aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2021-08-19 10:42:10 +0200
committerAndrea Lepori <alepori@student.ethz.ch>2021-08-19 10:42:30 +0200
commit9fec5d58b2381a55731f0fae91a9a7fc473bbd44 (patch)
tree06769a15b26500a9ea4a5f9ef091093b130be643
parentfix group change and ucode parsing (diff)
downloadscout-subs-9fec5d58b2381a55731f0fae91a9a7fc473bbd44.tar.gz
scout-subs-9fec5d58b2381a55731f0fae91a9a7fc473bbd44.zip
RO documents for non primary groups
-rw-r--r--client/templates/client/index.html2
-rw-r--r--client/views.py25
-rw-r--r--server/templates/server/index.html89
-rw-r--r--server/views.py142
-rw-r--r--templates/registration/base_client.html4
-rw-r--r--version.txt2
6 files changed, 123 insertions, 141 deletions
diff --git a/client/templates/client/index.html b/client/templates/client/index.html
index da65a0d..092fe7f 100644
--- a/client/templates/client/index.html
+++ b/client/templates/client/index.html
@@ -20,7 +20,7 @@
<div id="modal_capi" class="modal">
<div class="modal-content">
<h4>Attenzione</h4>
- <p>Il tuo capo branca verrà notificato dell'accesso alla pagina dei documenti.<br>
+ <p>I capi gruppo interessati verranno notificati dell'accesso alla pagina dei documenti.<br>
Sei sicuro di voler continuare?
</p>
</div>
diff --git a/client/views.py b/client/views.py
index 4b8b11d..841b254 100644
--- a/client/views.py
+++ b/client/views.py
@@ -1,17 +1,16 @@
-from random import randint
+from django.template.loader import get_template
from client.models import GroupSettings, UserCode, Keys, DocumentType, Document, PersonalData, KeyVal, MedicalData
from django.db.models import Q
from django.http import HttpResponseRedirect, FileResponse
from django.contrib.auth.decorators import login_required
-
from django.shortcuts import render
-from django.template.loader import get_template
from io import BytesIO
import pdfkit
from subprocess import check_output
from datetime import datetime
import pytz
+from random import randint
def index(request):
context = {}
@@ -39,16 +38,18 @@ def index(request):
context = {"user_code": user_code}
else:
# get user group
- groups = request.user.groups.values_list('name', flat=True)
- group = groups[0]
-
- # get group settings
- settings = GroupSettings.objects.filter(group__name=group)
+ groups = request.user.groups.all()
+
+ # check if any group has enabled RO documents
+ if request.user.is_staff or len(groups.filter(name="capi")) == 0:
+ # if user is staff then not needed
+ gr = []
+ elif request.user.has_perm("client.staff"):
+ gr = GroupSettings.objects.filter(group__in=groups).filter(view_documents=True).filter(~Q(group=groups[0]))
+ else:
+ gr = GroupSettings.objects.filter(group__in=groups).filter(view_documents=True)
- # check if settings exists and user is in group capi
- if len(settings) != 0 and "capi" in groups:
- # set settings value
- group_view = settings[0].view_documents
+ group_view = len(gr) != 0
# user action
if request.method == "POST":
diff --git a/server/templates/server/index.html b/server/templates/server/index.html
index a6c25aa..af95153 100644
--- a/server/templates/server/index.html
+++ b/server/templates/server/index.html
@@ -8,27 +8,41 @@
{% block content %}
<div class="row">
- {% if user.is_staff %}
<div class="col l5 s12">
<div class="card large">
- <div class="card-content">
- <p>
- <table>
- <tr>
- <th>Username</th>
- <th>Nome</th>
- <th>Cognome</th>
- </tr>
- {% for user in users %}
- <tr>
- {% for att in user %}
- <td>{{att}}</td>
- {% endfor %}
- </tr>
- {% endfor %}
- </table>
- </p>
+ <div class="card-content" style="overflow: auto">
+ <form id="form" action="{% url 'server'%}" method="post">
+ {% csrf_token %}
+ <div class="row">
+ <div class="col s12">
+ <p>
+ Documenti di questo gruppo saranno visibili a persone nel gruppo capi
+ </p>
+ </div>
+ </div>
+ {% for gr in groups %}
+ <div class="row">
+ <div class="col s12">
+ <div id="select_switch" class="switch col s12">
+ {{gr.0}}<br class="hide-on-med-and-up">
+ <label>
+ No
+ <input name={{gr.0}} type="checkbox" {{gr.1}}>
+ <span class="lever"></span>
+ Si
+ </label>
+ </div>
+ </div>
+ </div>
+ {% endfor %}
+ <div class="row">
+ <div class="col s12">
+ <a class="waves-effect waves-light btn {{color}}" onclick="form.submit()"><i class="material-icons left">check</i> Applica</a>
+ </div>
+ </div>
+ </form>
</div>
+ {% if user.is_staff %}
<div class="card-action">
<div class="hide-on-med-and-down">
<a class="waves-effect waves-light btn {{color}}" href="{% url 'ulist' %}">Utenti</a>
@@ -46,35 +60,12 @@
<a class="col s12 waves-effect waves-light btn {{color}}" href="{% url 'request' %}">Richiedi dati</a>
</div>
</div>
+ {% endif %}
</div>
</div>
- {% endif %}
- {% if user.is_staff %}
<div class="col l7 s12">
- {% else %}
- <div class="col s12">
- {% endif %}
<div class="card large">
<div class="card-content">
- {% if user.is_staff %}
