Add protected pages to view authorizations

apps/registration/tests.py

@@ -298,7 +298,7 @@ class TestRegistration(TestCase):
             self.assertTrue(getattr(self.student.registration, auth_type))
 
             response = self.client.get(reverse(
-                auth_type, args=(self.student.registration.photo_authorization.name.split('/')[-1],)))
+                auth_type, args=(getattr(self.student.registration, auth_type).name.split('/')[-1],)))
             self.assertEqual(response.status_code, 200)
 
         from participation.models import Team

apps/registration/views.py

@@ -21,7 +21,7 @@ from tfjm.views import AdminMixin, UserMixin
 
 from .forms import CoachRegistrationForm, HealthSheetForm, ParentalAuthorizationForm, PhotoAuthorizationForm,\
     SignupForm, StudentRegistrationForm, UserForm
-from .models import Registration, StudentRegistration
+from .models import Registration, StudentRegistration, ParticipantRegistration
 from .tables import RegistrationTable
 
 
@@ -284,7 +284,7 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
         path = f"media/authorization/photo/{filename}"
         if not os.path.exists(path):
             raise Http404
-        student = StudentRegistration.objects.get(photo_authorization__endswith=filename)
+        student = ParticipantRegistration.objects.get(photo_authorization__endswith=filename)
         user = request.user
         if not user.registration.is_admin and user.pk != student.user.pk:
             raise PermissionDenied
@@ -297,6 +297,50 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
         return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
 
 
+class HealthSheetView(LoginRequiredMixin, View):
+    """
+    Display the sent health sheet.
+    """
+    def get(self, request, *args, **kwargs):
+        filename = kwargs["filename"]
+        path = f"media/authorization/health/{filename}"
+        if not os.path.exists(path):
+            raise Http404
+        student = ParticipantRegistration.objects.get(health_sheet__endswith=filename)
+        user = request.user
+        if not user.registration.is_admin and user.pk != student.user.pk:
+            raise PermissionDenied
+        # Guess mime type of the file
+        mime = Magic(mime=True)
+        mime_type = mime.from_file(path)
+        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
+        # Replace file name
+        true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext)
+        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
+class ParentalAuthorizationView(LoginRequiredMixin, View):
+    """
+    Display the sent parental authorization.
+    """
+    def get(self, request, *args, **kwargs):
+        filename = kwargs["filename"]
+        path = f"media/authorization/parental/{filename}"
+        if not os.path.exists(path):
+            raise Http404
+        student = StudentRegistration.objects.get(parental_authorization__endswith=filename)
+        user = request.user
+        if not user.registration.is_admin and user.pk != student.user.pk:
+            raise PermissionDenied
+        # Guess mime type of the file
+        mime = Magic(mime=True)
+        mime_type = mime.from_file(path)
+        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
+        # Replace file name
+        true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext)
+        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
 class UserImpersonateView(LoginRequiredMixin, RedirectView):
     """
     An administrator can log in through this page as someone else, and act as this other person.