aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2021-08-19 10:42:10 +0200
committerAndrea Lepori <alepori@student.ethz.ch>2021-08-19 10:42:30 +0200
commit9fec5d58b2381a55731f0fae91a9a7fc473bbd44 (patch)
tree06769a15b26500a9ea4a5f9ef091093b130be643 /server
parentfix group change and ucode parsing (diff)
downloadscout-subs-9fec5d58b2381a55731f0fae91a9a7fc473bbd44.tar.gz
scout-subs-9fec5d58b2381a55731f0fae91a9a7fc473bbd44.zip
RO documents for non primary groups
Diffstat (limited to '')
-rw-r--r--server/templates/server/index.html89
-rw-r--r--server/views.py142
2 files changed, 106 insertions, 125 deletions
diff --git a/server/templates/server/index.html b/server/templates/server/index.html
index a6c25aa..af95153 100644
--- a/server/templates/server/index.html
+++ b/server/templates/server/index.html
@@ -8,27 +8,41 @@
{% block content %}
<div class="row">
- {% if user.is_staff %}
<div class="col l5 s12">
<div class="card large">
- <div class="card-content">
- <p>
- <table>
- <tr>
- <th>Username</th>
- <th>Nome</th>
- <th>Cognome</th>
- </tr>
- {% for user in users %}
- <tr>
- {% for att in user %}
- <td>{{att}}</td>
- {% endfor %}
- </tr>
- {% endfor %}
- </table>
- </p>
+ <div class="card-content" style="overflow: auto">
+ <form id="form" action="{% url 'server'%}" method="post">
+ {% csrf_token %}
+ <div class="row">
+ <div class="col s12">
+ <p>
+ Documenti di questo gruppo saranno visibili a persone nel gruppo capi
+ </p>
+ </div>
+ </div>
+ {% for gr in groups %}
+ <div class="row">
+ <div class="col s12">
+ <div id="select_switch" class="switch col s12">
+ {{gr.0}}<br class="hide-on-med-and-up">
+ <label>
+ No
+ <input name={{gr.0}} type="checkbox" {{gr.1}}>
+ <span class="lever"></span>
+ Si
+ </label>
+ </div>
+ </div>
+ </div>
+ {% endfor %}
+ <div class="row">
+ <div class="col s12">
+ <a class="waves-effect waves-light btn {{color}}" onclick="form.submit()"><i class="material-icons left">check</i> Applica</a>
+ </div>
+ </div>
+ </form>
</div>
+ {% if user.is_staff %}
<div class="card-action">
<div class="hide-on-med-and-down">
<a class="waves-effect waves-light btn {{color}}" href="{% url 'ulist' %}">Utenti</a>
@@ -46,35 +60,12 @@
<a class="col s12 waves-effect waves-light btn {{color}}" href="{% url 'request' %}">Richiedi dati</a>
</div>
</div>
+ {% endif %}
</div>
</div>
- {% endif %}
- {% if user.is_staff %}
<div class="col l7 s12">
- {% else %}
- <div class="col s12">
- {% endif %}
<div class="card large">
<div class="card-content">
- {% if user.is_staff %}
- <form id="form" action="{% url 'server'%}" method="post">
- {% csrf_token %}
- <div class="row">
- <div class="col s12">
- <div id="select_switch" class="switch col s12">
- Documenti visibili ad aggiunti<br class="hide-on-med-and-up">
- <label>
- No
- <input onclick="execute_confirm()" name="doc_view" type="checkbox" {{doc_view_check}}>
- <span class="lever"></span>
- Si
- </label>
- </div>
- <a style="display: none" id="send_button" class="waves-effect waves-light btn green" onclick="form.submit()"><i class="material-icons left">check</i> Applica</a>
- </div>
- </div>
- </form>
- {% endif %}
<ul class="collection">
{% for doctype in docs %}
<li class="collection-item">
@@ -116,18 +107,4 @@
</div>
</div>
</div>
-{% endblock %}
-
-{% block script %}
-function execute_confirm() {
- var selection = document.getElementById('select_switch')
- var button = document.getElementById('send_button')
- selection.style.display = "none"
- button.style.display = "inline-block"
- {% if doc_view_check == 'checked="checked"'%}
- button.innerHTML = "Applica (gli aggiunti <b>NON</b> potranno vedere i documenti)"
- {% else %}
