppo capi + </p> + </div> + </div> + {% for gr in groups %} + <div class="row"> + <div class="col s12"> + <div id="select_switch" class="switch col s12"> + {{gr.0}}<br class="hide-on-med-and-up"> + <label> + No + <input name={{gr.0}} type="checkbox" {{gr.1}}> + <span class="lever"></span> + Si + </label> + </div> + </div> + </div> + {% endfor %} + <div class="row"> + <div class="col s12"> + <a class="waves-effect waves-light btn {{color}}" onclick="form.submit()"><i class="material-icons left">check</i> Applica</a> + </div> + </div> + </form> </div> + {% if user.is_staff %} <div class="card-action"> <div class="hide-on-med-and-down"> <a class="waves-effect waves-light btn {{color}}" href="{% url 'ulist' %}">Utenti</a> @@ -46,35 +60,12 @@ <a class="col s12 waves-effect waves-light btn {{color}}" href="{% url 'request' %}">Richiedi dati</a> </div> </div> + {% endif %} </div> </div> - {% endif %} - {% if user.is_staff %} <div class="col l7 s12"> - {% else %} - <div class="col s12"> - {% endif %} <div class="card large"> <div class="card-content"> - {% if user.is_staff %} - <form id="form" action="{% url 'server'%}" method="post"> - {% csrf_token %} - <div class="row"> - <div class="col s12"> - <div id="select_switch" class="switch col s12"> - Documenti visibili ad aggiunti<br class="hide-on-med-and-up"> - <label> - No - <input onclick="execute_confirm()" name="doc_view" type="checkbox" {{doc_view_check}}> - <span class="lever"></span> - Si - </label> - </div> - <a style="display: none" id="send_button" class="waves-effect waves-light btn green" onclick="form.submit()"><i class="material-icons left">check</i> Applica</a> - </div> - </div> - </form> - {% endif %} <ul class="collection"> {% for doctype in docs %} <li class="collection-item"> @@ -116,18 +107,4 @@ </div> </div> </div> -{% endblock %} - -{% block script %} -function execute_confirm() { - var selection = document.getElementById('select_switch') - var button = document.getElementById('send_button') - selection.style.display = "none" - button.style.display = "inline-block" - {% if doc_view_check == 'checked="checked"'%} - button.innerHTML = "Applica (gli aggiunti <b>NON</b> potranno vedere i documenti)" - {% else %} - button.innerHTML = "Applica (gli aggiunti <b>POTRANNO</b> vedere i documenti)" - {% endif %} -} {% endblock %}
\ No newline at end of file diff --git a/server/views.py b/server/views.py index d34ebb3..54f1352 100644 --- a/server/views.py +++ b/server/views.py @@ -48,54 +48,58 @@ def isCapi_enabled(user): @user_passes_test(isStaff)
def index(request):
context = {}
- # primary group name + object
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
- # check for settings
- doc_view_check = ""
- settings = GroupSettings.objects.filter(group__name=group)
+ # if user is staff of not primary show only public types
+ if request.user.is_staff:
+ groups = request.user.groups.all()
- # create settings if non existing
- if len(settings) == 0:
- settings = GroupSettings(group=group, view_documents=False)
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) | Q(group=groups[0]) & Q(enabled=True)).order_by("-id")
else:
- settings = settings[0]
+ groups = request.user.groups.all()[1:]
- if settings.view_documents:
- doc_view_check = 'checked="checked"'
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) & Q(enabled=True)).order_by("-id")
- # check if changing settings
- if request.method == "POST" and request.user.is_staff:
- if "doc_view" in request.POST:
- settings.view_documents = True
- settings.save()
+ # check for settings
+ group_check = []
+ for i in groups:
+ if i.name == "capi":
+ continue
+
+ doc_view_check = ""
+ settings = GroupSettings.objects.filter(group=i)
+
+ # create settings if non existing
+ if len(settings) == 0:
+ settings = GroupSettings(group=i, view_documents=False)
else:
- settings.view_documents = False
- settings.save()
+ settings = settings[0]
- return HttpResponseRedirect("/server")
+ if settings.view_documents:
+ doc_view_check = 'checked="checked"'
+
+ group_check.append([i.name, doc_view_check])
- # users from younger to older
- users = User.objects.filter(groups__name=parent_group).order_by("-id")
- users_out = []
+ # check if changing settings
+ if request.method == "POST" and request.user.is_staff:
+ for i in groups:
+ settings = GroupSettings.objects.filter(group=i)
- # only send part of the user data, only if user is approved
- for user in users:
- if not user.has_perm("client.approved") and not user.is_staff:
- continue
+ # create settings if non existing
+ if len(settings) == 0:
+ settings = GroupSettings(group=i, view_documents=False)
+ else:
+ settings = settings[0]
- users_out.append([user.username, user.first_name,
- user.last_name])
+ if i.name in request.POST:
+ settings.view_documents = True
+ settings.save()
+ else:
+ settings.view_documents = False
+ settings.save()
- # if user is staff of not primary show only public types
- if request.user.is_staff:
- public_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group) & Q(enabled=True)).order_by("-id")
- else:
- public_types = DocumentType.objects.filter(
- Q(group_private=False) & Q(enabled=True)).order_by("-id")
+ return HttpResponseRedirect("/server")
# count documents of that type to show statistics
docs = []
@@ -108,17 +112,12 @@ def index(request): doc_count += "/" + str(doc.max_instances)
docs.append([doc, doc_count])
