Add protected pages to view authorizations

2025-06-21 18:38:26 +02:00 · 2020-12-30 11:03:12 +01:00
parent 6611c1c896
commit e2e2c97584
3 changed files with 54 additions and 5 deletions
--- a/apps/registration/tests.py
+++ b/apps/registration/tests.py
@ -298,7 +298,7 @@ class TestRegistration(TestCase):
            self.assertTrue(getattr(self.student.registration, auth_type))

            response = self.client.get(reverse(
-                auth_type, args=(self.student.registration.photo_authorization.name.split('/')[-1],)))
+                auth_type, args=(getattr(self.student.registration, auth_type).name.split('/')[-1],)))
            self.assertEqual(response.status_code, 200)

        from participation.models import Team
--- a/apps/registration/views.py
+++ b/apps/registration/views.py
@ -21,7 +21,7 @@ from tfjm.views import AdminMixin, UserMixin

 from .forms import CoachRegistrationForm, HealthSheetForm, ParentalAuthorizationForm, PhotoAuthorizationForm,\
    SignupForm, StudentRegistrationForm, UserForm
-from .models import Registration, StudentRegistration
+from .models import Registration, StudentRegistration, ParticipantRegistration
 from .tables import RegistrationTable


@ -284,7 +284,7 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
        path = f"media/authorization/photo/{filename}"
        if not os.path.exists(path):
            raise Http404
-        student = StudentRegistration.objects.get(photo_authorization__endswith=filename)
+        student = ParticipantRegistration.objects.get(photo_authorization__endswith=filename)
        user = request.user
        if not user.registration.is_admin and user.pk != student.user.pk:
            raise PermissionDenied
@ -297,6 +297,50 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)


+class HealthSheetView(LoginRequiredMixin, View):
+    """
+    Display the sent health sheet.
+    """
+    def get(self, request, *args, **kwargs):
+        filename = kwargs["filename"]
+        path = f"media/authorization/health/{filename}"
+        if not os.path.exists(path):
+            raise Http404
+        student = ParticipantRegistration.objects.get(health_sheet__endswith=filename)
+        user = request.user
+        if not user.registration.is_admin and user.pk != student.user.pk:
+            raise PermissionDenied
+        # Guess mime type of the file
+        mime = Magic(mime=True)
+        mime_type = mime.from_file(path)
+        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
+        # Replace file name
+        true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext)
+        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
+class ParentalAuthorizationView(LoginRequiredMixin, View):
+    """
+    Display the sent parental authorization.
+    """
+    def get(self, request, *args, **kwargs):
+        filename = kwargs["filename"]
+        path = f"media/authorization/parental/{filename}"
+        if not os.path.exists(path):
+            raise Http404
+        student = StudentRegistration.objects.get(parental_authorization__endswith=filename)
+        user = request.user
+        if not user.registration.is_admin and user.pk != student.user.pk:
+            raise PermissionDenied
+        # Guess mime type of the file
+        mime = Magic(mime=True)
+        mime_type = mime.from_file(path)
+        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
+        # Replace file name
+        true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext)
+        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
 class UserImpersonateView(LoginRequiredMixin, RedirectView):
    """
    An administrator can log in through this page as someone else, and act as this other person.