Désactivé USE_THOUSAND_SEPARATOR parce que ça brise django-ajax-selects
[auf_rh_dae.git] / project / views.py
1 # -*- encoding: utf-8 -*-
2
3 import os
4 from sendfile import sendfile
5
6 from django.conf import settings
7 from django.contrib.auth.decorators import login_required
8 from django.contrib.auth.views import login
9 from django.http import Http404
10
11 from project.decorators import redirect_interdiction
12 from project.rh import models as rh_models
13 from project.dae import models as dae_models
14
15
16 def index(request):
17 return login(request, template_name='index.html')
18
19
20 @login_required
21 def piece(request, filename):
22 """Téléchargement d'une pièce jointe à un poste."""
23 # compatibilité avec DAE prod avant sécurité
24 try:
25 app, model, id, f = filename.split('/')
26 except:
27 path = os.path.join(settings.PRIVE_MEDIA_ROOT, filename)
28 return sendfile(request, path)
29
30 if app == 'rh':
31 application = rh_models
32 elif app == 'dae':
33 application = dae_models
34 else:
35 assert False
36 if model == 'contrat':
37 # TODO definir peut-être un controle d'accès
38 for contrat in application.Contrat.objects.filter(fichier=filename):
39 if contrat.fichier.name == filename:
40 return sendfile(request, contrat.fichier.path)
41 raise Http404
42 elif model == 'employe':
43 # TODO definir peut-être un controle d'accès
44 for piece in application.EmployePiece.objects.filter(fichier=filename):
45 if piece.fichier.name == filename:
46 return sendfile(request, piece.fichier.path)
47 raise Http404
48 elif model == 'poste':
49 for piece in application.PostePiece.objects.filter(fichier=filename):
50 if piece.fichier.name == filename:
51 if application.Poste.objects \
52 .ma_region_ou_service(request.user) \
53 .filter(id=piece.poste_id).exists():
54 return sendfile(request, piece.fichier.path)
55 else:
56 return redirect_interdiction(request)
57 raise Http404
58 elif model == 'dossier':
59 for piece in application.DossierPiece.objects.filter(fichier=filename):
60 if piece.fichier.name == filename:
61 if application.Dossier.objects \
62 .ma_region_ou_service(request.user) \
63 .filter(id=piece.dossier_id).exists():
64 return sendfile(request, piece.fichier.path)
65 else:
66 return redirect_interdiction(request)
67 raise Http404