- button.innerHTML = "Applica (gli aggiunti <b>POTRANNO</b> vedere i documenti)"
- {% endif %}
-}
{% endblock %} \ No newline at end of file
diff --git a/server/views.py b/server/views.py
index d34ebb3..54f1352 100644
--- a/server/views.py
+++ b/server/views.py
@@ -48,54 +48,58 @@ def isCapi_enabled(user):
@user_passes_test(isStaff)
def index(request):
context = {}
- # primary group name + object
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
- # check for settings
- doc_view_check = ""
- settings = GroupSettings.objects.filter(group__name=group)
+ # if user is staff of not primary show only public types
+ if request.user.is_staff:
+ groups = request.user.groups.all()
- # create settings if non existing
- if len(settings) == 0:
- settings = GroupSettings(group=group, view_documents=False)
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) | Q(group=groups[0]) & Q(enabled=True)).order_by("-id")
else:
- settings = settings[0]
+ groups = request.user.groups.all()[1:]
- if settings.view_documents:
- doc_view_check = 'checked="checked"'
+ public_types = DocumentType.objects.filter(
+ Q(group_private=False) & Q(enabled=True)).order_by("-id")
- # check if changing settings
- if request.method == "POST" and request.user.is_staff:
- if "doc_view" in request.POST:
- settings.view_documents = True
- settings.save()
+ # check for settings
+ group_check = []
+ for i in groups:
+ if i.name == "capi":
+ continue
+
+ doc_view_check = ""
+ settings = GroupSettings.objects.filter(group=i)
+
+ # create settings if non existing
+ if len(settings) == 0:
+ settings = GroupSettings(group=i, view_documents=False)
else:
- settings.view_documents = False
- settings.save()
+ settings = settings[0]
- return HttpResponseRedirect("/server")
+ if settings.view_documents:
+ doc_view_check = 'checked="checked"'
+
+ group_check.append([i.name, doc_view_check])
- # users from younger to older
- users = User.objects.filter(groups__name=parent_group).order_by("-id")
- users_out = []
+ # check if changing settings
+ if request.method == "POST" and request.user.is_staff:
+ for i in groups:
+ settings = GroupSettings.objects.filter(group=i)
- # only send part of the user data, only if user is approved
- for user in users:
- if not user.has_perm("client.approved") and not user.is_staff:
- continue
+ # create settings if non existing
+ if len(settings) == 0:
+ settings = GroupSettings(group=i, view_documents=False)
+ else:
+ settings = settings[0]
- users_out.append([user.username, user.first_name,
- user.last_name])
+ if i.name in request.POST:
+ settings.view_documents = True
+ settings.save()
+ else:
+ settings.view_documents = False
+ settings.save()
- # if user is staff of not primary show only public types
- if request.user.is_staff:
- public_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group) & Q(enabled=True)).order_by("-id")
- else:
- public_types = DocumentType.objects.filter(
- Q(group_private=False) & Q(enabled=True)).order_by("-id")
+ return HttpResponseRedirect("/server")
# count documents of that type to show statistics
docs = []
@@ -108,17 +112,12 @@ def index(request):
doc_count += "/" + str(doc.max_instances)
docs.append([doc, doc_count])
- # don't list users if user is staff of not primary
- if request.user.is_staff:
- context = {
- 'docs': docs,
- 'users': users_out,
- }
- else:
- context = {
- 'docs': docs,
- }
- context["doc_view_check"] = doc_view_check
+ context = {
+ 'docs': docs,
+ 'groups': group_check,
+ 'doc_view_check': doc_view_check,
+ }
+
return render(request, 'server/index.html', context)
@@ -318,6 +317,7 @@ def ulist(request):
out.append([user, usercode, parent_group,
