aboutsummaryrefslogtreecommitdiffstats
path: root/client
diff options
context:
space:
mode:
Diffstat (limited to 'client')
-rw-r--r--client/templates/client/doc_create.html2
-rw-r--r--client/templates/client/index.html4
-rw-r--r--client/views.py12
3 files changed, 8 insertions, 10 deletions
diff --git a/client/templates/client/doc_create.html b/client/templates/client/doc_create.html
index a6efae8..9649a73 100644
--- a/client/templates/client/doc_create.html
+++ b/client/templates/client/doc_create.html
@@ -13,7 +13,7 @@
<div class="col l8 offset-l2 s12">
<div class="card-panel">
<div class="row">
- <form id="form" action="{% url 'create' code=uc.code %}" method="post" class="col s12">
+ <form id="form" action="{% url 'create' code=uc.id %}" method="post" class="col s12">
{% csrf_token %}
<input type="hidden" name="action" id="action">
{% if not next %}
diff --git a/client/templates/client/index.html b/client/templates/client/index.html
index 1acdd8c..41f709c 100644
--- a/client/templates/client/index.html
+++ b/client/templates/client/index.html
@@ -35,7 +35,7 @@
<div class="card">
<div class="card-content">
<span class="card-title">
- <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.code %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
+ <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.id %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
<div style="font-size: 0.5em; line-height: normal;">{{data.0.born_date}}</div>
</span>
{% if data.1|length > 0 %}
@@ -440,7 +440,7 @@
</div>
</div>
{% else %}
-<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.code %}"><i class="material-icons">add</i></a>
+<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.id %}"><i class="material-icons">add</i></a>
{% endif %}
</div>
</div>
diff --git a/client/views.py b/client/views.py
index 4646843..43d54c2 100644
--- a/client/views.py
+++ b/client/views.py
@@ -140,7 +140,7 @@ def index(request):
@login_required
def create(request, code):
context = {}
- usercode = UserCode.objects.filter(user=request.user, code=code)
+ usercode = UserCode.objects.filter(id=code, user=request.user)
if (len(usercode) == 0):
# the user has no person
return HttpResponseRedirect("/")
@@ -217,7 +217,6 @@ def create(request, code):
return HttpResponseRedirect("/")
# set default values
- code = 0
status = "wait"
personal_data = None
medical_data = None
@@ -271,17 +270,14 @@ def edit(request):
@login_required
def edit_wrapper(request, context):
if request.method == "POST":
- usercode = UserCode.objects.filter(user=request.user)[0]
- if usercode.midata_id > 0:
- if not copy_from_midata(request, usercode):
- return HttpResponseRedirect(request.path_info)
+ usercodes = UserCode.objects.filter(user=request.user)
if "action" not in request.POST.keys():
# get document
document = Document.objects.get(id=request.POST["doc"])
# check if user has permission
- if document.user != request.user:
+ if document.usercode not in usercodes:
return HttpResponseRedirect("/")
# check if document is editable
@@ -289,6 +285,8 @@ def edit_wrapper(request, context):
# user is cheating
return HttpResponseRedirect("/")
+ usercode = document.usercode
+
# update compilation date
document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now())
document.save(update_fields=["compilation_date"])