# -*- encoding: utf-8 -*
from django.conf.urls.defaults import patterns, url, include
+from django.conf import settings
urlpatterns = patterns(
'project.dae.views',
+ (r'^prive/(?P<path>.*)$', 'mediaserve', {'document_root': settings.PRIVE_MEDIA_ROOT}),
url(r'^$', 'index', name='dae_index'),
# poste
from django.core.urlresolvers import reverse
from django.http import Http404, HttpResponse, HttpResponseGone
from django.shortcuts import redirect, render_to_response, get_object_or_404
+from django.views.static import serve
from django.template import Context, RequestContext
from django.template.loader import get_template
from django.contrib import messages
poste_est_modifiable
from forms import *
from workflow import POSTE_ETAT_DRH_FINALISATION, DOSSIER_ETAT_REFUSE
+from decorators import redirect_interdiction
def devises():
liste = []
data.append({'id' : o.id, 'label' : o.__unicode__(), })
return HttpResponse(dumps(data))
+################################################################################
+# MEDIA PRIVE
+################################################################################
+
+def mediaserve(request, path, document_root=None, show_indexes=False):
+ """
+ Sécuriser l'accès aux fichiers uploadés
+ """
+ ct, id, filename = path.split('/')
+
+ grant_ok = False
+ user = request.user
+ if not user.is_authenticated():
+ return redirect_interdiction(request)
+
+ if ct == 'poste':
+ grant_ok = dae.Poste.objects.ma_region_ou_service(user).filter(id=id).count() > 0
+ if ct == 'dossier':
+ grant_ok = dae.Dossier.objects.ma_region_ou_service(user).filter(id=id).count() > 0
+
+ if not grant_ok:
+ return redirect_interdiction(request)
+
+ return serve(request, path, document_root, show_indexes)
+
# trailing slash if there is a path component (optional in other cases).
# Examples: "http://media.lawrence.com", "http://example.com/media/"
MEDIA_URL = '/media/'
-PRIVE_MEDIA_URL = '/prive/'
+PRIVE_MEDIA_URL = '/dae/prive/'
# URL prefix for admin media -- CSS, JavaScript and images. Make sure to use a
(r'^deconnexion/$', 'django.contrib.auth.views.logout'),
(r'^dae/', include('project.dae.urls')),
(r'^', include('project.rh.urls')),
- (r'^prive/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.PRIVE_MEDIA_ROOT}),
)
if settings.DEBUG: