mirror of
https://gitlab.com/animath/si/plateforme.git
synced 2024-12-25 05:42:23 +00:00
Add protected pages to view authorizations
This commit is contained in:
parent
6611c1c896
commit
e2e2c97584
@ -298,7 +298,7 @@ class TestRegistration(TestCase):
|
|||||||
self.assertTrue(getattr(self.student.registration, auth_type))
|
self.assertTrue(getattr(self.student.registration, auth_type))
|
||||||
|
|
||||||
response = self.client.get(reverse(
|
response = self.client.get(reverse(
|
||||||
auth_type, args=(self.student.registration.photo_authorization.name.split('/')[-1],)))
|
auth_type, args=(getattr(self.student.registration, auth_type).name.split('/')[-1],)))
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
from participation.models import Team
|
from participation.models import Team
|
||||||
|
@ -21,7 +21,7 @@ from tfjm.views import AdminMixin, UserMixin
|
|||||||
|
|
||||||
from .forms import CoachRegistrationForm, HealthSheetForm, ParentalAuthorizationForm, PhotoAuthorizationForm,\
|
from .forms import CoachRegistrationForm, HealthSheetForm, ParentalAuthorizationForm, PhotoAuthorizationForm,\
|
||||||
SignupForm, StudentRegistrationForm, UserForm
|
SignupForm, StudentRegistrationForm, UserForm
|
||||||
from .models import Registration, StudentRegistration
|
from .models import Registration, StudentRegistration, ParticipantRegistration
|
||||||
from .tables import RegistrationTable
|
from .tables import RegistrationTable
|
||||||
|
|
||||||
|
|
||||||
@ -284,7 +284,7 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
|
|||||||
path = f"media/authorization/photo/{filename}"
|
path = f"media/authorization/photo/{filename}"
|
||||||
if not os.path.exists(path):
|
if not os.path.exists(path):
|
||||||
raise Http404
|
raise Http404
|
||||||
student = StudentRegistration.objects.get(photo_authorization__endswith=filename)
|
student = ParticipantRegistration.objects.get(photo_authorization__endswith=filename)
|
||||||
user = request.user
|
user = request.user
|
||||||
if not user.registration.is_admin and user.pk != student.user.pk:
|
if not user.registration.is_admin and user.pk != student.user.pk:
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
@ -297,6 +297,50 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
|
|||||||
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
||||||
|
|
||||||
|
|
||||||
|
class HealthSheetView(LoginRequiredMixin, View):
|
||||||
|
"""
|
||||||
|
Display the sent health sheet.
|
||||||
|
"""
|
||||||
|
def get(self, request, *args, **kwargs):
|
||||||
|
filename = kwargs["filename"]
|
||||||
|
path = f"media/authorization/health/{filename}"
|
||||||
|
if not os.path.exists(path):
|
||||||
|
raise Http404
|
||||||
|
student = ParticipantRegistration.objects.get(health_sheet__endswith=filename)
|
||||||
|
user = request.user
|
||||||
|
if not user.registration.is_admin and user.pk != student.user.pk:
|
||||||
|
raise PermissionDenied
|
||||||
|
# Guess mime type of the file
|
||||||
|
mime = Magic(mime=True)
|
||||||
|
mime_type = mime.from_file(path)
|
||||||
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
||||||
|
# Replace file name
|
||||||
|
true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext)
|
||||||
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
||||||
|
|
||||||
|
|
||||||
|
class ParentalAuthorizationView(LoginRequiredMixin, View):
|
||||||
|
"""
|
||||||
|
Display the sent parental authorization.
|
||||||
|
"""
|
||||||
|
def get(self, request, *args, **kwargs):
|
||||||
|
filename = kwargs["filename"]
|
||||||
|
path = f"media/authorization/parental/{filename}"
|
||||||
|
if not os.path.exists(path):
|
||||||
|
raise Http404
|
||||||
|
student = StudentRegistration.objects.get(parental_authorization__endswith=filename)
|
||||||
|
user = request.user
|
||||||
|
if not user.registration.is_admin and user.pk != student.user.pk:
|
||||||
|
raise PermissionDenied
|
||||||
|
# Guess mime type of the file
|
||||||
|
mime = Magic(mime=True)
|
||||||
|
mime_type = mime.from_file(path)
|
||||||
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
||||||
|
# Replace file name
|
||||||
|
true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext)
|
||||||
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
||||||
|
|
||||||
|
|
||||||
class UserImpersonateView(LoginRequiredMixin, RedirectView):
|
class UserImpersonateView(LoginRequiredMixin, RedirectView):
|
||||||
"""
|
"""
|
||||||
An administrator can log in through this page as someone else, and act as this other person.
|
An administrator can log in through this page as someone else, and act as this other person.
|
||||||
|
@ -21,7 +21,7 @@ from django.contrib import admin
|
|||||||
from django.urls import include, path
|
from django.urls import include, path
|
||||||
from django.views.defaults import bad_request, page_not_found, permission_denied, server_error
|
from django.views.defaults import bad_request, page_not_found, permission_denied, server_error
|
||||||
from django.views.generic import TemplateView
|
from django.views.generic import TemplateView
|
||||||
from registration.views import PhotoAuthorizationView
|
from registration.views import HealthSheetView, ParentalAuthorizationView, PhotoAuthorizationView
|
||||||
|
|
||||||
from .views import AdminSearchView
|
from .views import AdminSearchView
|
||||||
|
|
||||||
@ -38,7 +38,12 @@ urlpatterns = [
|
|||||||
path('participation/', include('participation.urls')),
|
path('participation/', include('participation.urls')),
|
||||||
path('registration/', include('registration.urls')),
|
path('registration/', include('registration.urls')),
|
||||||
|
|
||||||
path('media/authorization/photo/<str:filename>/', PhotoAuthorizationView.as_view(), name='photo_authorization'),
|
path('media/authorization/photo/<str:filename>/', PhotoAuthorizationView.as_view(),
|
||||||
|
name='photo_authorization'),
|
||||||
|
path('media/authorization/health/<str:filename>/', HealthSheetView.as_view(),
|
||||||
|
name='health_sheet'),
|
||||||
|
path('media/authorization/parental/<str:filename>/', ParentalAuthorizationView.as_view(),
|
||||||
|
name='parental_authorization'),
|
||||||
|
|
||||||
path('', include('eastereggs.urls')),
|
path('', include('eastereggs.urls')),
|
||||||
]
|
]
|
||||||
|
Loading…
Reference in New Issue
Block a user