[auf_rh_dae.git] / project / views.py

# -*- encoding: utf-8 -*-

import os
from sendfile import sendfile

from django.conf import settings
from django.shortcuts import render
from django.contrib.auth.decorators import login_required
from django.http import Http404

from project.decorators import redirect_interdiction
from project.rh import models as rh_models
from project.dae import models as dae_models


@login_required
def index(request):
    c = {}
    return render(request, 'index.html', c)


@login_required
def piece(request, filename):
    """Téléchargement d'une pièce jointe à un poste."""
    # compatibilité avec DAE prod avant sécurité
    try:
        app, model, id, f = filename.split('/')
    except:
        path = os.path.join(settings.PRIVE_MEDIA_ROOT, filename)
        return sendfile(request, path)

    if app == 'rh':
        application = rh_models
    elif app == 'dae':
        application = dae_models
    else:
        assert False
    if model == 'contrat':
        # TODO definir peut-être un controle d'accès
        for contrat in application.Contrat.objects.filter(fichier=filename):
            if contrat.fichier.name == filename:
                return sendfile(request, contrat.fichier.path)
        raise Http404
    elif model == 'employe':
        # TODO definir peut-être un controle d'accès
        for piece in application.EmployePiece.objects.filter(fichier=filename):
            if piece.fichier.name == filename:
                return sendfile(request, piece.fichier.path)
        raise Http404
    elif model == 'poste':
        for piece in application.PostePiece.objects.filter(fichier=filename):
            if piece.fichier.name == filename:
                if application.Poste.objects \
                   .ma_region_ou_service(request.user) \
                   .filter(id=piece.poste_id).exists():
                    return sendfile(request, piece.fichier.path)
                else:
                    return redirect_interdiction(request)
        raise Http404
    elif model == 'dossier':
        for piece in application.DossierPiece.objects.filter(fichier=filename):
            if piece.fichier.name == filename:
                if application.Dossier.objects \
                   .ma_region_ou_service(request.user) \
                   .filter(id=piece.dossier_id).exists():
                    return sendfile(request, piece.fichier.path)
                else:
                    return redirect_interdiction(request)
        raise Http404
Commit	Line	Data
	1	# -- encoding: utf-8 --
	2
	3	import os
	4	from sendfile import sendfile
	5
	6	from django.conf import settings
	7	from django.shortcuts import render
	8	from django.contrib.auth.decorators import login_required
	9	from django.http import Http404
	10
	11	from project.decorators import redirect_interdiction
	12	from project.rh import models as rh_models
	13	from project.dae import models as dae_models
	14
	15
	16	@login_required
	17	def index(request):
	18	c = {}
	19	return render(request, 'index.html', c)
	20
	21
	22	@login_required
	23	def piece(request, filename):
	24	"""Téléchargement d'une pièce jointe à un poste."""
	25	# compatibilité avec DAE prod avant sécurité
	26	try:
	27	app, model, id, f = filename.split('/')
	28	except:
	29	path = os.path.join(settings.PRIVE_MEDIA_ROOT, filename)
	30	return sendfile(request, path)
	31
	32	if app == 'rh':
	33	application = rh_models
	34	elif app == 'dae':
	35	application = dae_models
	36	else:
	37	assert False
	38	if model == 'contrat':
	39	# TODO definir peut-être un controle d'accès
	40	for contrat in application.Contrat.objects.filter(fichier=filename):
	41	if contrat.fichier.name == filename:
	42	return sendfile(request, contrat.fichier.path)
	43	raise Http404
	44	elif model == 'employe':
	45	# TODO definir peut-être un controle d'accès
	46	for piece in application.EmployePiece.objects.filter(fichier=filename):
	47	if piece.fichier.name == filename:
	48	return sendfile(request, piece.fichier.path)
	49	raise Http404
	50	elif model == 'poste':
	51	for piece in application.PostePiece.objects.filter(fichier=filename):
	52	if piece.fichier.name == filename:
	53	if application.Poste.objects \
	54	.ma_region_ou_service(request.user) \
	55	.filter(id=piece.poste_id).exists():
	56	return sendfile(request, piece.fichier.path)
	57	else:
	58	return redirect_interdiction(request)
	59	raise Http404
	60	elif model == 'dossier':
	61	for piece in application.DossierPiece.objects.filter(fichier=filename):
	62	if piece.fichier.name == filename:
	63	if application.Dossier.objects \
	64	.ma_region_ou_service(request.user) \
	65	.filter(id=piece.dossier_id).exists():
	66	return sendfile(request, piece.fichier.path)
	67	else:
	68	return redirect_interdiction(request)
	69	raise Http404