project/views.py

   1 # -*- encoding: utf-8 -*-
   2
   3 import os
   4 from sendfile import sendfile
   5
   6 from django.conf import settings
   7 from django.contrib.auth.decorators import login_required
   8 from django.contrib.auth.views import login
   9 from django.http import Http404
  10
  11 from project.decorators import redirect_interdiction
  12 from project.rh import models as rh_models
  13 from project.dae import models as dae_models
  14
  15
  16 def index(request):
  17     return login(request, template_name='index.html')
  18
  19
  20 @login_required
  21 def piece(request, filename):
  22     """Téléchargement d'une pièce jointe à un poste."""
  23     # compatibilité avec DAE prod avant sécurité
  24     try:
  25         app, model, id, f = filename.split('/')
  26     except:
  27         path = os.path.join(settings.PRIVE_MEDIA_ROOT, filename)
  28         return sendfile(request, path)
  29
  30     if app == 'rh':
  31         application = rh_models
  32     elif app == 'dae':
  33         application = dae_models
  34     else:
  35         assert False
  36     if model == 'contrat':
  37         # TODO definir peut-être un controle d'accès
  38         for contrat in application.Contrat.objects.filter(fichier=filename):
  39             if contrat.fichier.name == filename:
  40                 return sendfile(request, contrat.fichier.path)
  41         raise Http404
  42     elif model == 'employe':
  43         # TODO definir peut-être un controle d'accès
  44         for piece in application.EmployePiece.objects.filter(fichier=filename):
  45             if piece.fichier.name == filename:
  46                 return sendfile(request, piece.fichier.path)
  47         raise Http404
  48     elif model == 'poste':
  49         for piece in application.PostePiece.objects.filter(fichier=filename):
  50             if piece.fichier.name == filename:
  51                 if application.Poste.objects \
  52                    .ma_region_ou_service(request.user) \
  53                    .filter(id=piece.poste_id).exists():
  54                     return sendfile(request, piece.fichier.path)
  55                 else:
  56                     return redirect_interdiction(request)
  57         raise Http404
  58     elif model == 'dossier':
  59         for piece in application.DossierPiece.objects.filter(fichier=filename):
  60             if piece.fichier.name == filename:
  61                 if application.Dossier.objects \
  62                    .ma_region_ou_service(request.user) \
  63                    .filter(id=piece.dossier_id).exists():
  64                     return sendfile(request, piece.fichier.path)
  65                 else:
  66                     return redirect_interdiction(request)
  67         raise Http404