Add protected pages to view authorizations

2025-11-04 15:22:26 +01:00 · 2020-12-30 11:03:12 +01:00
parent 6611c1c896
commit e2e2c97584
3 changed files with 54 additions and 5 deletions
--- a/apps/registration/tests.py
+++ b/apps/registration/tests.py
@@ -298,7 +298,7 @@ class TestRegistration(TestCase):
            self.assertTrue(getattr(self.student.registration, auth_type))

            response = self.client.get(reverse(
-                auth_type, args=(self.student.registration.photo_authorization.name.split('/')[-1],)))
+                auth_type, args=(getattr(self.student.registration, auth_type).name.split('/')[-1],)))
            self.assertEqual(response.status_code, 200)

        from participation.models import Team
--- a/apps/registration/views.py
+++ b/apps/registration/views.py
@@ -21,7 +21,7 @@ from tfjm.views import AdminMixin, UserMixin

 from .forms import CoachRegistrationForm, HealthSheetForm, ParentalAuthorizationForm, PhotoAuthorizationForm,\
    SignupForm, StudentRegistrationForm, UserForm
-from .models import Registration, StudentRegistration
+from .models import Registration, StudentRegistration, ParticipantRegistration
 from .tables import RegistrationTable


@@ -284,7 +284,7 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
        path = f"media/authorization/photo/{filename}"
        if not os.path.exists(path):
            raise Http404
-        student = StudentRegistration.objects.get(photo_authorization__endswith=filename)
+        student = ParticipantRegistration.objects.get(photo_authorization__endswith=filename)
        user = request.user
        if not user.registration.is_admin and user.pk != student.user.pk:
            raise PermissionDenied
@@ -297,6 +297,50 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)


+class HealthSheetView(LoginRequiredMixin, View):
+    """
+    Display the sent health sheet.
+    """
+    def get(self, request, *args, **kwargs):
+        filename = kwargs["filename"]
+        path = f"media/authorization/health/{filename}"
+        if not os.path.exists(path):
+            raise Http404
+        student = ParticipantRegistration.objects.get(health_sheet__endswith=filename)
+        user = request.user
+        if not user.registration.is_admin and user.pk != student.user.pk:
+            raise PermissionDenied
+        # Guess mime type of the file
+        mime = Magic(mime=True)
+        mime_type = mime.from_file(path)
+        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
+        # Replace file name
+        true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext)
+        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
+class ParentalAuthorizationView(LoginRequiredMixin, View):
+    """
+    Display the sent parental authorization.
+    """
+    def get(self, request, *args, **kwargs):
+        filename = kwargs["filename"]
+        path = f"media/authorization/parental/{filename}"
+        if not os.path.exists(path):
+            raise Http404
+        student = StudentRegistration.objects.get(parental_authorization__endswith=filename)
+        user = request.user
+        if not user.registration.is_admin and user.pk != student.user.pk:
+            raise PermissionDenied
+        # Guess mime type of the file
+        mime = Magic(mime=True)
+        mime_type = mime.from_file(path)
+        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
+        # Replace file name
+        true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext)
+        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
 class UserImpersonateView(LoginRequiredMixin, RedirectView):
    """
    An administrator can log in through this page as someone else, and act as this other person.
--- a/tfjm/urls.py
+++ b/tfjm/urls.py
@@ -21,7 +21,7 @@ from django.contrib import admin
 from django.urls import include, path
 from django.views.defaults import bad_request, page_not_found, permission_denied, server_error
 from django.views.generic import TemplateView
-from registration.views import PhotoAuthorizationView
+from registration.views import HealthSheetView, ParentalAuthorizationView, PhotoAuthorizationView

 from .views import AdminSearchView

@@ -38,7 +38,12 @@ urlpatterns = [
    path('participation/', include('participation.urls')),
    path('registration/', include('registration.urls')),

-    path('media/authorization/photo/<str:filename>/', PhotoAuthorizationView.as_view(), name='photo_authorization'),
+    path('media/authorization/photo/<str:filename>/', PhotoAuthorizationView.as_view(),
+         name='photo_authorization'),
+    path('media/authorization/health/<str:filename>/', HealthSheetView.as_view(),
+         name='health_sheet'),
+    path('media/authorization/parental/<str:filename>/', ParentalAuthorizationView.as_view(),
+         name='parental_authorization'),

    path('', include('eastereggs.urls')),
 ]