1
0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2025-01-25 01:01:17 +00:00

909 lines
39 KiB
Python
Raw Normal View History

2020-12-27 11:49:54 +01:00
# Copyright (C) 2020 by Animath
# SPDX-License-Identifier: GPL-3.0-or-later
import json
2020-12-27 11:49:54 +01:00
import os
import subprocess
from tempfile import mkdtemp
2020-12-27 11:49:54 +01:00
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin
2020-12-27 11:49:54 +01:00
from django.contrib.auth.models import User
from django.contrib.sites.models import Site
2020-12-27 11:49:54 +01:00
from django.core.exceptions import PermissionDenied, ValidationError
from django.db import transaction
2021-01-17 12:40:23 +01:00
from django.db.models import Q
2020-12-27 11:49:54 +01:00
from django.http import FileResponse, Http404
from django.shortcuts import redirect, resolve_url
from django.template.loader import render_to_string
2020-12-27 11:49:54 +01:00
from django.urls import reverse_lazy
from django.utils import timezone, translation
from django.utils.crypto import get_random_string
from django.utils.http import urlsafe_base64_decode
from django.utils.text import format_lazy
2020-12-27 11:49:54 +01:00
from django.utils.translation import gettext_lazy as _
from django.views.generic import CreateView, DetailView, RedirectView, TemplateView, UpdateView, View
from django_tables2 import SingleTableView
from magic import Magic
from participation.models import Passage, Solution, Synthesis, Tournament
2020-12-28 19:19:01 +01:00
from tfjm.tokens import email_validation_token
2021-02-06 19:26:19 +01:00
from tfjm.views import UserMixin, UserRegistrationMixin, VolunteerMixin
2020-12-27 11:49:54 +01:00
from .forms import AddOrganizerForm, CoachRegistrationForm, HealthSheetForm, \
ParentalAuthorizationFinalForm, ParentalAuthorizationForm, PaymentAdminForm, PaymentForm, \
PhotoAuthorizationFinalForm, PhotoAuthorizationForm, SignupForm, StudentRegistrationForm, UserForm, \
VaccineSheetForm, VolunteerRegistrationForm
from .models import ParticipantRegistration, Payment, Registration, StudentRegistration
2020-12-27 11:49:54 +01:00
from .tables import RegistrationTable
class SignupView(CreateView):
"""
Signup, as a participant or a coach.
"""
model = User
form_class = SignupForm
2021-01-22 23:24:35 +01:00
template_name = "registration/signup.html"
2020-12-27 11:49:54 +01:00
extra_context = dict(title=_("Sign up"))
def get_context_data(self, **kwargs):
context = super().get_context_data()
context["student_registration_form"] = StudentRegistrationForm(self.request.POST or None)
context["coach_registration_form"] = CoachRegistrationForm(self.request.POST or None)
del context["student_registration_form"].fields["team"]
del context["student_registration_form"].fields["email_confirmed"]
del context["coach_registration_form"].fields["team"]
del context["coach_registration_form"].fields["email_confirmed"]
return context
@transaction.atomic
def form_valid(self, form):
role = form.cleaned_data["role"]
if role == "participant":
registration_form = StudentRegistrationForm(self.request.POST)
else:
registration_form = CoachRegistrationForm(self.request.POST)
del registration_form.fields["team"]
del registration_form.fields["email_confirmed"]
if not registration_form.is_valid():
return self.form_invalid(form)
ret = super().form_valid(form)
registration = registration_form.instance
registration.user = form.instance
registration.save()
2021-01-17 12:40:23 +01:00
registration.send_email_validation_link()
2020-12-27 11:49:54 +01:00
return ret
def get_success_url(self):
return reverse_lazy("registration:email_validation_sent")
2021-01-17 12:40:23 +01:00
class AddOrganizerView(VolunteerMixin, CreateView):
2021-01-14 21:07:09 +01:00
model = User
form_class = AddOrganizerForm
template_name = "registration/add_organizer.html"
extra_context = dict(title=_("Add organizer"))
def get_context_data(self, **kwargs):
context = super().get_context_data()
context["volunteer_registration_form"] = VolunteerRegistrationForm(self.request.POST or None)
del context["volunteer_registration_form"].fields["email_confirmed"]
2021-01-17 12:40:23 +01:00
if not self.request.user.registration.is_admin:
del context["volunteer_registration_form"].fields["admin"]
2021-01-17 12:40:23 +01:00
return context
2021-01-14 21:07:09 +01:00
@transaction.atomic
def form_valid(self, form):
registration_form = VolunteerRegistrationForm(self.request.POST)
2021-01-14 21:07:09 +01:00
del registration_form.fields["email_confirmed"]
if not self.request.user.registration.is_admin:
del registration_form.fields["admin"]
2021-01-14 21:07:09 +01:00
if not registration_form.is_valid():
return self.form_invalid(form)
ret = super().form_valid(form)
registration = registration_form.instance
registration.user = form.instance
registration.save()
2021-01-17 12:40:23 +01:00
registration.send_email_validation_link()
2021-01-14 21:07:09 +01:00
password = get_random_string(16)
form.instance.set_password(password)
form.instance.save()
subject = "[TFJM²] " + str(_("New TFJM² organizer account"))
site = Site.objects.first()
message = render_to_string('registration/mails/add_organizer.txt', dict(user=registration.user,
inviter=self.request.user,
password=password,
domain=site.domain))
html = render_to_string('registration/mails/add_organizer.html', dict(user=registration.user,
inviter=self.request.user,
password=password,
domain=site.domain))
registration.user.email_user(subject, message, html_message=html)
2021-01-21 22:54:23 +01:00
if registration.is_admin:
registration.user.is_superuser = True
registration.user.save()
2021-01-14 21:07:09 +01:00
return ret
def get_success_url(self):
return reverse_lazy("registration:email_validation_sent")
2020-12-27 11:49:54 +01:00
class UserValidateView(TemplateView):
"""
A view to validate the email address.
"""
title = _("Email validation")
template_name = 'registration/email_validation_complete.html'
extra_context = dict(title=_("Validate email"))
def get(self, *args, **kwargs):
"""
With a given token and user id (in params), validate the email address.
"""
assert 'uidb64' in kwargs and 'token' in kwargs
self.validlink = False
user = self.get_user(kwargs['uidb64'])
token = kwargs['token']
# Validate the token
if user is not None and email_validation_token.check_token(user, token):
self.validlink = True
user.registration.email_confirmed = True
user.registration.save()
return self.render_to_response(self.get_context_data(), status=200 if self.validlink else 400)
def get_user(self, uidb64):
"""
Get user from the base64-encoded string.
"""
try:
# urlsafe_base64_decode() decodes to bytestring
uid = urlsafe_base64_decode(uidb64).decode()
user = User.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist, ValidationError):
user = None
return user
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['user_object'] = self.get_user(self.kwargs["uidb64"])
context['login_url'] = resolve_url(settings.LOGIN_URL)
if self.validlink:
context['validlink'] = True
else:
context.update({
'title': _('Email validation unsuccessful'),
'validlink': False,
})
return context
class UserValidationEmailSentView(TemplateView):
"""
Display the information that the validation link has been sent.
"""
template_name = 'registration/email_validation_email_sent.html'
extra_context = dict(title=_('Email validation email sent'))
class UserResendValidationEmailView(LoginRequiredMixin, DetailView):
"""
Rensend the email validation link.
"""
model = User
extra_context = dict(title=_("Resend email validation link"))
def get(self, request, *args, **kwargs):
user = self.get_object()
user.registration.send_email_validation_link()
return redirect('registration:email_validation_sent')
class MyAccountDetailView(LoginRequiredMixin, RedirectView):
"""
Redirect to our own profile detail page.
"""
2020-12-27 11:49:54 +01:00
def get_redirect_url(self, *args, **kwargs):
return reverse_lazy("registration:user_detail", args=(self.request.user.pk,))
2021-01-23 11:02:26 +01:00
class UserDetailView(LoginRequiredMixin, DetailView):
2020-12-27 11:49:54 +01:00
"""
Display the detail about a user.
"""
model = User
context_object_name = "user_object"
template_name = "registration/user_detail.html"
2021-01-17 12:40:23 +01:00
def dispatch(self, request, *args, **kwargs):
me = request.user
if not me.is_authenticated:
return self.handle_no_permission()
user = self.get_object()
if user == me or me.registration.is_admin or me.registration.is_volunteer \
and user.registration.participates and user.registration.team \
2021-05-11 16:40:18 +02:00
and (user.registration.team.participation.tournament in me.registration.organized_tournaments.all()
or user.registration.team.participation.final
and Tournament.final_tournament() in me.registration.organized_tournaments.all()) \
2021-01-17 12:40:23 +01:00
or user.registration.is_volunteer and me.registration.is_volunteer \
2021-02-13 16:59:49 +01:00
and me.registration.interesting_tournaments.intersection(user.registration.interesting_tournaments):
2021-01-17 12:40:23 +01:00
return super().dispatch(request, *args, **kwargs)
raise PermissionDenied
2020-12-27 11:49:54 +01:00
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context["title"] = _("Detail of user {user}").format(user=str(self.object.registration))
return context
2021-02-06 19:26:19 +01:00
class UserListView(VolunteerMixin, SingleTableView):
2020-12-27 11:49:54 +01:00
"""
Display the list of all registered users.
"""
model = Registration
table_class = RegistrationTable
template_name = "registration/user_list.html"
2020-12-29 16:14:56 +01:00
class UserUpdateView(UserMixin, UpdateView):
2020-12-27 11:49:54 +01:00
"""
Update the detail about a user and its registration.
"""
model = User
context_object_name = "user_object"
2020-12-27 11:49:54 +01:00
form_class = UserForm
template_name = "registration/update_user.html"
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
user = self.get_object()
context["title"] = _("Update user {user}").format(user=str(self.object.registration))
context["registration_form"] = user.registration.form_class(data=self.request.POST or None,
instance=self.object.registration)
2020-12-28 21:42:01 +01:00
if not self.request.user.registration.is_admin:
2020-12-27 11:49:54 +01:00
if "team" in context["registration_form"].fields:
del context["registration_form"].fields["team"]
if "admin" in context["registration_form"].fields:
del context["registration_form"].fields["admin"]
2020-12-27 11:49:54 +01:00
del context["registration_form"].fields["email_confirmed"]
return context
@transaction.atomic
def form_valid(self, form):
user = form.instance
registration_form = user.registration.form_class(data=self.request.POST or None,
instance=self.object.registration)
2020-12-28 21:42:01 +01:00
if not self.request.user.registration.is_admin:
2020-12-27 11:49:54 +01:00
if "team" in registration_form.fields:
del registration_form.fields["team"]
if "admin" in registration_form.fields:
del registration_form.fields["admin"]
2020-12-27 11:49:54 +01:00
del registration_form.fields["email_confirmed"]
if not registration_form.is_valid():
return self.form_invalid(form)
registration_form.save()
return super().form_valid(form)
def get_success_url(self):
return reverse_lazy("registration:user_detail", args=(self.object.pk,))
2021-01-23 11:02:26 +01:00
class UserUploadPhotoAuthorizationView(UserRegistrationMixin, UpdateView):
2020-12-27 11:49:54 +01:00
"""
A participant can send its photo authorization.
"""
model = ParticipantRegistration
2020-12-27 11:49:54 +01:00
template_name = "registration/upload_photo_authorization.html"
extra_context = dict(title=_("Upload photo authorization"))
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
if self.object.team:
tournament = self.object.team.participation.tournament \
if 'final' not in self.request.path else Tournament.final_tournament()
context["tournament"] = tournament
return context
def get_form_class(self):
return PhotoAuthorizationForm if 'final' not in self.request.path else PhotoAuthorizationFinalForm
2020-12-27 11:49:54 +01:00
@transaction.atomic
def form_valid(self, form):
old_instance: ParticipantRegistration = ParticipantRegistration.objects.get(pk=self.object.pk)
old_field = old_instance.photo_authorization \
if 'final' not in self.request.path else old_instance.photo_authorization_final
if old_field:
old_field.delete()
old_instance.save()
2020-12-27 11:49:54 +01:00
return super().form_valid(form)
def get_success_url(self):
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
2021-01-23 11:02:26 +01:00
class UserUploadHealthSheetView(UserRegistrationMixin, UpdateView):
2020-12-29 16:14:56 +01:00
"""
A participant can send its health sheet.
"""
model = StudentRegistration
form_class = HealthSheetForm
template_name = "registration/upload_health_sheet.html"
extra_context = dict(title=_("Upload health sheet"))
@transaction.atomic
def form_valid(self, form):
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
if old_instance.health_sheet:
old_instance.health_sheet.delete()
old_instance.save()
2020-12-29 16:14:56 +01:00
return super().form_valid(form)
def get_success_url(self):
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
2023-02-20 00:38:57 +01:00
class UserUploadVaccineSheetView(UserRegistrationMixin, UpdateView):
"""
A participant can send its vaccine sheet.
"""
model = StudentRegistration
form_class = VaccineSheetForm
template_name = "registration/upload_vaccine_sheet.html"
extra_context = dict(title=_("Upload vaccine sheet"))
@transaction.atomic
def form_valid(self, form):
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
if old_instance.vaccine_sheet:
old_instance.vaccine_sheet.delete()
old_instance.save()
return super().form_valid(form)
def get_success_url(self):
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
2021-01-23 11:02:26 +01:00
class UserUploadParentalAuthorizationView(UserRegistrationMixin, UpdateView):
2020-12-29 16:14:56 +01:00
"""
A participant can send its parental authorization.
"""
model = StudentRegistration
template_name = "registration/upload_parental_authorization.html"
extra_context = dict(title=_("Upload parental authorization"))
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
if self.object.team:
tournament = self.object.team.participation.tournament \
if 'final' not in self.request.path else Tournament.final_tournament()
context["tournament"] = tournament
return context
def get_form_class(self):
return ParentalAuthorizationForm if 'final' not in self.request.path else ParentalAuthorizationFinalForm
2020-12-29 16:14:56 +01:00
@transaction.atomic
def form_valid(self, form):
old_instance: StudentRegistration = StudentRegistration.objects.get(pk=self.object.pk)
old_field = old_instance.parental_authorization \
if 'final' not in self.request.path else old_instance.parental_authorization_final
if old_field:
old_field.delete()
old_instance.save()
2020-12-29 16:14:56 +01:00
return super().form_valid(form)
def get_success_url(self):
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
class AuthorizationTemplateView(TemplateView):
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
translation.activate("fr")
if "registration_id" in self.request.GET:
registration = Registration.objects.get(pk=self.request.GET.get("registration_id"))
# Don't get unwanted information
if registration.user == self.request.user \
or self.request.user.is_authenticated and self.request.user.registration.is_admin:
context["registration"] = registration
if "tournament_id" in self.request.GET and self.request.GET.get("tournament_id").isnumeric():
if not Tournament.objects.filter(pk=self.request.GET.get("tournament_id")).exists():
raise PermissionDenied("Ce tournoi n'existe pas.")
context["tournament"] = Tournament.objects.get(pk=self.request.GET.get("tournament_id"))
elif "tournament_name" in self.request.GET:
if not Tournament.objects.filter(name__iexact=self.request.GET.get("tournament_name")).exists():
raise PermissionDenied("Ce tournoi n'existe pas.")
context["tournament"] = Tournament.objects.get(name__iexact=self.request.GET.get("tournament_name"))
else:
raise PermissionDenied("Merci d'indiquer un tournoi.")
return context
def render_to_response(self, context, **response_kwargs):
tex = render_to_string(self.template_name, context=context, request=self.request)
temp_dir = mkdtemp()
with open(os.path.join(temp_dir, "texput.tex"), "w") as f:
f.write(tex)
process = subprocess.Popen(["pdflatex", "-interaction=nonstopmode", f"-output-directory={temp_dir}",
os.path.join(temp_dir, "texput.tex"), ])
process.wait()
return FileResponse(open(os.path.join(temp_dir, "texput.pdf"), "rb"),
content_type="application/pdf",
filename=self.template_name.split("/")[-1][:-3] + "pdf")
class AdultPhotoAuthorizationTemplateView(AuthorizationTemplateView):
template_name = "registration/tex/Autorisation_droit_image_majeur.tex"
class ChildPhotoAuthorizationTemplateView(AuthorizationTemplateView):
template_name = "registration/tex/Autorisation_droit_image_mineur.tex"
class ParentalAuthorizationTemplateView(AuthorizationTemplateView):
template_name = "registration/tex/Autorisation_parentale.tex"
class InstructionsTemplateView(AuthorizationTemplateView):
template_name = "registration/tex/Instructions.tex"
class PaymentUpdateView(LoginRequiredMixin, UpdateView):
model = Payment
form_class = PaymentAdminForm
def dispatch(self, request, *args, **kwargs):
user = self.request.user
object = self.get_object()
if not user.is_authenticated or \
not user.registration.is_admin \
and (user.registration.is_volunteer and user.registration not in object.tournament.organizers.all()
or user.registration.is_student and user.registration not in object.registrations.all()
or user.registration.is_coach and user.registration.team != object.team):
return self.handle_no_permission()
return super().dispatch(request, *args, **kwargs)
def get_context_data(self, **kwargs):
context = super().get_context_data()
context['title'] = _("Update payment")
# Grouping is only possible if there isn't any validated payment in the team
context['can_group'] = all(p.valid is False for reg in self.object.team.students.all()
for p in reg.payments.filter(final=self.object.final).all())
context['bank_transfer_form'] = PaymentForm(payment_type='bank_transfer',
data=self.request.POST or None,
instance=self.object)
if not self.object.grouped:
context['scholarship_form'] = PaymentForm(payment_type='scholarship',
data=self.request.POST or None,
instance=self.object)
context['other_form'] = PaymentForm(payment_type='other',
data=self.request.POST or None,
instance=self.object)
return context
def form_valid(self, form):
old_instance = Payment.objects.get(pk=self.object.pk)
if self.request.user.registration.participates:
if old_instance.valid is not False:
raise PermissionDenied(_("This payment is already valid or pending validation."))
if old_instance.valid is False:
form.instance.valid = None
if old_instance.receipt:
old_instance.receipt.delete()
old_instance.save()
return super().form_valid(form)
def get_success_url(self):
return reverse_lazy("participation:team_detail", args=(self.object.registrations.first().team.pk,))
class PaymentUpdateGroupView(LoginRequiredMixin, DetailView):
model = Payment
def dispatch(self, request, *args, **kwargs):
payment = self.get_object()
if not self.request.user.is_authenticated or \
not self.request.user.registration.is_admin \
and (self.request.user.registration not in self.get_object().registrations.all()
or payment.valid is not False):
return self.handle_no_permission()
if any(p.valid is not False for reg in payment.team.students.all()
for p in reg.payments.filter(final=payment.final).all()):
raise PermissionDenied(_("Since one payment is already validated, or pending validation, "
"grouping is not possible."))
return super().dispatch(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
payment = self.get_object()
if payment.valid is not False:
raise PermissionDenied(_("This payment is already valid or pending validation."))
if payment.grouped:
registrations = list(payment.registrations.all())
first_reg = registrations[0]
payment.registrations.set([first_reg])
payment.grouped = False
tournament = first_reg.team.participation.tournament if not payment.final else Tournament.final_tournament()
payment.amount = tournament.price
payment.checkout_intent_id = None
payment.save()
for registration in registrations[1:]:
p = Payment.objects.create(type=payment.type,
grouped=False,
final=payment.final,
amount=tournament.price,
receipt=payment.receipt,
additional_information=payment.additional_information)
p.registrations.set([registration])
p.save()
else:
reg = payment.registrations.get()
tournament = reg.team.participation.tournament if not payment.final else Tournament.final_tournament()
for student in reg.team.students.all():
if student != reg:
Payment.objects.filter(registrations=student, final=payment.final).delete()
payment.registrations.add(student)
payment.amount = tournament.price * reg.team.students.count()
payment.grouped = True
payment.checkout_intent_id = None
payment.save()
return redirect(reverse_lazy("registration:update_payment", args=(payment.pk,)))
class PaymentRedirectHelloAssoView(AccessMixin, DetailView):
model = Payment
def dispatch(self, request, *args, **kwargs):
payment = self.get_object()
# An external user has the link for the payment
token = request.GET.get('token', "")
if token and token == payment.token:
return super().dispatch(request, *args, **kwargs)
if not request.user.is_authenticated:
return self.handle_no_permission()
if not request.user.registration.is_admin:
if request.user.registration.is_volunteer \
and payment.tournament not in request.user.registration.organized_tournaments.all():
return self.handle_no_permission()
if request.user.registration.is_student \
and request.user.registration not in payment.registrations.all():
return self.handle_no_permission()
if request.user.registration.is_coach \
and request.user.registration.team != payment.team:
return self.handle_no_permission()
return super().dispatch(request, *args, **kwargs)
def get(self, request, *args, **kwargs):
payment = self.get_object()
if payment.valid is not False:
raise PermissionDenied(_("The payment is already valid or pending validation."))
