diff options
| author | Andrea Lepori <aleporia@gmail.com> | 2023-07-28 18:41:53 +0200 |
|---|---|---|
| committer | Andrea Lepori <aleporia@gmail.com> | 2023-07-28 18:41:54 +0200 |
| commit | e4f13143282b51ed743d018b4b62956ccb0401a2 (patch) | |
| tree | b1c08d9d4d9f6d5b304683dbbf356634e3676167 | |
| parent | improve style admin page (diff) | |
| download | scout-subs-e4f13143282b51ed743d018b4b62956ccb0401a2.tar.gz scout-subs-e4f13143282b51ed743d018b4b62956ccb0401a2.zip | |
fix incorrect user access for new uc
| -rw-r--r-- | server/templates/server/download_doc.html | 6 | ||||
| -rw-r--r-- | server/views.py | 39 | ||||
| -rw-r--r-- | version.txt | 2 |
3 files changed, 24 insertions, 23 deletions
diff --git a/server/templates/server/download_doc.html b/server/templates/server/download_doc.html index 4e48b2c..c5fa930 100644 --- a/server/templates/server/download_doc.html +++ b/server/templates/server/download_doc.html @@ -36,11 +36,11 @@ <br><br> <div class="row"> <div class="input-field col l4 s12"> - <input placeholder=" " value="{{doc.0.user.first_name}}" id="first_name" type="text" > + <input placeholder=" " value="{{doc.0.usercode.first_name}}" id="first_name" type="text" > <label class="active" for="first_name">Nome</label> </div> <div class="input-field col l4 s12"> - <input placeholder=" " value="{{doc.0.user.last_name}}" id="last_name" type="text" > + <input placeholder=" " value="{{doc.0.usercode.last_name}}" id="last_name" type="text" > <label class="active" for="last_name">Cognome</label> </div> <div class="input-field col l4 s12"> @@ -48,7 +48,7 @@ <label class="active" for="birth_date">Data di nascita</label> </div> <div class="input-field col l4 s12"> - <input placeholder=" " value="{{doc.4}}" id="branca" type="text"> + <input placeholder=" " value="{{doc.0.usercode.branca}}" id="branca" type="text"> <label class="active" for="branca">Branca</label> </div> <div class="input-field col l4 s12"> diff --git a/server/views.py b/server/views.py index d44ac66..5deb101 100644 --- a/server/views.py +++ b/server/views.py @@ -550,10 +550,10 @@ def doctype(request): capo = "si"
write_data = [
- doc.user.first_name,
- doc.user.last_name,
- doc.user.email,
- doc.user.groups.values_list('name', flat=True)[0],
+ doc.usercode.first_name,
+ doc.usercode.last_name,
+ doc.usercode.user.email,
+ doc.usercode.branca.name,
capo,
doc.status,
doc.compilation_date,
@@ -620,10 +620,10 @@ def doctype(request): capo = "si"
write_data = [
- doc.user.first_name,
- doc.user.last_name,
- doc.user.email,
- doc.user.groups.values_list('name', flat=True)[0],
+ doc.usercode.first_name,
+ doc.usercode.last_name,
+ doc.usercode.user.email,
+ doc.usercode.branca,
capo,
doc.status,
doc.compilation_date,
@@ -1135,14 +1135,14 @@ def doclist(request, type_id): # build with template and render
template = get_template('server/download_doc.html')
doc = [document, KeyVal.objects.filter(
- container=document), document.personal_data, document.medical_data, document.user.groups.values_list('name', flat=True)[0]]
+ container=document), document.personal_data, document.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
html = template.render(context)
pdf = pdfkit.from_string(html, False)
result = BytesIO(pdf)
result.seek(0)
- return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
+ return FileResponse(result, as_attachment=True, filename=document.usercode.first_name+"_"+document.usercode.last_name+"_"+document.document_type.name+".pdf")
# get selected documents and check if user has permission to view
selected = []
@@ -1231,6 +1231,7 @@ def doclist(request, type_id): if len(owner) > 0:
if owner[0] != "":
+ # TODO fix me, this probably doesn't work anymore
q_obj &= Q(user__username__in=list(map(lambda x: x.split("(")[0][:-1], owner)))
chips_owner += owner
@@ -1287,8 +1288,7 @@ def doclist(request, type_id): # check if download multiple documents
if request.method == "POST":
- if "status" not in request.session:
- request.session['status'] = True
+ request.session['status'] = True
if request.POST["action"] == "download" and len(selected) > 0 and request.session['status']:
# save data in session
@@ -1410,6 +1410,7 @@ def doclist_table(request, type_id): if len(owner) > 0:
if owner[0] != "":
+ # TODO fix me, this probably doesn't work anymore
q_obj &= Q(user__username__in=list(map(lambda x: x.split("(")[0][:-1], owner)))
chips_owner += owner
@@ -1545,14 +1546,14 @@ def doclist_readonly(request): # build with template and render
template = get_template('server/download_doc.html')
doc = [document, KeyVal.objects.filter(
- container=document), document.personal_data, document.medical_data, document.user.groups.values_list('name', flat=True)[0]]
+ container=document), document.personal_data, document.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
html = template.render(context)
pdf = pdfkit.from_string(html, False)
result = BytesIO(pdf)
result.seek(0)
- return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
+ return FileResponse(result, as_attachment=True, filename=document.usercode.first_name+"_"+document.usercode.last_name+"_"+document.document_type.name+".pdf")
# get selected documents and check if user has permission to view
selected = []
@@ -1617,6 +1618,7 @@ def doclist_readonly(request): if len(owner) > 0:
if owner[0] != "":
+ # TODO: fixme this probably doesn't work
q_obj &= Q(user__username__in=list(map(lambda x: x.split("(")[0][:-1], owner)))
chips_owner += owner
@@ -1724,14 +1726,14 @@ def zip_documents(docs, session_key): template = get_template('server/download_doc.html')
doc = [i, KeyVal.objects.filter(
- container=i), i.personal_data, i.medical_data, i.user.groups.values_list('name', flat=True)[0]]
+ container=i), i.personal_data, i.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
# render context
html = template.render(context)
# render pdf using wkhtmltopdf
pdf = pdfkit.from_string(html, False)
- filename = i.user.username+"_"+i.document_type.name+".pdf"
+ filename = i.usercode.first_name+"_"+i.usercode.last_name+"_"+i.document_type.name+".pdf"
# append file
files.append((filename, pdf))
session['progress'] += 1
@@ -1839,7 +1841,6 @@ def docpreview(request): # get document
document = Document.objects.filter(code=code)[0]
doc_group = document.group
- parent_group = document.user.groups.values_list('name', flat=True)[0]
# user has not permission to view document
if doc_group not in groups:
@@ -1863,7 +1864,7 @@ def docpreview(request): # prepare context
doc = [document, KeyVal.objects.filter(
- container=document), document.personal_data, document.medical_data, parent_group]
+ container=document), document.personal_data, document.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
@@ -2043,7 +2044,7 @@ def media_request(request, id=0, t="", flag=""): return
else:
# is normal user
- if doc.user != request.user and not group_view:
+ if doc.usercode.user != request.user and not group_view:
return
if t == "health_care_certificate":
diff --git a/version.txt b/version.txt index 13ea4c0..394a39f 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.6 -rev=41 +rev=42 |