- <form id="form" action="{% url 'server'%}" method="post">
- {% csrf_token %}
- <div class="row">
- <div class="col s12">
- <div id="select_switch" class="switch col s12">
- Documenti visibili ad aggiunti<br class="hide-on-med-and-up">
- <label>
- No
- <input onclick="execute_confirm()" name="doc_view" type="checkbox" {{doc_view_check}}>
- <span class="lever"></span>
- Si
- </label>
- </div>
- <a style="display: none" id="send_button" class="waves-effect waves-light btn green" onclick="form.submit()"><i class="material-icons left">check</i> Applica</a>
- </div>
- </div>
- </form>
- {% endif %}
<ul class="collection">
{% for doctype in docs %}
<li class="collection-item">
@@ -116,18 +107,4 @@
</div>
</div>
</div>
-{% endblock %}
-
-{% block script %}
-function execute_confirm() {
- var selection = document.getElementById('select_switch')
- var button = document.getElementById('send_button')
- selection.style.display = "none"
- button.style.display = "inline-block"
- {% if doc_view_check == 'checked="checked"'%}
- button.innerHTML = "Applica (gli aggiunti <b>NON</b> potranno vedere i documenti)"
- {% else %}
- button.innerHTML = "Applica (gli aggiunti <b>POTRANNO</b> vedere i documenti)"
- {% endif %}
-}
{% endblock %} \ No newline at end of file
diff --git a/server/views.py b/server/views.py
index d34ebb3..54f1352 100644
--- a/server/views.py
+++ b/server/views.py
@@ -48,54 +48,58 @@ def isCapi_enabled(user):
@user_passes_test(isStaff)
def index(request):
context = {}
- # primary group name + object
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
- # check for settings
- doc_view_check = ""
- settings = GroupSettings.objects.filter(group__name=group)
+ # if user is staff of not primary show only public types
+ if request.user.is_staff:
+ groups = request.user.groups.all()
- # create settings if non existing
- if len(settings) == 0:
- settings = GroupSettings(group=group, view_documents=False)
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) | Q(group=groups[0]) & Q(enabled=True)).order_by("-id")
else:
- settings = settings[0]
+ groups = request.user.groups.all()[1:]
- if settings.view_documents:
- doc_view_check = 'checked="checked"'
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) & Q(enabled=True)).order_by("-id")
- # check if changing settings
- if request.method == "POST" and request.user.is_staff:
- if "doc_view" in request.POST:
- settings.view_documents = True
- settings.save()
+ # check for settings
+ group_check = []
+ for i in groups:
+ if i.name == "capi":
+ continue
+
+ doc_view_check = ""
+ settings = GroupSettings.objects.filter(group=i)
+
+ # create settings if non existing
+ if len(settings) == 0:
+ settings = GroupSettings(group=i, view_documents=False)
else:
- settings.view_documents = False
- settings.save()
+ settings = settings[0]
- return HttpResponseRedirect("/server")
+ if settings.view_documents:
+ doc_view_check = 'checked="checked"'
+
+ group_check.append([i.name, doc_view_check])
- # users from younger to older
- users = User.objects.filter(groups__name=parent_group).order_by("-id")
- users_out = []
+ # check if changing settings
+ if request.method == "POST" and request.user.is_staff:
+ for i in groups:
+ settings = GroupSettings.objects.filter(group=i)
- # only send part of the user data, only if user is approved
- for user in users:
- if not user.has_perm("client.approved") and not user.is_staff:
- continue
+ # create settings if non existing
+ if len(settings) == 0:
+ settings = GroupSettings(group=i, view_documents=False)
+ else:
+ settings = settings[0]
- users_out.append([user.username, user.first_name,
- user.last_name])
+ if i.name in request.POST:
+ settings.view_documents = True
+ settings.save()
+ else:
+ settings.view_documents = False
+ settings.save()
- # if user is staff of not primary show only public types
- if request.user.is_staff:
- public_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group) & Q(enabled=True)).order_by("-id")
- else:
- public_types = DocumentType.objects.filter(
- Q(group_private=False) & Q(enabled=True)).order_by("-id")
+ return HttpResponseRedirect("/server")
# count documents of that type to show statistics
docs = []
@@ -108,17 +112,12 @@ def index(request):
doc_count += "/" + str(doc.max_instances)
docs.append([doc, doc_count])
- # don't list users if user is staff of not primary
- if request.user.is_staff:
- context = {
- 'docs': docs,
- 'users': users_out,
- }
- else:
- context = {
- 'docs': docs,
- }
- context["doc_view_check"] = doc_view_check
+ context = {
+ 'docs': docs,
+ 'groups': group_check,
+ 'doc_view_check': doc_view_check,
+ }
+
return render(request, 'server/index.html', context)
@@ -318,6 +317,7 @@ def ulist(request):
out.append([user, usercode, parent_group,
documents, vac_file, health_file, "capi" in user.groups.values_list('name',flat = True)])
+
context = {'users': out}
