From 65ebc99e76becf72a40dc1c1f4b420ceeedc1a98 Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Sun, 28 Jan 2024 12:52:55 +0100 Subject: use usercode id instead of code --- client/templates/client/doc_create.html | 2 +- client/templates/client/index.html | 4 ++-- client/views.py | 12 +++++------- 3 files changed, 8 insertions(+), 10 deletions(-) (limited to 'client') diff --git a/client/templates/client/doc_create.html b/client/templates/client/doc_create.html index a6efae8..9649a73 100644 --- a/client/templates/client/doc_create.html +++ b/client/templates/client/doc_create.html @@ -13,7 +13,7 @@
-
+ {% csrf_token %} {% if not next %} diff --git a/client/templates/client/index.html b/client/templates/client/index.html index 1acdd8c..41f709c 100644 --- a/client/templates/client/index.html +++ b/client/templates/client/index.html @@ -35,7 +35,7 @@
-

{{data.0.first_name}} {{data.0.last_name}}edit

+

{{data.0.first_name}} {{data.0.last_name}}edit

{{data.0.born_date}}
{% if data.1|length > 0 %} @@ -440,7 +440,7 @@
{% else %} -add +add {% endif %}
diff --git a/client/views.py b/client/views.py index 4646843..43d54c2 100644 --- a/client/views.py +++ b/client/views.py @@ -140,7 +140,7 @@ def index(request): @login_required def create(request, code): context = {} - usercode = UserCode.objects.filter(user=request.user, code=code) + usercode = UserCode.objects.filter(id=code, user=request.user) if (len(usercode) == 0): # the user has no person return HttpResponseRedirect("/") @@ -217,7 +217,6 @@ def create(request, code): return HttpResponseRedirect("/") # set default values - code = 0 status = "wait" personal_data = None medical_data = None @@ -271,17 +270,14 @@ def edit(request): @login_required def edit_wrapper(request, context): if request.method == "POST": - usercode = UserCode.objects.filter(user=request.user)[0] - if usercode.midata_id > 0: - if not copy_from_midata(request, usercode): - return HttpResponseRedirect(request.path_info) + usercodes = UserCode.objects.filter(user=request.user) if "action" not in request.POST.keys(): # get document document = Document.objects.get(id=request.POST["doc"]) # check if user has permission - if document.user != request.user: + if document.usercode not in usercodes: return HttpResponseRedirect("/") # check if document is editable @@ -289,6 +285,8 @@ def edit_wrapper(request, context): # user is cheating return HttpResponseRedirect("/") + usercode = document.usercode + # update compilation date document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now()) document.save(update_fields=["compilation_date"]) -- cgit v1.2.1