X-Git-Url: http://git.auf.org/?p=auf_rh_dae.git;a=blobdiff_plain;f=project%2Fviews.py;h=fd832643650194dda3918378af38a1a165d6c271;hp=c69b5a60c186a56477470e67c669881eefba7e59;hb=332de18540677c8aaad118f02ce4e04fa5ed2bab;hpb=5633fa4114a769f9c0b0c2b09f1838c58fb388fe diff --git a/project/views.py b/project/views.py index c69b5a6..fd83264 100644 --- a/project/views.py +++ b/project/views.py @@ -1,8 +1,69 @@ # -*- encoding: utf-8 -*- -from django.shortcuts import render_to_response -from django.template import RequestContext -from project.dae.decorators import dae_groupe_requis -@dae_groupe_requis +import os +from sendfile import sendfile + +from django.conf import settings +from django.shortcuts import render +from django.contrib.auth.decorators import login_required +from django.http import Http404 + +from project.decorators import redirect_interdiction +from project.rh import models as rh_models +from project.dae import models as dae_models + + +@login_required def index(request): - return render_to_response('index.html', {}, RequestContext(request)) + c = {} + return render(request, 'index.html', c) + + +@login_required +def piece(request, filename): + """Téléchargement d'une pièce jointe à un poste.""" + # compatibilité avec DAE prod avant sécurité + try: + app, model, id, f = filename.split('/') + except: + path = os.path.join(settings.PRIVE_MEDIA_ROOT, filename) + return sendfile(request, path) + + if app == 'rh': + application = rh_models + elif app == 'dae': + application = dae_models + else: + assert False + if model == 'contrat': + # TODO definir peut-être un controle d'accès + for contrat in application.Contrat.objects.filter(fichier=filename): + if contrat.fichier.name == filename: + return sendfile(request, contrat.fichier.path) + raise Http404 + elif model == 'employe': + # TODO definir peut-être un controle d'accès + for piece in application.EmployePiece.objects.filter(fichier=filename): + if piece.fichier.name == filename: + return sendfile(request, piece.fichier.path) + raise Http404 + elif model == 'poste': + for piece in application.PostePiece.objects.filter(fichier=filename): + if piece.fichier.name == filename: + if application.Poste.objects \ + .ma_region_ou_service(request.user) \ + .filter(id=piece.poste_id).exists(): + return sendfile(request, piece.fichier.path) + else: + return redirect_interdiction(request) + raise Http404 + elif model == 'dossier': + for piece in application.DossierPiece.objects.filter(fichier=filename): + if piece.fichier.name == filename: + if application.Dossier.objects \ + .ma_region_ou_service(request.user) \ + .filter(id=piece.dossier_id).exists(): + return sendfile(request, piece.fichier.path) + else: + return redirect_interdiction(request) + raise Http404