aboutsummaryrefslogtreecommitdiffstats
path: root/client/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'client/views.py')
-rw-r--r--client/views.py31
1 files changed, 28 insertions, 3 deletions
diff --git a/client/views.py b/client/views.py
index 8b0ac7b..821bc9b 100644
--- a/client/views.py
+++ b/client/views.py
@@ -15,7 +15,6 @@ from subprocess import check_output
from datetime import datetime
import pytz
-
def index(request):
context = {}
# check if user is logged
@@ -138,8 +137,11 @@ def create(request):
group = Group.objects.get(name=parent_group)
# get available types for user
- doctypes = DocumentType.objects.filter(
- (Q(group_private=False) | Q(group=group)) & Q(enabled=True))
+ filter = (Q(group_private=False) | Q(group=group)) & Q(enabled=True)
+ if not request.user.is_staff and "capi" not in request.user.groups.values_list('name',flat = True):
+ filter = filter & Q(staff_only=False)
+
+ doctypes = DocumentType.objects.filter(filter)
out = []
for doc in doctypes:
# check if user has already that document type
@@ -159,7 +161,15 @@ def create(request):
context['next'] = True
document_type = DocumentType.objects.get(
id=request.POST["doctype"])
+
context['doctype'] = document_type
+
+ # check if there are still free spaces
+ context['no_free_places'] = False
+ if document_type.max_instances != 0:
+ if len(Document.objects.filter(document_type=document_type)) - len(Document.objects.filter(document_type=document_type, status="archive")) >= document_type.max_instances:
+ context['no_free_places'] = True
+
context['personal_data'] = document_type.personal_data
context['medical_data'] = document_type.medical_data
context['custom_data'] = document_type.custom_data
@@ -177,6 +187,21 @@ def create(request):
document_type = DocumentType.objects.get(
id=request.POST["doctype"])
+ # check if there are free spaces
+ if document_type.max_instances != 0:
+ if len(Document.objects.filter(document_type=document_type)) - len(Document.objects.filter(document_type=document_type, status="archive")) >= document_type.max_instances:
+ # there aren't user is cheating
+ return
+
+ # check if user has permission to use that type
+ if document_type.staff_only and not request.user.is_staff and "capi" not in request.user.groups.values_list('name', flat = True):
+ # user is cheating abort
+ return
+
+ if not document_type.custom_group and document_type.group.name not in request.user.groups.values_list('name', flat=True):
+ # user is cheating abort
+ return
+
# get list of docs with that type
current_docs = Document.objects.filter(user=request.user).filter(document_type=document_type)
if len(current_docs) > 0: