1
0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2024-12-24 03:02:23 +00:00

Add protected pages to view authorizations

This commit is contained in:
Yohann D'ANELLO 2020-12-30 11:03:12 +01:00
parent 6611c1c896
commit e2e2c97584
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85
3 changed files with 54 additions and 5 deletions

View File

@ -298,7 +298,7 @@ class TestRegistration(TestCase):
self.assertTrue(getattr(self.student.registration, auth_type))
response = self.client.get(reverse(
auth_type, args=(self.student.registration.photo_authorization.name.split('/')[-1],)))
auth_type, args=(getattr(self.student.registration, auth_type).name.split('/')[-1],)))
self.assertEqual(response.status_code, 200)
from participation.models import Team

View File

@ -21,7 +21,7 @@ from tfjm.views import AdminMixin, UserMixin
from .forms import CoachRegistrationForm, HealthSheetForm, ParentalAuthorizationForm, PhotoAuthorizationForm,\
SignupForm, StudentRegistrationForm, UserForm
from .models import Registration, StudentRegistration
from .models import Registration, StudentRegistration, ParticipantRegistration
from .tables import RegistrationTable
@ -284,7 +284,7 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
path = f"media/authorization/photo/{filename}"
if not os.path.exists(path):
raise Http404
student = StudentRegistration.objects.get(photo_authorization__endswith=filename)
student = ParticipantRegistration.objects.get(photo_authorization__endswith=filename)
user = request.user
if not user.registration.is_admin and user.pk != student.user.pk:
raise PermissionDenied
@ -297,6 +297,50 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
class HealthSheetView(LoginRequiredMixin, View):
"""
Display the sent health sheet.
"""
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/authorization/health/{filename}"
if not os.path.exists(path):
raise Http404
student = ParticipantRegistration.objects.get(health_sheet__endswith=filename)
user = request.user
if not user.registration.is_admin and user.pk != student.user.pk:
raise PermissionDenied
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext)
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
class ParentalAuthorizationView(LoginRequiredMixin, View):
"""
Display the sent parental authorization.
"""
def get(self, request, *args, **kwargs):
filename = kwargs["filename"]
path = f"media/authorization/parental/{filename}"
if not os.path.exists(path):
raise Http404
student = StudentRegistration.objects.get(parental_authorization__endswith=filename)
user = request.user
if not user.registration.is_admin and user.pk != student.user.pk:
raise PermissionDenied
# Guess mime type of the file
mime = Magic(mime=True)
mime_type = mime.from_file(path)
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
# Replace file name
true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext)
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
class UserImpersonateView(LoginRequiredMixin, RedirectView):
"""
An administrator can log in through this page as someone else, and act as this other person.

View File

@ -21,7 +21,7 @@ from django.contrib import admin
from django.urls import include, path
from django.views.defaults import bad_request, page_not_found, permission_denied, server_error
from django.views.generic import TemplateView
from registration.views import PhotoAuthorizationView
from registration.views import HealthSheetView, ParentalAuthorizationView, PhotoAuthorizationView
from .views import AdminSearchView
@ -38,7 +38,12 @@ urlpatterns = [
path('participation/', include('participation.urls')),
path('registration/', include('registration.urls')),
path('media/authorization/photo/<str:filename>/', PhotoAuthorizationView.as_view(), name='photo_authorization'),
path('media/authorization/photo/<str:filename>/', PhotoAuthorizationView.as_view(),
name='photo_authorization'),
path('media/authorization/health/<str:filename>/', HealthSheetView.as_view(),
name='health_sheet'),
path('media/authorization/parental/<str:filename>/', ParentalAuthorizationView.as_view(),
name='parental_authorization'),
path('', include('eastereggs.urls')),
]