documents, vac_file, health_file, "capi" in user.groups.values_list('name',flat = True)])
+
context = {'users': out}
return render(request, 'server/user_list.html', context)
@@ -1134,24 +1134,27 @@ def doclist_readonly(request):
context = {}
# group name and obj
- parent_group = request.user.groups.values_list('name', flat=True)[
- 0]
- group = Group.objects.get(name=parent_group)
+ groups = request.user.groups.all()
+ if request.user.is_staff:
+ groups_view = []
+ elif request.user.has_perm("client.staff"):
+ groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group=groups[0]).filter(view_documents=True)))
+ else:
+ groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group__in=groups).filter(view_documents=True)))
- # send alert
- users = User.objects.filter(groups__name=parent_group).filter(is_staff=True)
- user_emails = []
+ perm = Permission.objects.get(codename='staff')
- for i in users:
- user_emails.append(i.email)
+ for i in groups_view:
+ # get all users that are part of the group and are administrators but not request.user
+ emails = User.objects.filter(groups__name=i).filter(Q(is_staff=True) | Q(user_permissions=perm)).filter(~Q(id=request.user.id)).values_list("email", flat=True)
- send_mail(
- 'Attenzione! ' + request.user.username + ' ha visionato i documenti della branca',
- "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità ai tuoi aggiunti di visionare i documenti e un tuo aggiunto ha visionato dei documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.",
- settings.DEFAULT_FROM_EMAIL,
- user_emails,
- fail_silently=False,
- )
+ send_mail(
+ 'Attenzione! ' + request.user.username + ' ha visionato i documenti del gruppo "' + i.name + '"',
+ "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità a persone del gruppo capi di visionare i documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.",
+ settings.DEFAULT_FROM_EMAIL,
+ emails,
+ fail_silently=False,
+ )
# create typezone
@@ -1191,7 +1194,7 @@ def doclist_readonly(request):
if request.POST["action"][0] == 'k':
document = Document.objects.get(id=request.POST["action"][1:])
# check if user has permission to view doc
- if document.group.name == parent_group:
+ if document.group in groups_view:
vac_file = ""
health_file = ""
sign_doc_file = ""
@@ -1230,7 +1233,7 @@ def doclist_readonly(request):
for i in request.POST.keys():
if i.isdigit():
docc = Document.objects.get(id=i)
- if docc.group.name == parent_group:
+ if docc.group in groups_view:
selected.append(docc)
# get filter values
@@ -1260,7 +1263,7 @@ def doclist_readonly(request):
groups = []
# filter documents based on group of staff
- documents = Document.objects.filter(group__name=parent_group)
+ documents = Document.objects.filter(group__in=groups_view)
# filter documents
if not hidden:
@@ -1311,6 +1314,7 @@ def doclist_readonly(request):
documents = documents.filter(q_obj)
out = []
+ users = []
for i in documents:
# filter for confirmed with attachment documents and approved
if signdoc:
@@ -1338,18 +1342,18 @@ def doclist_readonly(request):
doc_group = i.user.groups.values_list('name', flat=True)[0]
+ users.append(i.user)
out.append([i, KeyVal.objects.filter(container=i), personal,
medical, doc_group, vac_file, health_file, sign_doc_file])
# get types and users for chips autocompletation
auto_types = DocumentType.objects.filter(
- Q(group_private=False) | Q(group=group))
- users = User.objects.filter(groups__name=parent_group)
+ Q(group_private=False) | Q(group__in=groups_view))
context = {
"types": auto_types,
"users": users,
- "groups": [parent_group],
+ "groups": groups_view,
"docs": out,
"hidden_check": hidden_check,
"wait_check": wait_check,