예제 #1
0
def new():
    # New call record form.
    # If no errors, forwards to /edit
    errors = []
    if not session['user_auth_level'] >= 100: #  read write
        log_access('new', 'access_denied: user is not read/write user or above')
        return render_template('access_denied.html')

    if request.method == 'POST':
        form = request.form.copy()
        [errors, id] = model.add_call_log(form)
        log_access('new', 'form recorded ' + str(id))

        model.delete_autosave_form(session['user_username'])
        if not errors:
            return redirect(url_for('edit', id=id))

    else:
        log_access('new')
        form = {'username': session['user_username'], 'user_id': session['user_id']}
    return render_template('new.html', form=form,
                            call_classification=model.get_call_classification(),
                            pt_hospital=model.get_pt_hospital(),
                            from_title=model.get_from_title(),
                            tagsource=model.get_tag_source(),
                            errors=errors)
예제 #2
0
def edit():
    # Edit call record form.
    errors = []
    message = None
    # can edit?
    if not session['user_auth_level'] >= 100:  # read write
        log_access('edit', 'access_denied: user is not read/write user or above record id:' + request.args['id'])
        return render_template('access_denied.html')

    # is a form submitted?
    if request.method == 'POST':
        form = request.form.copy()
        log_access('edit', 'posted form: ' + form['id'])
        if model.get_call_log(form['id'])['created'] < datetime.today() - timedelta(days=config.DISABLE_EDIT_AGE):
            # unless administrator, check for age of the record.
            if not session['user_auth_level'] >= 10000:  # not administrator
                log_access('edit', 'form older than disable edit age')
                errors.append("This record is older than " + str(config.DISABLE_EDIT_AGE) + " days. You cannot edit this record. This is the error.")
        # unless administrator, check for the ownership of the record.
        elif session['user_auth_level'] >= 10000 or model.is_call_log_owner(session['user_id'], form['id']):
            model.save_history_call_log(request.form['id'])
            model.delete_autosave_form(request.form['id'])
            errors = model.set_call_log(form)
            if not errors:
                log_access('edit', 'form recorded ' + str(request.form['id']))
                form = model.get_call_log(request.form['id'])
                message = "Record saved. <a href='" + url_for("show", id=form['id']) + "'>Show record.</a>"
        else:
            log_access('edit', 'access_denied ' + str(request.form['id']))
            return render_template('access_denied.html')
    # initial display of the unedited form?
    elif request.method == 'GET':
        id = int(request.args['id'])
        record = model.get_call_log(id)
        log_access('edit', 'id: ' + str(id))
        if record['created'] < datetime.today() - timedelta(days=config.DISABLE_EDIT_AGE):
            if not session['user_auth_level'] >= 10000:  # not administrator
                errors.append("This record is older than " + str(config.DISABLE_EDIT_AGE) + " days. You cannot edit this record. Saving will result in an error.")

        if record['user_id'] != session['user_id']:
            if not session['user_auth_level'] >= 10000:  # not administrator
                log_access('edit', 'access_denied: userid != records owner id')
                return render_template('access_denied.html')

        form = record
    else:
        return render_template('error.html')

    tagsource = model.get_tag_source()
    return render_template('new.html', form = form,
                           call_classification = model.get_call_classification(),
                           pt_hospital = model.get_pt_hospital(),
                           from_title = model.get_from_title(),
                           tagsource = model.get_tag_source(),
                           errors = errors,
                           message = message)