# -*- encoding: utf-8 -*-
+
+import os
+from sendfile import sendfile
+
+from django.conf import settings
+from django.shortcuts import render
from django.contrib.auth.decorators import login_required
-from django.shortcuts import render_to_response
-from django.template import RequestContext
+from django.http import Http404
+
+from project.decorators import redirect_interdiction
+from project.rh import models as rh_models
+from project.dae import models as dae_models
-import rh.models as rh
@login_required
-def accueil(request):
- """Accueil = Tableau de bord de l'utilisateur"""
- rc = RequestContext(request)
+def index(request):
c = {}
-
- # TODO : debug
- employes = rh.Employe.objects.filter(actif=True).exclude(supprime=True).order_by('?')
-
- c['employes'] = employes[0:10]
- return render_to_response('accueil.html', c, rc)
-
-def erreur404(request) :
- c = {
- 'user':request.user,
- }
- return render_to_response('404.html', c,
- context_instance = RequestContext(request))
-
-def erreur500(request) :
- c = {
- 'user':request.user,
- }
- return render_to_response('500.html', c,
- context_instance = RequestContext(request))
-
-def erreur550(request) :
- c = {
- 'user':request.user,
- }
- return render_to_response('550.html', c,
- context_instance = RequestContext(request))
+ return render(request, 'index.html', c)
+
+
+@login_required
+def piece(request, filename):
+ """Téléchargement d'une pièce jointe à un poste."""
+ # compatibilité avec DAE prod avant sécurité
+ try:
+ app, model, id, f = filename.split('/')
+ except:
+ path = os.path.join(settings.PRIVE_MEDIA_ROOT, filename)
+ return sendfile(request, path)
+
+ if app == 'rh':
+ application = rh_models
+ elif app == 'dae':
+ application = dae_models
+ else:
+ assert False
+ if model == 'contrat':
+ # TODO definir peut-être un controle d'accès
+ for contrat in application.Contrat.objects.filter(fichier=filename):
+ if contrat.fichier.name == filename:
+ return sendfile(request, contrat.fichier.path)
+ raise Http404
+ elif model == 'employe':
+ # TODO definir peut-être un controle d'accès
+ for piece in application.EmployePiece.objects.filter(fichier=filename):
+ if piece.fichier.name == filename:
+ return sendfile(request, piece.fichier.path)
+ raise Http404
+ elif model == 'poste':
+ for piece in application.PostePiece.objects.filter(fichier=filename):
+ if piece.fichier.name == filename:
+ if application.Poste.objects \
+ .ma_region_ou_service(request.user) \
+ .filter(id=piece.poste_id).exists():
+ return sendfile(request, piece.fichier.path)
+ else:
+ return redirect_interdiction(request)
+ raise Http404
+ elif model == 'dossier':
+ for piece in application.DossierPiece.objects.filter(fichier=filename):
+ if piece.fichier.name == filename:
+ if application.Dossier.objects \
+ .ma_region_ou_service(request.user) \
+ .filter(id=piece.dossier_id).exists():
+ return sendfile(request, piece.fichier.path)
+ else:
+ return redirect_interdiction(request)
+ raise Http404
projets / auf_rh_dae.git / blobdiff