aboutsummaryrefslogtreecommitdiffstats
path: root/client/views.py
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--client/views.py12
1 files changed, 5 insertions, 7 deletions
diff --git a/client/views.py b/client/views.py
index 4646843..43d54c2 100644
--- a/client/views.py
+++ b/client/views.py
@@ -140,7 +140,7 @@ def index(request):
@login_required
def create(request, code):
context = {}
- usercode = UserCode.objects.filter(user=request.user, code=code)
+ usercode = UserCode.objects.filter(id=code, user=request.user)
if (len(usercode) == 0):
# the user has no person
return HttpResponseRedirect("/")
@@ -217,7 +217,6 @@ def create(request, code):
return HttpResponseRedirect("/")
# set default values
- code = 0
status = "wait"
personal_data = None
medical_data = None
@@ -271,17 +270,14 @@ def edit(request):
@login_required
def edit_wrapper(request, context):
if request.method == "POST":
- usercode = UserCode.objects.filter(user=request.user)[0]
- if usercode.midata_id > 0:
- if not copy_from_midata(request, usercode):
- return HttpResponseRedirect(request.path_info)
+ usercodes = UserCode.objects.filter(user=request.user)
if "action" not in request.POST.keys():
# get document
document = Document.objects.get(id=request.POST["doc"])
# check if user has permission
- if document.user != request.user:
+ if document.usercode not in usercodes:
return HttpResponseRedirect("/")
# check if document is editable
@@ -289,6 +285,8 @@ def edit_wrapper(request, context):
# user is cheating
return HttpResponseRedirect("/")
+ usercode = document.usercode
+
# update compilation date
document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now())
document.save(update_fields=["compilation_date"])