checkout_intent = payment.create_checkout_intent()
return redirect(checkout_intent["redirectUrl"])
class PaymentHelloAssoReturnView(DetailView):
model = Payment
def get(self, request, *args, **kwargs):
checkout_id = request.GET.get("checkoutIntentId")
payment = self.get_object()
payment_qs = Payment.objects.exclude(valid=True).filter(checkout_intent_id=checkout_id).filter(pk=payment.pk)
if not payment_qs.exists():
messages.error(request, _("The payment is not found or is already validated."), "danger")
return redirect("index")
team = payment.team
tournament = payment.tournament
right_to_see = not request.user.is_anonymous \
and (request.user.registration.is_admin
or request.user.registration in payment.registrations.all()
or (request.user.registration.is_volunteer
and tournament in request.user.registration.organized_tournaments.all())
or (request.user.registration.is_coach and request.user.registration.team == team))
if right_to_see:
error_response = redirect("registration:update_payment", pk=payment.pk)
else:
error_response = redirect("index")
return_type = request.GET.get("type")
if return_type == "error":
messages.error(request, format_lazy(_("An error occurred during the payment: {error}"),
error=request.GET.get("error")), "danger")
return error_response
elif return_type == "return":
code = request.GET.get("code")
if code == "refused":
messages.error(request, _("The payment has been refused."), "danger")
return error_response
elif code != "succeeded":
messages.error(request, format_lazy(_("The return code is unknown: {code}"), code=code), "danger")
return error_response
else:
messages.error(request, format_lazy(_("The return type is unknown: {type}"), type=return_type), "danger")
return error_response
checkout_intent = payment.get_checkout_intent()
if 'order' in checkout_intent:
payment.type = "helloasso"
payment.valid = True
payment.additional_information = json.dumps(checkout_intent['order'])
payment.save()
messages.success(request, _("The payment has been successfully validated! "
"Your registration is now complete."))
payment.send_helloasso_payment_confirmation_mail()
else:
payment.type = "helloasso"
payment.valid = None
payment.save()
messages.success(request, _("Your payment is done! "
"The validation of your payment may takes a few minutes, "
"and will be automatically done. "
"If it is not the case, please contact us."))
if right_to_see:
return redirect("participation:team_detail", pk=team.pk)
else:
return redirect("index")
2020-12-27 11:49:54 +01:00
class PhotoAuthorizationView(LoginRequiredMixin, View):
"""
Display the sent photo authorization.
"""
2020-12-27 11:49:54 +01:00
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/authorization/photo/{filename}"
if not os.path.exists(path):
raise Http404
student = ParticipantRegistration.objects.get(Q(photo_authorization__endswith=filename)
| Q(photo_authorization_final__endswith=filename))
2020-12-27 11:49:54 +01:00
user = request.user
2021-01-17 12:40:23 +01:00
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
2020-12-27 11:49:54 +01:00
raise PermissionDenied
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
true_file_name = _("Photo authorization of {student}.{ext}").format(student=str(student), ext=ext)
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
class HealthSheetView(LoginRequiredMixin, View):
"""
Display the sent health sheet.
"""
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/authorization/health/{filename}"
if not os.path.exists(path):
raise Http404
student = StudentRegistration.objects.get(health_sheet__endswith=filename)
user = request.user
2021-01-17 12:40:23 +01:00
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
raise PermissionDenied
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext)
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
2023-02-20 00:38:57 +01:00
class VaccineSheetView(LoginRequiredMixin, View):
"""
Display the sent health sheet.
"""
2023-02-20 00:38:57 +01:00
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/authorization/vaccine/{filename}"
if not os.path.exists(path):
raise Http404
student = StudentRegistration.objects.get(vaccine_sheet__endswith=filename)
user = request.user
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
raise PermissionDenied
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
true_file_name = _("Vaccine sheet of {student}.{ext}").format(student=str(student), ext=ext)
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
class ParentalAuthorizationView(LoginRequiredMixin, View):
"""
Display the sent parental authorization.
"""
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/authorization/parental/{filename}"
if not os.path.exists(path):
raise Http404
student = StudentRegistration.objects.get(Q(parental_authorization__endswith=filename)
| Q(parental_authorization_final__endswith=filename))
user = request.user
2021-01-17 12:40:23 +01:00
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
raise PermissionDenied
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext)
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
2021-01-18 23:39:02 +01:00
class ReceiptView(LoginRequiredMixin, View):
2021-01-18 23:39:02 +01:00
"""
Display the sent payment receipt or scholarship notification.
