diff options
Diffstat (limited to 'server/views.py')
-rw-r--r-- | server/views.py | 45 |
1 files changed, 37 insertions, 8 deletions
diff --git a/server/views.py b/server/views.py index 9ea1d3f..c7983e2 100644 --- a/server/views.py +++ b/server/views.py @@ -915,17 +915,13 @@ def doclist(request): if i.medical_data: medical = i.medical_data if medical.vac_certificate.name: - with open(medical.vac_certificate.name, 'rb') as image_file: - vac_file = base64.b64encode(image_file.read()).decode() + vac_file = "/server/media/" + str(i.id) + "/vac_certificate" if medical.health_care_certificate.name: - with open(medical.health_care_certificate.name, 'rb') as image_file: - health_file = base64.b64encode(image_file.read()).decode() + health_file = "/server/media/" + str(i.id) + "/health_care_certificate" if i.signed_doc: - with open(i.signed_doc.name, 'rb') as image_file: - sign_doc_file = base64.b64encode( - image_file.read()).decode() + sign_doc_file = "/server/media/" + str(i.id) + "/signed_doc" doc_group = i.user.groups.values_list('name', flat=True)[0] @@ -1139,6 +1135,10 @@ def docpreview(request): document = Document.objects.filter(code=code)[0] parent_group = document.user.groups.values_list('name', flat=True)[0] + # user has not permission to view document + if parent_group not in groups: + return + # prepare images in base64 vac_file = "" health_file = "" @@ -1183,4 +1183,33 @@ def data_request(request): data += user.email + ", " data = data[:-2] context["data"] = data - return render(request, 'server/data_request.html', context)
\ No newline at end of file + return render(request, 'server/data_request.html', context) + +def media_request(request, id=0, t=""): + doc = Document.objects.get(id=id) + doc_group = doc.user.groups.values_list('name', flat=True)[0] + + # check if user can view media + if request.user.is_staff: + # user is staff + groups = request.user.groups.values_list('name', flat=True) + if doc_group not in groups: + return + elif request.user.has_perm("client.staff"): + # user is psudo-staff + groups = request.user.groups.values_list('name', flat=True)[1:] + if doc_group not in groups: + return + else: + # is normal user + if doc.user != request.user: + return + + if t == "health_care_certificate": + image_file = doc.medical_data.health_care_certificate + elif t == "vac_certificate": + image_file = doc.medical_data.vac_certificate + elif t == "signed_doc": + image_file = doc.signed_doc + + return FileResponse(image_file, filename=image_file.name)
\ No newline at end of file |