aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--accounts/templates/accounts/user_edit.html2
-rw-r--r--accounts/views.py8
-rw-r--r--client/templates/client/doc_create.html2
-rw-r--r--client/templates/client/index.html4
-rw-r--r--client/views.py12
-rw-r--r--version.txt2
6 files changed, 16 insertions, 14 deletions
diff --git a/accounts/templates/accounts/user_edit.html b/accounts/templates/accounts/user_edit.html
index 3c4cada..a2d0b3b 100644
--- a/accounts/templates/accounts/user_edit.html
+++ b/accounts/templates/accounts/user_edit.html
@@ -15,7 +15,7 @@
</div>
</div>
-<form action="{% url 'edit_user' code=ucode %}?saved=true" method="post" id="form1" enctype="multipart/form-data">
+<form action="{% url 'edit_user' code=ucode_id %}?saved=true" method="post" id="form1" enctype="multipart/form-data">
<div id="personal" class="row">
<div class="col l8 offset-l2 s12">
<div class="card-panel">
diff --git a/accounts/views.py b/accounts/views.py
index c174fe8..a68e3c4 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -451,8 +451,9 @@ def edit(request, code):
# if render before save this is a dummy never used
medic = MedicalData()
usercode = [UserCode(user=request.user, code=code, medic=medic, branca=None)]
+ code = 0
else:
- usercode = UserCode.objects.filter(code=code)
+ usercode = UserCode.objects.filter(id=code)
if (len(usercode) == 0):
# no avaiable code, create dummy
@@ -741,10 +742,13 @@ def edit(request, code):
# show tooltip only if user is not approved and there are no errors
home_tooltip = (len(errors) == 0)
- print("date", usercode.born_date)
+ ucode_id = usercode.id
+ if ucode_id == None:
+ ucode_id = 0
# fill context
context = {
+ 'ucode_id': ucode_id,
'ucode': code,
'validation_dic': validation_dic,
'first_name': usercode.first_name,
diff --git a/client/templates/client/doc_create.html b/client/templates/client/doc_create.html
index a6efae8..9649a73 100644
--- a/client/templates/client/doc_create.html
+++ b/client/templates/client/doc_create.html
@@ -13,7 +13,7 @@
<div class="col l8 offset-l2 s12">
<div class="card-panel">
<div class="row">
- <form id="form" action="{% url 'create' code=uc.code %}" method="post" class="col s12">
+ <form id="form" action="{% url 'create' code=uc.id %}" method="post" class="col s12">
{% csrf_token %}
<input type="hidden" name="action" id="action">
{% if not next %}
diff --git a/client/templates/client/index.html b/client/templates/client/index.html
index 1acdd8c..41f709c 100644
--- a/client/templates/client/index.html
+++ b/client/templates/client/index.html
@@ -35,7 +35,7 @@
<div class="card">
<div class="card-content">
<span class="card-title">
- <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.code %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
+ <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.id %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
<div style="font-size: 0.5em; line-height: normal;">{{data.0.born_date}}</div>
</span>
{% if data.1|length > 0 %}
@@ -440,7 +440,7 @@
</div>
</div>
{% else %}
-<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.code %}"><i class="material-icons">add</i></a>
+<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.id %}"><i class="material-icons">add</i></a>
{% endif %}
</div>
</div>
diff --git a/client/views.py b/client/views.py
index 4646843..43d54c2 100644
--- a/client/views.py
+++ b/client/views.py
@@ -140,7 +140,7 @@ def index(request):
@login_required
def create(request, code):
context = {}
- usercode = UserCode.objects.filter(user=request.user, code=code)
+ usercode = UserCode.objects.filter(id=code, user=request.user)
if (len(usercode) == 0):
# the user has no person
return HttpResponseRedirect("/")
@@ -217,7 +217,6 @@ def create(request, code):
return HttpResponseRedirect("/")
# set default values
- code = 0
status = "wait"
personal_data = None
medical_data = None
@@ -271,17 +270,14 @@ def edit(request):
@login_required
def edit_wrapper(request, context):
if request.method == "POST":
- usercode = UserCode.objects.filter(user=request.user)[0]
- if usercode.midata_id > 0:
- if not copy_from_midata(request, usercode):
- return HttpResponseRedirect(request.path_info)
+ usercodes = UserCode.objects.filter(user=request.user)
if "action" not in request.POST.keys():
# get document
document = Document.objects.get(id=request.POST["doc"])
# check if user has permission
- if document.user != request.user:
+ if document.usercode not in usercodes:
return HttpResponseRedirect("/")
# check if document is editable
@@ -289,6 +285,8 @@ def edit_wrapper(request, context):
# user is cheating
return HttpResponseRedirect("/")
+ usercode = document.usercode
+
# update compilation date
document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now())
document.save(update_fields=["compilation_date"])
diff --git a/version.txt b/version.txt
index 732342c..1b12cc5 100644
--- a/version.txt
+++ b/version.txt
@@ -1,2 +1,2 @@
version=0.7
-rev=18
+rev=19