From 65ebc99e76becf72a40dc1c1f4b420ceeedc1a98 Mon Sep 17 00:00:00 2001
From: Andrea Lepori <alepori@student.ethz.ch>
Date: Sun, 28 Jan 2024 12:52:55 +0100
Subject: use usercode id instead of code

---
 client/templates/client/doc_create.html |  2 +-
 client/templates/client/index.html      |  4 ++--
 client/views.py                         | 12 +++++-------
 3 files changed, 8 insertions(+), 10 deletions(-)

(limited to 'client')

diff --git a/client/templates/client/doc_create.html b/client/templates/client/doc_create.html
index a6efae8..9649a73 100644
--- a/client/templates/client/doc_create.html
+++ b/client/templates/client/doc_create.html
@@ -13,7 +13,7 @@
   <div class="col l8 offset-l2 s12">
     <div class="card-panel">
       <div class="row">
-        <form id="form" action="{% url 'create' code=uc.code %}" method="post" class="col s12">
+        <form id="form" action="{% url 'create' code=uc.id %}" method="post" class="col s12">
           {% csrf_token %}
           <input type="hidden" name="action" id="action">
           {% if not next %}
diff --git a/client/templates/client/index.html b/client/templates/client/index.html
index 1acdd8c..41f709c 100644
--- a/client/templates/client/index.html
+++ b/client/templates/client/index.html
@@ -35,7 +35,7 @@
       <div class="card">
         <div class="card-content">
       <span class="card-title">
-        <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.code %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
+        <p style="text-decoration: underline; text-decoration-thickness: 3px; text-decoration-color: {{data.2}};">{{data.0.first_name}} {{data.0.last_name}}<a href="{% url "edit_user" code=data.0.id %}" class="btn-flat"><i class="material-icons">edit</i></a></p>
         <div style="font-size: 0.5em; line-height: normal;">{{data.0.born_date}}</div>
       </span>
 {% if data.1|length > 0 %}
@@ -440,7 +440,7 @@
   </div>
 </div>
 {% else %}
-<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.code %}"><i class="material-icons">add</i></a>
+<a id="add" class="btn-floating halfway-fab btn-large {{color}}" href="{% url 'create' code=data.0.id %}"><i class="material-icons">add</i></a>
 {% endif %}
       </div>
     </div>
diff --git a/client/views.py b/client/views.py
index 4646843..43d54c2 100644
--- a/client/views.py
+++ b/client/views.py
@@ -140,7 +140,7 @@ def index(request):
 @login_required
 def create(request, code):
     context = {}
-    usercode = UserCode.objects.filter(user=request.user, code=code)
+    usercode = UserCode.objects.filter(id=code, user=request.user)
     if (len(usercode) == 0):
         # the user has no person
         return HttpResponseRedirect("/")
@@ -217,7 +217,6 @@ def create(request, code):
                 return HttpResponseRedirect("/")
 
             # set default values
-            code = 0
             status = "wait"
             personal_data = None
             medical_data = None
@@ -271,17 +270,14 @@ def edit(request):
 @login_required
 def edit_wrapper(request, context):
     if request.method == "POST":
-        usercode = UserCode.objects.filter(user=request.user)[0]
-        if usercode.midata_id > 0:
-            if not copy_from_midata(request, usercode):
-                return HttpResponseRedirect(request.path_info)
+        usercodes = UserCode.objects.filter(user=request.user)
 
         if "action" not in request.POST.keys():
             # get document
             document = Document.objects.get(id=request.POST["doc"])
 
             # check if user has permission
-            if document.user != request.user:
+            if document.usercode not in usercodes:
                 return HttpResponseRedirect("/")
 
             # check if document is editable
@@ -289,6 +285,8 @@ def edit_wrapper(request, context):
                 # user is cheating
                 return HttpResponseRedirect("/")
 
+            usercode = document.usercode
+
             # update compilation date
             document.compilation_date = pytz.timezone('Europe/Zurich').localize(datetime.now())
             document.save(update_fields=["compilation_date"])
-- 
cgit v1.2.1