return render(request, 'server/user_list.html', context)
@@ -1134,24 +1134,27 @@ def doclist_readonly(request):
context = {}
# group name and obj
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
+ groups = request.user.groups.all()
+ if request.user.is_staff:
+ groups_view = []
+ elif request.user.has_perm("client.staff"):
+ groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group=groups[0]).filter(view_documents=True)))
+ else:
+ groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group__in=groups).filter(view_documents=True)))
- # send alert
- users = User.objects.filter(groups__name=parent_group).filter(is_staff=True)
- user_emails = []
+ perm = Permission.objects.get(codename='staff')
- for i in users:
- user_emails.append(i.email)
+ for i in groups_view:
+ # get all users that are part of the group and are administrators but not request.user
+ emails = User.objects.filter(groups__name=i).filter(Q(is_staff=True) | Q(user_permissions=perm)).filter(~Q(id=request.user.id)).values_list("email", flat=True)
- send_mail(
- 'Attenzione! ' + request.user.username + ' ha visionato i documenti della branca',
- "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità ai tuoi aggiunti di visionare i documenti e un tuo aggiunto ha visionato dei documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.",
- settings.DEFAULT_FROM_EMAIL,
- user_emails,
- fail_silently=False,
- )
+ send_mail(
+ 'Attenzione! ' + request.user.username + ' ha visionato i documenti del gruppo "' + i.name + '"',
+ "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità a persone del gruppo capi di visionare i documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.",
+ settings.DEFAULT_FROM_EMAIL,
+ emails,
+ fail_silently=False,
+ )
# create typezone
@@ -1191,7 +1194,7 @@ def doclist_readonly(request):
if request.POST["action"][0] == 'k':
document = Document.objects.get(id=request.POST["action"][1:])
# check if user has permission to view doc
- if document.group.name == parent_group:
+ if document.group in groups_view:
vac_file = ""
health_file = ""
sign_doc_file = ""
@@ -1230,7 +1233,7 @@ def doclist_readonly(request):
for i in request.POST.keys():
if i.isdigit():
docc = Document.objects.get(id=i)
- if docc.group.name == parent_group:
+ if docc.group in groups_view:
selected.append(docc)
# get filter values
@@ -1260,7 +1263,7 @@ def doclist_readonly(request):
groups = []
# filter documents based on group of staff
- documents = Document.objects.filter(group__name=parent_group)
+ documents = Document.objects.filter(group__in=groups_view)
# filter documents
if not hidden:
@@ -1311,6 +1314,7 @@ def doclist_readonly(request):
documents = documents.filter(q_obj)
out = []
+ users = []
for i in documents:
# filter for confirmed with attachment documents and approved
if signdoc:
@@ -1338,18 +1342,18 @@ def doclist_readonly(request):
doc_group = i.user.groups.values_list('name', flat=True)[0]
+ users.append(i.user)
out.append([i, KeyVal.objects.filter(container=i), personal,
medical, doc_group, vac_file, health_file, sign_doc_file])
# get types and users for chips autocompletation
auto_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group))
- users = User.objects.filter(groups__name=parent_group)
+ Q(group_private=False) | Q(group__in=groups_view))
context = {
"types": auto_types,
"users": users,
- "groups": [parent_group],
+ "groups": groups_view,
"docs": out,
"hidden_check": hidden_check,
"wait_check": wait_check,
diff --git a/templates/registration/base_client.html b/templates/registration/base_client.html
index edf4d2b..3e251a2 100644
--- a/templates/registration/base_client.html
+++ b/templates/registration/base_client.html
@@ -86,7 +86,7 @@
{% endblock %}
<ul class="right">
{% if user.is_authenticated %}
- {% if group_view and not user.is_staff %}
+ {% if group_view %}
<li class="hide-on-small-only"><a class="modal-trigger" href="#modal_capi">Lista documenti</a></li>
{% endif %}
{% if user.is_staff or perms.client.staff %}
@@ -97,7 +97,7 @@
{% if user.is_staff or perms.client.staff %}
<li class="tooltipped hide-on-med-and-up" data-position="bottom" data-tooltip="Pannello Admin" class="hide-on-med-and-up"><a href="{% url 'server' %}"><i class="material-icons">build</i></a></li>
{% endif %}
- {% if group_view and not user.is_staff %}
+ {% if group_view %}
<li class="tooltipped hide-on-med-and-up" data-position="bottom" data-tooltip="Lista documenti" class="hide-on-med-and-up"><a class="modal-trigger" href="#modal_capi"><i class="material-icons">list</i></a></li>
{% endif %}
<li class="tooltipped" data-position="bottom" data-tooltip="Informazioni"><a href="{% url 'about' %}"><i class="material-icons">info_outline</i></a></li>
diff --git a/version.txt b/version.txt
index 5bb24a7..b78418a 100644
--- a/version.txt
+++ b/version.txt
@@ -1,2 +1,2 @@
version=0.3
-rev=8
+rev=9