From 65ebc99e76becf72a40dc1c1f4b420ceeedc1a98 Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Sun, 28 Jan 2024 12:52:55 +0100 Subject: use usercode id instead of code --- accounts/templates/accounts/user_edit.html | 2 +- accounts/views.py | 8 ++++++-- client/templates/client/doc_create.html | 2 +- client/templates/client/index.html | 4 ++-- client/views.py | 12 +++++------- version.txt | 2 +- 6 files changed, 16 insertions(+), 14 deletions(-) diff --git a/accounts/templates/accounts/user_edit.html b/accounts/templates/accounts/user_edit.html index 3c4cada..a2d0b3b 100644 --- a/accounts/templates/accounts/user_edit.html +++ b/accounts/templates/accounts/user_edit.html @@ -15,7 +15,7 @@ -
+
diff --git a/accounts/views.py b/accounts/views.py index c174fe8..a68e3c4 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -451,8 +451,9 @@ def edit(request, code): # if render before save this is a dummy never used medic = MedicalData() usercode = [UserCode(user=request.user, code=code, medic=medic, branca=None)] + code = 0 else: - usercode = UserCode.objects.filter(code=code) + usercode = UserCode.objects.filter(id=code) if (len(usercode) == 0): # no avaiable code, create dummy @@ -741,10 +742,13 @@ def edit(request, code): # show tooltip only if user is not approved and there are no errors home_tooltip = (len(errors) == 0) - print("date", usercode.born_date) + ucode_id = usercode.id + if ucode_id == None: + ucode_id = 0 # fill context context = { + 'ucode_id': ucode_id, 'ucode': code, 'validation_dic': validation_dic, 'first_name': usercode.first_name, diff --git a/client/templates/client/doc_create.html b/client/templates/client/doc_create.html index a6efae8..9649a73 100644 --- a/client/templates/client/doc_create.html +++ b/client/templates/client/doc_create.html @@ -13,7 +13,7 @@
- + {% csrf_token %} {% if not next %} diff --git a/client/templates/client/index.html b/client/templates/client/index.html index 1acdd8c..41f709c 100644 --- a/client/templates/client/index.html +++ b/client/templates/client/index.html @@ -35,7 +35,7 @@
-

{{data.0.first_name}} {{data.0.last_name}}edit

+

{{data.0.first_name}} {{data.0.last_name}}edit

{{data.0.born_date}}
 {% if data.1|length > 0 %} @@ -440,7 +440,7 @@
{% else %} -add +add {% endif %}
diff --git a/client/views.py b/client/views.py index 4646843..43d54c2 100644 --- a/client/views.py +++ b/client/views.py @@ -140,7 +140,7 @@ def index(request): @login_required def create(request, code): context = {} - usercode = UserCode.objects.filter(user=request.user, code=code) + usercode = UserCode.objects.filter(id=code, user=request.user) if (len(usercode) == 0): # the user has no person return HttpResponseRedirect("/") @@ -217,7 +217,6 @@ def create(request, code): return HttpResponseRedirect("/") # set default values - code = 0 status = "wait" personal_data = None medical_data = None @@ -271,17 +270,14 @@ def edit(request): @login_required def edit_wrapper(request, context): if request.method == "POST": - usercode = UserCode.objects.filter(user=request.user)[0] - if usercode.midata_id > 0: - if not copy_from_midata(request, usercode): - return HttpResponseRedirect(request.path_info) + usercodes = UserCode.objects.filter(user=request.user) if "action" not in request.POST.keys(): # get document document = Document.objects.get(id=request.POST["doc"]) # check if user has permission - if document.user != request.user: + if document.usercode not in usercodes: return HttpResponseRedirect("/") # check if document is editable @@ -289,6 +285,8 @@ def edit_wrapper(request, context): # user is cheating return HttpResponseRedirect("/") + usercode = document.usercode + # update compilation date document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now()) document.save(update_fields=["compilation_date"]) diff --git a/version.txt b/version.txt index 732342c..1b12cc5 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.7 -rev=18 +rev=19 -- cgit v1.2.1