project/views.py

   1 # -*- encoding: utf-8 -*-
   2
   3 import os
   4 from sendfile import sendfile
   5
   6 from django.conf import settings
   7 from django.shortcuts import render
   8 from django.contrib.auth.decorators import login_required
   9 from django.http import Http404
  10
  11 from project.decorators import redirect_interdiction
  12 from project.rh import models as rh_models
  13 from project.dae import models as dae_models
  14
  15
  16 @login_required
  17 def index(request):
  18     c = {}
  19     return render(request, 'index.html', c)
  20
  21
  22 @login_required
  23 def piece(request, filename):
  24     """Téléchargement d'une pièce jointe à un poste."""
  25     # compatibilité avec DAE prod avant sécurité
  26     try:
  27         app, model, id, f = filename.split('/')
  28     except:
  29         path = os.path.join(settings.PRIVE_MEDIA_ROOT, filename)
  30         return sendfile(request, path)
  31
  32     if app == 'rh':
  33         application = rh_models
  34     elif app == 'dae':
  35         application = dae_models
  36     else:
  37         assert False
  38     if model == 'contrat':
  39         # TODO definir peut-être un controle d'accès
  40         for contrat in application.Contrat.objects.filter(fichier=filename):
  41             if contrat.fichier.name == filename:
  42                 return sendfile(request, contrat.fichier.path)
  43         raise Http404
  44     elif model == 'employe':
  45         # TODO definir peut-être un controle d'accès
  46         for piece in application.EmployePiece.objects.filter(fichier=filename):
  47             if piece.fichier.name == filename:
  48                 return sendfile(request, piece.fichier.path)
  49         raise Http404
  50     elif model == 'poste':
  51         for piece in application.PostePiece.objects.filter(fichier=filename):
  52             if piece.fichier.name == filename:
  53                 if application.Poste.objects \
  54                    .ma_region_ou_service(request.user) \
  55                    .filter(id=piece.poste_id).exists():
  56                     return sendfile(request, piece.fichier.path)
  57                 else:
  58                     return redirect_interdiction(request)
  59         raise Http404
  60     elif model == 'dossier':
  61         for piece in application.DossierPiece.objects.filter(fichier=filename):
  62             if piece.fichier.name == filename:
  63                 if application.Dossier.objects \
  64                    .ma_region_ou_service(request.user) \
  65                    .filter(id=piece.dossier_id).exists():
  66                     return sendfile(request, piece.fichier.path)
  67                 else:
  68                     return redirect_interdiction(request)
  69         raise Http404