klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2024-11-21 21:53:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

apply review comment

Browse Source
This commit is contained in:
thomas girod 2024-08-05 10:46:15 +02:00
parent a5e4db99fb
commit a637742bb0
4 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/lookups.py
View File

@ -21,12 +21,12 @@ from club.models import Club
from core.models import Group, SithFile, User from core.models import Group, SithFile, User
from core.views.site import search_user from core.views.site import search_user
from counter.models import Counter, Customer, Product from counter.models import Counter, Customer, Product
from counter.utils import sent_from_logged_counter from counter.utils import is_logged_in_counter
class RightManagedLookupChannel(LookupChannel): class RightManagedLookupChannel(LookupChannel):
def check_auth(self, request): def check_auth(self, request):
if not request.user.was_subscribed and not sent_from_logged_counter(request): if not request.user.was_subscribed and not is_logged_in_counter(request):
raise PermissionDenied raise PermissionDenied

8
core/views/files.py
View File

@ -12,7 +12,7 @@
# OR WITHIN THE LOCAL FILE "LICENSE" # OR WITHIN THE LOCAL FILE "LICENSE"
# #
# #
from urllib.parse import quote from urllib.parse import quote, urljoin
# This file contains all the views that concern the page model # This file contains all the views that concern the page model
from wsgiref.util import FileWrapper from wsgiref.util import FileWrapper
@ -38,7 +38,7 @@ from core.views import (
CanViewMixin, CanViewMixin,
can_view, can_view,
) )
from counter.utils import sent_from_logged_counter from counter.utils import is_logged_in_counter
def send_file( def send_file(
@ -55,7 +55,7 @@ def send_file(
In debug mode, the server will directly send the file. In debug mode, the server will directly send the file.
""" """
f = get_object_or_404(file_class, id=file_id) f = get_object_or_404(file_class, id=file_id)
if not can_view(f, request.user) and not sent_from_logged_counter(request): if not can_view(f, request.user) and not is_logged_in_counter(request):
raise PermissionDenied raise PermissionDenied
name = getattr(f, file_attr).name name = getattr(f, file_attr).name
filepath = settings.MEDIA_ROOT / name filepath = settings.MEDIA_ROOT / name
@ -71,7 +71,7 @@ def send_file(
# so please do not mess with this. # so please do not mess with this.
response = HttpResponse(status=200) response = HttpResponse(status=200)
response["Content-Type"] = "" response["Content-Type"] = ""
response["X-Accel-Redirect"] = f"/data/{quote(name)}" response["X-Accel-Redirect"] = quote(urljoin(settings.MEDIA_URL, name))
return response return response
with open(filepath, "rb") as filename: with open(filepath, "rb") as filename:

2
counter/utils.py
View File

@ -6,7 +6,7 @@ from django.urls import resolve
from counter.models import Counter from counter.models import Counter
def sent_from_logged_counter(request: HttpRequest) -> bool: def is_logged_in_counter(request: HttpRequest) -> bool:
"""Check if the request is sent from a device logged to a counter. """Check if the request is sent from a device logged to a counter.
The request must also be sent within the frame of a counter's activity. The request must also be sent within the frame of a counter's activity.

10
counter/views.py
View File

@ -80,7 +80,7 @@ from counter.models import (
Selling, Selling,
StudentCard, StudentCard,
) )
from counter.utils import sent_from_logged_counter from counter.utils import is_logged_in_counter
class CounterAdminMixin(View): class CounterAdminMixin(View):
@ -904,7 +904,7 @@ class RefillingDeleteView(DeleteView):
self.object = self.get_object() self.object = self.get_object()
if timezone.now() - self.object.date <= timedelta( if timezone.now() - self.object.date <= timedelta(
minutes=settings.SITH_LAST_OPERATIONS_LIMIT minutes=settings.SITH_LAST_OPERATIONS_LIMIT
) and sent_from_logged_counter(request): ) and is_logged_in_counter(request):
self.success_url = reverse( self.success_url = reverse(
"counter:details", kwargs={"counter_id": self.object.counter.id} "counter:details", kwargs={"counter_id": self.object.counter.id}
) )
@ -929,7 +929,7 @@ class SellingDeleteView(DeleteView):
self.object = self.get_object() self.object = self.get_object()
if timezone.now() - self.object.date <= timedelta( if timezone.now() - self.object.date <= timedelta(
minutes=settings.SITH_LAST_OPERATIONS_LIMIT minutes=settings.SITH_LAST_OPERATIONS_LIMIT
) and sent_from_logged_counter(request): ) and is_logged_in_counter(request):
self.success_url = reverse( self.success_url = reverse(
"counter:details", kwargs={"counter_id": self.object.counter.id} "counter:details", kwargs={"counter_id": self.object.counter.id}
) )
@ -1164,7 +1164,7 @@ class CounterLastOperationsView(CounterTabsMixin, CanViewMixin, DetailView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
"""We have here again a very particular right handling.""" """We have here again a very particular right handling."""
self.object = self.get_object() self.object = self.get_object()
if sent_from_logged_counter(request) and self.object.barmen_list: if is_logged_in_counter(request) and self.object.barmen_list:
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
return HttpResponseRedirect( return HttpResponseRedirect(
reverse("counter:details", kwargs={"counter_id": self.object.id}) reverse("counter:details", kwargs={"counter_id": self.object.id})
@ -1197,7 +1197,7 @@ class CounterCashSummaryView(CounterTabsMixin, CanViewMixin, DetailView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
"""We have here again a very particular right handling.""" """We have here again a very particular right handling."""
self.object = self.get_object() self.object = self.get_object()
if sent_from_logged_counter(request) and self.object.barmen_list: if is_logged_in_counter(request) and self.object.barmen_list:
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
return HttpResponseRedirect( return HttpResponseRedirect(
reverse("counter:details", kwargs={"counter_id": self.object.id}) reverse("counter:details", kwargs={"counter_id": self.object.id})