From 9fec5d58b2381a55731f0fae91a9a7fc473bbd44 Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Thu, 19 Aug 2021 10:42:10 +0200 Subject: RO documents for non primary groups --- server/views.py | 142 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 73 insertions(+), 69 deletions(-) (limited to 'server/views.py') diff --git a/server/views.py b/server/views.py index d34ebb3..54f1352 100644 --- a/server/views.py +++ b/server/views.py @@ -48,54 +48,58 @@ def isCapi_enabled(user): @user_passes_test(isStaff) def index(request): context = {} - # primary group name + object - parent_group = request.user.groups.values_list('name', flat=True)[ - 0] - group = Group.objects.get(name=parent_group) - # check for settings - doc_view_check = "" - settings = GroupSettings.objects.filter(group__name=group) + # if user is staff of not primary show only public types + if request.user.is_staff: + groups = request.user.groups.all() - # create settings if non existing - if len(settings) == 0: - settings = GroupSettings(group=group, view_documents=False) + public_types = DocumentType.objects.filter( + Q(group_private=False) | Q(group=groups[0]) & Q(enabled=True)).order_by("-id") else: - settings = settings[0] + groups = request.user.groups.all()[1:] - if settings.view_documents: - doc_view_check = 'checked="checked"' + public_types = DocumentType.objects.filter( + Q(group_private=False) & Q(enabled=True)).order_by("-id") - # check if changing settings - if request.method == "POST" and request.user.is_staff: - if "doc_view" in request.POST: - settings.view_documents = True - settings.save() + # check for settings + group_check = [] + for i in groups: + if i.name == "capi": + continue + + doc_view_check = "" + settings = GroupSettings.objects.filter(group=i) + + # create settings if non existing + if len(settings) == 0: + settings = GroupSettings(group=i, view_documents=False) else: - settings.view_documents = False - settings.save() + settings = settings[0] - return HttpResponseRedirect("/server") + if settings.view_documents: + doc_view_check = 'checked="checked"' + + group_check.append([i.name, doc_view_check]) - # users from younger to older - users = User.objects.filter(groups__name=parent_group).order_by("-id") - users_out = [] + # check if changing settings + if request.method == "POST" and request.user.is_staff: + for i in groups: + settings = GroupSettings.objects.filter(group=i) - # only send part of the user data, only if user is approved - for user in users: - if not user.has_perm("client.approved") and not user.is_staff: - continue + # create settings if non existing + if len(settings) == 0: + settings = GroupSettings(group=i, view_documents=False) + else: + settings = settings[0] - users_out.append([user.username, user.first_name, - user.last_name]) + if i.name in request.POST: + settings.view_documents = True + settings.save() + else: + settings.view_documents = False + settings.save() - # if user is staff of not primary show only public types - if request.user.is_staff: - public_types = DocumentType.objects.filter( - Q(group_private=False) | Q(group=group) & Q(enabled=True)).order_by("-id") - else: - public_types = DocumentType.objects.filter( - Q(group_private=False) & Q(enabled=True)).order_by("-id") + return HttpResponseRedirect("/server") # count documents of that type to show statistics docs = [] @@ -108,17 +112,12 @@ def index(request): doc_count += "/" + str(doc.max_instances) docs.append([doc, doc_count]) - # don't list users if user is staff of not primary - if request.user.is_staff: - context = { - 'docs': docs, - 'users': users_out, - } - else: - context = { - 'docs': docs, - } - context["doc_view_check"] = doc_view_check + context = { + 'docs': docs, + 'groups': group_check, + 'doc_view_check': doc_view_check, + } + return render(request, 'server/index.html', context) @@ -318,6 +317,7 @@ def ulist(request): out.append([user, usercode, parent_group, documents, vac_file, health_file, "capi" in user.groups.values_list('name',flat = True)]) + context = {'users': out} return render(request, 'server/user_list.html', context) @@ -1134,24 +1134,27 @@ def doclist_readonly(request): context = {} # group name and obj - parent_group = request.user.groups.values_list('name', flat=True)[ - 0] - group = Group.objects.get(name=parent_group) + groups = request.user.groups.all() + if request.user.is_staff: + groups_view = [] + elif request.user.has_perm("client.staff"): + groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group=groups[0]).filter(view_documents=True))) + else: + groups_view = list(map(lambda x: x.group, GroupSettings.objects.filter(group__in=groups).filter(view_documents=True))) - # send alert - users = User.objects.filter(groups__name=parent_group).filter(is_staff=True) - user_emails = [] + perm = Permission.objects.get(codename='staff') - for i in users: - user_emails.append(i.email) + for i in groups_view: + # get all users that are part of the group and are administrators but not request.user + emails = User.objects.filter(groups__name=i).filter(Q(is_staff=True) | Q(user_permissions=perm)).filter(~Q(id=request.user.id)).values_list("email", flat=True) - send_mail( - 'Attenzione! ' + request.user.username + ' ha visionato i documenti della branca', - "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità ai tuoi aggiunti di visionare i documenti e un tuo aggiunto ha visionato dei documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.", - settings.DEFAULT_FROM_EMAIL, - user_emails, - fail_silently=False, - ) + send_mail( + 'Attenzione! ' + request.user.username + ' ha visionato i documenti del gruppo "' + i.name + '"', + "Questo messaggio è stato inviato automaticamente dal sistema di iscrizioni digitali. Ti è arrivata questa mail perchè hai abilitato la possibilità a persone del gruppo capi di visionare i documenti. L'utente con username " + request.user.username + " e con nome registrato " + request.user.first_name + " " + request.user.last_name + " ha visionato dei documenti.", + settings.DEFAULT_FROM_EMAIL, + emails, + fail_silently=False, + ) # create typezone @@ -1191,7 +1194,7 @@ def doclist_readonly(request): if request.POST["action"][0] == 'k': document = Document.objects.get(id=request.POST["action"][1:]) # check if user has permission to view doc - if document.group.name == parent_group: + if document.group in groups_view: vac_file = "" health_file = "" sign_doc_file = "" @@ -1230,7 +1233,7 @@ def doclist_readonly(request): for i in request.POST.keys(): if i.isdigit(): docc = Document.objects.get(id=i) - if docc.group.name == parent_group: + if docc.group in groups_view: selected.append(docc) # get filter values @@ -1260,7 +1263,7 @@ def doclist_readonly(request): groups = [] # filter documents based on group of staff - documents = Document.objects.filter(group__name=parent_group) + documents = Document.objects.filter(group__in=groups_view) # filter documents if not hidden: @@ -1311,6 +1314,7 @@ def doclist_readonly(request): documents = documents.filter(q_obj) out = [] + users = [] for i in documents: # filter for confirmed with attachment documents and approved if signdoc: @@ -1338,18 +1342,18 @@ def doclist_readonly(request): doc_group = i.user.groups.values_list('name', flat=True)[0] + users.append(i.user) out.append([i, KeyVal.objects.filter(container=i), personal, medical, doc_group, vac_file, health_file, sign_doc_file]) # get types and users for chips autocompletation auto_types = DocumentType.objects.filter( - Q(group_private=False) | Q(group=group)) - users = User.objects.filter(groups__name=parent_group) + Q(group_private=False) | Q(group__in=groups_view)) context = { "types": auto_types, "users": users, - "groups": [parent_group], + "groups": groups_view, "docs": out, "hidden_check": hidden_check, "wait_check": wait_check, -- cgit v1.2.1