From e2e2c975842c85b149f44e9dc61e4a5bfe4369a1 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 30 Dec 2020 11:03:12 +0100 Subject: [PATCH] Add protected pages to view authorizations --- apps/registration/tests.py | 2 +- apps/registration/views.py | 48 ++++++++++++++++++++++++++++++++++++-- tfjm/urls.py | 9 +++++-- 3 files changed, 54 insertions(+), 5 deletions(-) diff --git a/apps/registration/tests.py b/apps/registration/tests.py index b620b51..bd6c2f3 100644 --- a/apps/registration/tests.py +++ b/apps/registration/tests.py @@ -298,7 +298,7 @@ class TestRegistration(TestCase): self.assertTrue(getattr(self.student.registration, auth_type)) response = self.client.get(reverse( - auth_type, args=(self.student.registration.photo_authorization.name.split('/')[-1],))) + auth_type, args=(getattr(self.student.registration, auth_type).name.split('/')[-1],))) self.assertEqual(response.status_code, 200) from participation.models import Team diff --git a/apps/registration/views.py b/apps/registration/views.py index f36f477..cf2287a 100644 --- a/apps/registration/views.py +++ b/apps/registration/views.py @@ -21,7 +21,7 @@ from tfjm.views import AdminMixin, UserMixin from .forms import CoachRegistrationForm, HealthSheetForm, ParentalAuthorizationForm, PhotoAuthorizationForm,\ SignupForm, StudentRegistrationForm, UserForm -from .models import Registration, StudentRegistration +from .models import Registration, StudentRegistration, ParticipantRegistration from .tables import RegistrationTable @@ -284,7 +284,7 @@ class PhotoAuthorizationView(LoginRequiredMixin, View): path = f"media/authorization/photo/{filename}" if not os.path.exists(path): raise Http404 - student = StudentRegistration.objects.get(photo_authorization__endswith=filename) + student = ParticipantRegistration.objects.get(photo_authorization__endswith=filename) user = request.user if not user.registration.is_admin and user.pk != student.user.pk: raise PermissionDenied @@ -297,6 +297,50 @@ class PhotoAuthorizationView(LoginRequiredMixin, View): return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name) +class HealthSheetView(LoginRequiredMixin, View): + """ + Display the sent health sheet. + """ + def get(self, request, *args, **kwargs): + filename = kwargs["filename"] + path = f"media/authorization/health/{filename}" + if not os.path.exists(path): + raise Http404 + student = ParticipantRegistration.objects.get(health_sheet__endswith=filename) + user = request.user + if not user.registration.is_admin and user.pk != student.user.pk: + raise PermissionDenied + # Guess mime type of the file + mime = Magic(mime=True) + mime_type = mime.from_file(path) + ext = mime_type.split("/")[1].replace("jpeg", "jpg") + # Replace file name + true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext) + return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name) + + +class ParentalAuthorizationView(LoginRequiredMixin, View): + """ + Display the sent parental authorization. + """ + def get(self, request, *args, **kwargs): + filename = kwargs["filename"] + path = f"media/authorization/parental/{filename}" + if not os.path.exists(path): + raise Http404 + student = StudentRegistration.objects.get(parental_authorization__endswith=filename) + user = request.user + if not user.registration.is_admin and user.pk != student.user.pk: + raise PermissionDenied + # Guess mime type of the file + mime = Magic(mime=True) + mime_type = mime.from_file(path) + ext = mime_type.split("/")[1].replace("jpeg", "jpg") + # Replace file name + true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext) + return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name) + + class UserImpersonateView(LoginRequiredMixin, RedirectView): """ An administrator can log in through this page as someone else, and act as this other person. diff --git a/tfjm/urls.py b/tfjm/urls.py index 7028df1..e17c56a 100644 --- a/tfjm/urls.py +++ b/tfjm/urls.py @@ -21,7 +21,7 @@ from django.contrib import admin from django.urls import include, path from django.views.defaults import bad_request, page_not_found, permission_denied, server_error from django.views.generic import TemplateView -from registration.views import PhotoAuthorizationView +from registration.views import HealthSheetView, ParentalAuthorizationView, PhotoAuthorizationView from .views import AdminSearchView @@ -38,7 +38,12 @@ urlpatterns = [ path('participation/', include('participation.urls')), path('registration/', include('registration.urls')), - path('media/authorization/photo//', PhotoAuthorizationView.as_view(), name='photo_authorization'), + path('media/authorization/photo//', PhotoAuthorizationView.as_view(), + name='photo_authorization'), + path('media/authorization/health//', HealthSheetView.as_view(), + name='health_sheet'), + path('media/authorization/parental//', ParentalAuthorizationView.as_view(), + name='parental_authorization'), path('', include('eastereggs.urls')), ]