From 65ebc99e76becf72a40dc1c1f4b420ceeedc1a98 Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Sun, 28 Jan 2024 12:52:55 +0100 Subject: use usercode id instead of code --- client/views.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'client/views.py') diff --git a/client/views.py b/client/views.py index 4646843..43d54c2 100644 --- a/client/views.py +++ b/client/views.py @@ -140,7 +140,7 @@ def index(request): @login_required def create(request, code): context = {} - usercode = UserCode.objects.filter(user=request.user, code=code) + usercode = UserCode.objects.filter(id=code, user=request.user) if (len(usercode) == 0): # the user has no person return HttpResponseRedirect("/") @@ -217,7 +217,6 @@ def create(request, code): return HttpResponseRedirect("/") # set default values - code = 0 status = "wait" personal_data = None medical_data = None @@ -271,17 +270,14 @@ def edit(request): @login_required def edit_wrapper(request, context): if request.method == "POST": - usercode = UserCode.objects.filter(user=request.user)[0] - if usercode.midata_id > 0: - if not copy_from_midata(request, usercode): - return HttpResponseRedirect(request.path_info) + usercodes = UserCode.objects.filter(user=request.user) if "action" not in request.POST.keys(): # get document document = Document.objects.get(id=request.POST["doc"]) # check if user has permission - if document.user != request.user: + if document.usercode not in usercodes: return HttpResponseRedirect("/") # check if document is editable @@ -289,6 +285,8 @@ def edit_wrapper(request, context): # user is cheating return HttpResponseRedirect("/") + usercode = document.usercode + # update compilation date document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now()) document.save(update_fields=["compilation_date"]) -- cgit v1.2.1