aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorAndrea Lepori <aleporia@gmail.com>2023-07-28 18:41:53 +0200
committerAndrea Lepori <aleporia@gmail.com>2023-07-28 18:41:54 +0200
commite4f13143282b51ed743d018b4b62956ccb0401a2 (patch)
treeb1c08d9d4d9f6d5b304683dbbf356634e3676167 /server
parentimprove style admin page (diff)
downloadscout-subs-e4f13143282b51ed743d018b4b62956ccb0401a2.tar.gz
scout-subs-e4f13143282b51ed743d018b4b62956ccb0401a2.zip
fix incorrect user access for new uc
Diffstat (limited to 'server')
-rw-r--r--server/templates/server/download_doc.html6
-rw-r--r--server/views.py39
2 files changed, 23 insertions, 22 deletions
diff --git a/server/templates/server/download_doc.html b/server/templates/server/download_doc.html
index 4e48b2c..c5fa930 100644
--- a/server/templates/server/download_doc.html
+++ b/server/templates/server/download_doc.html
@@ -36,11 +36,11 @@
<br><br>
<div class="row">
<div class="input-field col l4 s12">
- <input placeholder=" " value="{{doc.0.user.first_name}}" id="first_name" type="text" >
+ <input placeholder=" " value="{{doc.0.usercode.first_name}}" id="first_name" type="text" >
<label class="active" for="first_name">Nome</label>
</div>
<div class="input-field col l4 s12">
- <input placeholder=" " value="{{doc.0.user.last_name}}" id="last_name" type="text" >
+ <input placeholder=" " value="{{doc.0.usercode.last_name}}" id="last_name" type="text" >
<label class="active" for="last_name">Cognome</label>
</div>
<div class="input-field col l4 s12">
@@ -48,7 +48,7 @@
<label class="active" for="birth_date">Data di nascita</label>
</div>
<div class="input-field col l4 s12">
- <input placeholder=" " value="{{doc.4}}" id="branca" type="text">
+ <input placeholder=" " value="{{doc.0.usercode.branca}}" id="branca" type="text">
<label class="active" for="branca">Branca</label>
</div>
<div class="input-field col l4 s12">
diff --git a/server/views.py b/server/views.py
index d44ac66..5deb101 100644
--- a/server/views.py
+++ b/server/views.py
@@ -550,10 +550,10 @@ def doctype(request):
capo = "si"
write_data = [
- doc.user.first_name,
- doc.user.last_name,
- doc.user.email,
- doc.user.groups.values_list('name', flat=True)[0],
+ doc.usercode.first_name,
+ doc.usercode.last_name,
+ doc.usercode.user.email,
+ doc.usercode.branca.name,
capo,
doc.status,
doc.compilation_date,
@@ -620,10 +620,10 @@ def doctype(request):
capo = "si"
write_data = [
- doc.user.first_name,
- doc.user.last_name,
- doc.user.email,
- doc.user.groups.values_list('name', flat=True)[0],
+ doc.usercode.first_name,
+ doc.usercode.last_name,
+ doc.usercode.user.email,
+ doc.usercode.branca,
capo,
doc.status,
doc.compilation_date,
@@ -1135,14 +1135,14 @@ def doclist(request, type_id):
# build with template and render
template = get_template('server/download_doc.html')
doc = [document, KeyVal.objects.filter(
- container=document), document.personal_data, document.medical_data, document.user.groups.values_list('name', flat=True)[0]]
+ container=document), document.personal_data, document.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
html = template.render(context)
pdf = pdfkit.from_string(html, False)
result = BytesIO(pdf)
result.seek(0)
- return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
+ return FileResponse(result, as_attachment=True, filename=document.usercode.first_name+"_"+document.usercode.last_name+"_"+document.document_type.name+".pdf")
# get selected documents and check if user has permission to view
selected = []
@@ -1231,6 +1231,7 @@ def doclist(request, type_id):
if len(owner) > 0:
if owner[0] != "":
+ # TODO fix me, this probably doesn't work anymore
q_obj &= Q(user__username__in=list(map(lambda x: x.split("(")[0][:-1], owner)))
chips_owner += owner
@@ -1287,8 +1288,7 @@ def doclist(request, type_id):
# check if download multiple documents
if request.method == "POST":
- if "status" not in request.session:
- request.session['status'] = True
+ request.session['status'] = True
if request.POST["action"] == "download" and len(selected) > 0 and request.session['status']:
# save data in session
@@ -1410,6 +1410,7 @@ def doclist_table(request, type_id):
if len(owner) > 0:
if owner[0] != "":
+ # TODO fix me, this probably doesn't work anymore
q_obj &= Q(user__username__in=list(map(lambda x: x.split("(")[0][:-1], owner)))
chips_owner += owner
@@ -1545,14 +1546,14 @@ def doclist_readonly(request):
# build with template and render
template = get_template('server/download_doc.html')
doc = [document, KeyVal.objects.filter(
- container=document), document.personal_data, document.medical_data, document.user.groups.values_list('name', flat=True)[0]]
+ container=document), document.personal_data, document.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
html = template.render(context)
pdf = pdfkit.from_string(html, False)
result = BytesIO(pdf)
result.seek(0)
- return FileResponse(result, as_attachment=True, filename=document.user.username+"_"+document.document_type.name+".pdf")
+ return FileResponse(result, as_attachment=True, filename=document.usercode.first_name+"_"+document.usercode.last_name+"_"+document.document_type.name+".pdf")
# get selected documents and check if user has permission to view
selected = []
@@ -1617,6 +1618,7 @@ def doclist_readonly(request):
if len(owner) > 0:
if owner[0] != "":
+ # TODO: fixme this probably doesn't work
q_obj &= Q(user__username__in=list(map(lambda x: x.split("(")[0][:-1], owner)))
chips_owner += owner
@@ -1724,14 +1726,14 @@ def zip_documents(docs, session_key):
template = get_template('server/download_doc.html')
doc = [i, KeyVal.objects.filter(
- container=i), i.personal_data, i.medical_data, i.user.groups.values_list('name', flat=True)[0]]
+ container=i), i.personal_data, i.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
# render context
html = template.render(context)
# render pdf using wkhtmltopdf
pdf = pdfkit.from_string(html, False)
- filename = i.user.username+"_"+i.document_type.name+".pdf"
+ filename = i.usercode.first_name+"_"+i.usercode.last_name+"_"+i.document_type.name+".pdf"
# append file
files.append((filename, pdf))
session['progress'] += 1
@@ -1839,7 +1841,6 @@ def docpreview(request):
# get document
document = Document.objects.filter(code=code)[0]
doc_group = document.group
- parent_group = document.user.groups.values_list('name', flat=True)[0]
# user has not permission to view document
if doc_group not in groups:
@@ -1863,7 +1864,7 @@ def docpreview(request):
# prepare context
doc = [document, KeyVal.objects.filter(
- container=document), document.personal_data, document.medical_data, parent_group]
+ container=document), document.personal_data, document.medical_data]
context = {'doc': doc, 'vac': vac_file,
'health': health_file, 'sign_doc_file': sign_doc_file}
@@ -2043,7 +2044,7 @@ def media_request(request, id=0, t="", flag=""):
return
else:
# is normal user
- if doc.user != request.user and not group_view:
+ if doc.usercode.user != request.user and not group_view:
return
if t == "health_care_certificate":