6 files changed, 16 insertions, 14 deletions

diff --git a/accounts/templates/accounts/user_edit.html b/accounts/templates/accounts/user_edit.html
index 3c4cada..a2d0b3b 100644
--- a/accounts/templates/accounts/user_edit.html
+++ b/accounts/templates/accounts/user_edit.html
@@ -15,7 +15,7 @@
   </div>
 </div>
 
-<form action="{% url 'edit_user' code=ucode %}?saved=true" method="post" id="form1" enctype="multipart/form-data">
+<form action="{% url 'edit_user' code=ucode_id %}?saved=true" method="post" id="form1" enctype="multipart/form-data">
 <div id="personal" class="row">
   <div class="col l8 offset-l2 s12">
     <div class="card-panel">
diff --git a/accounts/views.py b/accounts/views.py
index c174fe8..a68e3c4 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -451,8 +451,9 @@ def edit(request, code):
         # if render before save this is a dummy never used
         medic = MedicalData()
         usercode = [UserCode(user=request.user, code=code, medic=medic, branca=None)]
+        code = 0
     else:
-        usercode = UserCode.objects.filter(code=code)
+        usercode = UserCode.objects.filter(id=code)
 
     if (len(usercode) == 0):
         # no avaiable code, create dummy
@@ -741,10 +742,13 @@ def edit(request, code):
         # show tooltip only if user is not approved and there are no errors
         home_tooltip = (len(errors) == 0)
 
-    print("date", usercode.born_date)
+    ucode_id = usercode.id
+    if ucode_id == None:
+        ucode_id = 0
 
     # fill context
     context = {
+        'ucode_id': ucode_id,
         'ucode': code,
         'validation_dic': validation_dic,
         'first_name': usercode.first_name,
diff --git a/client/templates/client/doc_create.html b/client/templates/client/doc_create.html
index a6efae8..9649a73 100644
--- a/client/templates/client/doc_create.html
+++ b/client/templates/client/doc_create.html
@@ -13,7 +13,7 @@
   <div class="col l8 offset-l2 s12">
     <div class="card-panel">
       <div class="row">
-        <form id="form" action="{% url 'create' code=uc.code %}" method="post" class="col s12">
+        <form id="form" action="{% url 'create' code=uc.id %}" method="post" class="col s12">
           {% csrf_token %}
           <input type="hidden" name="action" id="action">
           {% if not next %}
diff --git a/client/templates/client/index.html b/client/templates/client/index.html
index 1acdd8c..41f709c 100644
--- a/client/templates/client/index.html
+++ b/client/templates/client/index.html
@@ -35,7 +35,7 @@
       <div class="card">
         <div class="card-content">
       <span class="card-title">
-        <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.code %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
+        <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.id %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
         <div style="font-size: 0.5em; line-height: normal;">{{data.0.born_date}}</div>
       </span>
 {% if data.1|length > 0 %}
@@ -440,7 +440,7 @@
   </div>
 </div>
 {% else %}
-<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.code %}"><i class="material-icons">add</i></a>
+<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.id %}"><i class="material-icons">add</i></a>
 {% endif %}
       </div>
     </div>
diff --git a/client/views.py b/client/views.py
index 4646843..43d54c2 100644
--- a/client/views.py
+++ b/client/views.py
@@ -140,7 +140,7 @@ def index(request):
 @login_required
 def create(request, code):
     context = {}
-    usercode = UserCode.objects.filter(user=request.user, code=code)
+    usercode = UserCode.objects.filter(id=code, user=request.user)
     if (len(usercode) == 0):
         # the user has no person
         return HttpResponseRedirect("/")
@@ -217,7 +217,6 @@ def create(request, code):
                 return HttpResponseRedirect("/")
 
             # set default values
-            code = 0
             status = "wait"
             personal_data = None
             medical_data = None
@@ -271,17 +270,14 @@ def edit(request):
 @login_required
 def edit_wrapper(request, context):
     if request.method == "POST":
-        usercode = UserCode.objects.filter(user=request.user)[0]
-        if usercode.midata_id > 0:
-            if not copy_from_midata(request, usercode):
-                return HttpResponseRedirect(request.path_info)
+        usercodes = UserCode.objects.filter(user=request.user)
 
         if "action" not in request.POST.keys():
             # get document
             document = Document.objects.get(id=request.POST["doc"])
 
             # check if user has permission
-            if document.user != request.user:
+            if document.usercode not in usercodes:
                 return HttpResponseRedirect("/")
 
             # check if document is editable
@@ -289,6 +285,8 @@ def edit_wrapper(request, context):
                 # user is cheating
                 return HttpResponseRedirect("/")
 
+            usercode = document.usercode
+
             # update compilation date
             document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now())
             document.save(update_fields=["compilation_date"])
diff --git a/version.txt b/version.txt
index 732342c..1b12cc5 100644
--- a/version.txt
+++ b/version.txt
@@ -1,2 +1,2 @@
 version=0.7
-rev=18
+rev=19