- # don't list users if user is staff of not primary
- if request.user.is_staff:
- context = {
- 'docs': docs,
- 'users': users_out,
- }
- else:
- context = {
- 'docs': docs,
- }
- context["doc_view_check"] = doc_view_check
+ context = {
+ 'docs': docs,
+ 'groups': group_check,
+ 'doc_view_check': doc_view_check,
+ }
+
return render(request, 'server/index.html', context)
@@ -318,6 +317,7 @@ def ulist(request): out.append([user, usercode, parent_group,
documents, vac_file, health_file, "capi" in user.groups.values_list('name',flat = True)])
+
context = {'users': out}
return render(request, 'server/user_list.html', context)
@@ -1134,24 +1134,27 @@ def doclist_readonly(request): context = {}
# group name and obj
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
+ groups = request.user.groups.all()
+ if request.user.is_staff:
+ groups_view = []
+ elif request.user.has_perm("client.staff"):
+ groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group=groups[0]).filter(view_documents=True)))
+ else:
+ groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group__in=groups).filter(view_documents=True)))
- # send alert
- users = User.objects.filter(groups__name=parent_group).filter(is_staff=True)
- user_emails = []
+ perm = Permission.objects.get(codename='staff')
- for i in users:
- user_emails.append(i.email)
+ for i in groups_view:
+ # get all users that are part of the group and are administrators but not request.user
+ emails = User.objects.filter(groups__name=i).filter(Q(is_staff=True) | Q(user_permissions=perm)).filter(~Q(id=request.user.id)).values_list("email", flat=True)
- send_mail(
- 'Attenzione! ' + request.user.username + ' ha visionato i documenti della branca',
- "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità ai tuoi aggiunti di visionare i documenti e un tuo aggiunto ha visionato dei documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.",
- settings.DEFAULT_FROM_EMAIL,
- user_emails,
- fail_silently=False,
- )
+ send_mail(
+ 'Attenzione! ' + request.user.username + ' ha visionato i documenti del gruppo "' + i.name + '"',
+ "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità a persone del gruppo capi di visionare i documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.",
+ settings.DEFAULT_FROM_EMAIL,
+ emails,
+ fail_silently=False,
+ )
# create typezone
@@ -1191,7 +1194,7 @@ def doclist_readonly(request): if request.POST["action"][0] == 'k':
document = Document.objects.get(id=request.POST["action"][1:])
# check if user has permission to view doc
- if document.group.name == parent_group:
+ if document.group in groups_view:
vac_file = ""
health_file = ""
sign_doc_file = ""
@@ -1230,7 +1233,7 @@ def doclist_readonly(request): for i in request.POST.keys():
if i.isdigit():
docc = Document.objects.get(id=i)
- if docc.group.name == parent_group:
+ if docc.group in groups_view:
selected.append(docc)
# get filter values
@@ -1260,7 +1263,7 @@ def doclist_readonly(request): groups = []
# filter documents based on group of staff
- documents = Document.objects.filter(group__name=parent_group)
+ documents = Document.objects.filter(group__in=groups_view)
# filter documents
if not hidden:
@@ -1311,6 +1314,7 @@ def doclist_readonly(request): documents = documents.filter(q_obj)
out = []
+ users = []
for i in documents:
# filter for confirmed with attachment documents and approved
if signdoc:
@@ -1338,18 +1342,18 @@ def doclist_readonly(request): doc_group = i.user.groups.values_list('name', flat=True)[0]
+ users.append(i.user)
out.append([i, KeyVal.objects.filter(container=i), personal,
medical, doc_group, vac_file, health_file, sign_doc_file])
# get types and users for chips autocompletation
auto_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group))
- users = User.objects.filter(groups__name=parent_group)
+ Q(group_private=False) | Q(group__in=groups_view))
context = {
"types": auto_types,
"users": users,
- "groups": [parent_group],
+ "groups": groups_view,
"docs": out,
"hidden_check": hidden_check,
"wait_check": wait_check,
diff --git a/templates/registration/base_client.html b/templates/registration/base_client.html index edf4d2b..3e251a2 100644 --- a/templates/registration/base_client.html +++ b/templates/registration/base_client.html @@ -86,7 +86,7 @@ {% endblock %} <ul class="right"> {% if user.is_authenticated %} - {% if group_view and not user.is_staff %} + {% if group_view %} <li class="hide-on-small-only"><a class="modal-trigger" href="#modal_capi">Lista documenti</a></li> {% endif %} {% if user.is_staff or perms.client.staff %} @@ -97,7 +97,7 @@ {% if user.is_staff or perms.client.staff %} <li class="tooltipped hide-on-med-and-up" data-position="bottom" data-tooltip="Pannello Admin" class="hide-on-med-and-up"><a href="{% url 'server' %}"><i class="material-icons">build</i></a></li> {% endif %} - {% if group_view and not user.is_staff %} + {% if group_view %} <li class="tooltipped hide-on-med-and-up" data-position="bottom" data-tooltip="Lista documenti" class="hide-on-med-and-up"><a class="modal-trigger" href="#modal_capi"><i class="material-icons">list</i></a></li> {% endif %} <li class="tooltipped" data-position="bottom" data-tooltip="Informazioni"><a href="{% url 'about' %}"><i class="material-icons">info_outline</i></a></li> diff --git a/version.txt b/version.txt index 5bb24a7..b78418a 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.3 -rev=8 +rev=9 |