2021-01-18 23:39:02 +01:00
"""
2021-01-18 23:39:02 +01:00
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/authorization/receipt/{filename}"
2021-01-18 23:39:02 +01:00
if not os.path.exists(path):
raise Http404
payment = Payment.objects.get(receipt__endswith=filename)
2021-01-18 23:39:02 +01:00
user = request.user
if not (user.registration in payment.registrations.all() or user.registration.is_admin):
2021-01-18 23:39:02 +01:00
raise PermissionDenied
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
registrations = ", ".join(str(registration) for registration in payment.registrations.all())
true_file_name = _("Payment receipt of {registrations}.{ext}").format(registrations=registrations, ext=ext)
2021-01-18 23:39:02 +01:00
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
2021-01-12 17:56:40 +01:00
class SolutionView(LoginRequiredMixin, View):
"""
Display the sent solution.
"""
2021-01-12 17:56:40 +01:00
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/solutions/{filename}"
if not os.path.exists(path):
raise Http404
solution = Solution.objects.get(file__endswith=filename)
2021-01-17 12:40:23 +01:00
user = request.user
2021-04-04 17:18:50 +02:00
if user.registration.participates:
passage_participant_qs = Passage.objects.filter(Q(defender=user.registration.team.participation)
| Q(opponent=user.registration.team.participation)
| Q(reporter=user.registration.team.participation),
defender=solution.participation,
solution_number=solution.problem)
else:
passage_participant_qs = Passage.objects.none()
2021-04-06 19:50:27 +02:00
if not (user.registration.is_admin
or (user.registration.is_volunteer
and user.registration in solution.tournament.organizers.all())
or (user.registration.is_volunteer
and user.registration.pools_presided.filter(tournament=solution.tournament).exists())
2021-04-06 19:50:27 +02:00
or user.registration.is_volunteer
2021-01-17 12:40:23 +01:00
and Passage.objects.filter(Q(pool__juries=user.registration)
| Q(pool__tournament__in=user.registration.organized_tournaments.all()),
defender=solution.participation,
solution_number=solution.problem).exists()
or user.registration.participates and user.registration.team
and (solution.participation.team == user.registration.team or
any(passage.pool.round == 1
or timezone.now() >= passage.pool.tournament.solutions_available_second_phase
for passage in passage_participant_qs.all()))):
2021-01-17 12:40:23 +01:00
raise PermissionDenied
2021-01-12 17:56:40 +01:00
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
true_file_name = str(solution) + f".{ext}"
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
class SynthesisView(LoginRequiredMixin, View):
"""
Display the sent synthesis.
"""
2021-01-12 17:56:40 +01:00
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
2021-01-14 17:26:08 +01:00
path = f"media/syntheses/{filename}"
2021-01-12 17:56:40 +01:00
if not os.path.exists(path):
raise Http404
2021-01-17 12:40:23 +01:00
synthesis = Synthesis.objects.get(file__endswith=filename)
user = request.user
if not (user.registration.is_admin or user.registration.is_volunteer
and (user.registration in synthesis.passage.pool.juries.all()
or user.registration in synthesis.passage.pool.tournament.organizers.all()
or user.registration.pools_presided.filter(tournament=synthesis.passage.pool.tournament).exists())
2021-01-17 12:40:23 +01:00
or user.registration.participates and user.registration.team == synthesis.participation.team):
raise PermissionDenied
2021-01-12 17:56:40 +01:00
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
2021-01-17 12:40:23 +01:00
true_file_name = str(synthesis) + f".{ext}"
2021-01-12 17:56:40 +01:00
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
2020-12-27 11:49:54 +01:00
class UserImpersonateView(LoginRequiredMixin, RedirectView):
"""
An administrator can log in through this page as someone else, and act as this other person.
"""
def dispatch(self, request, *args, **kwargs):
if self.request.user.registration.is_admin:
if not User.objects.filter(pk=kwargs["pk"]).exists():
raise Http404
session = request.session
session["admin"] = request.user.pk
session["_fake_user_id"] = kwargs["pk"]
return super().dispatch(request, *args, **kwargs)
def get_redirect_url(self, *args, **kwargs):
return reverse_lazy("registration:user_detail", args=(kwargs["pk"],))
class ResetAdminView(LoginRequiredMixin, View):
"""
Return to admin view, clear the session field that let an administrator to log in as someone else.
"""
def dispatch(self, request, *args, **kwargs):
user = request.user
if not user.is_authenticated:
return self.handle_no_permission()
if "_fake_user_id" in request.session:
del request.session["_fake_user_id"]
return redirect(request.GET.get("path", reverse_lazy("index")))