def new():
# New call record form.
# If no errors, forwards to /edit
errors = []
if not session['user_auth_level'] >= 100: # read write
log_access('new', 'access_denied: user is not read/write user or above')
return render_template('access_denied.html')
if request.method == 'POST':
form = request.form.copy()
[errors, id] = model.add_call_log(form)
log_access('new', 'form recorded ' + str(id))
model.delete_autosave_form(session['user_username'])
if not errors:
return redirect(url_for('edit', id=id))
else:
log_access('new')
form = {'username': session['user_username'], 'user_id': session['user_id']}
return render_template('new.html', form=form,
call_classification=model.get_call_classification(),
pt_hospital=model.get_pt_hospital(),
from_title=model.get_from_title(),
tagsource=model.get_tag_source(),
errors=errors)
def edit():
# Edit call record form.
errors = []
message = None
# can edit?
if not session['user_auth_level'] >= 100: # read write
log_access('edit', 'access_denied: user is not read/write user or above record id:' + request.args['id'])
return render_template('access_denied.html')
# is a form submitted?
if request.method == 'POST':
form = request.form.copy()
log_access('edit', 'posted form: ' + form['id'])
if model.get_call_log(form['id'])['created'] < datetime.today() - timedelta(days=config.DISABLE_EDIT_AGE):
# unless administrator, check for age of the record.
if not session['user_auth_level'] >= 10000: # not administrator
log_access('edit', 'form older than disable edit age')
errors.append("This record is older than " + str(config.DISABLE_EDIT_AGE) + " days. You cannot edit this record. This is the error.")
# unless administrator, check for the ownership of the record.
elif session['user_auth_level'] >= 10000 or model.is_call_log_owner(session['user_id'], form['id']):
model.save_history_call_log(request.form['id'])
model.delete_autosave_form(request.form['id'])
errors = model.set_call_log(form)
if not errors:
log_access('edit', 'form recorded ' + str(request.form['id']))
form = model.get_call_log(request.form['id'])
message = "Record saved. <a href='" + url_for("show", id=form['id']) + "'>Show record.</a>"
else:
log_access('edit', 'access_denied ' + str(request.form['id']))
return render_template('access_denied.html')
# initial display of the unedited form?
elif request.method == 'GET':
id = int(request.args['id'])
record = model.get_call_log(id)
log_access('edit', 'id: ' + str(id))
if record['created'] < datetime.today() - timedelta(days=config.DISABLE_EDIT_AGE):
if not session['user_auth_level'] >= 10000: # not administrator
errors.append("This record is older than " + str(config.DISABLE_EDIT_AGE) + " days. You cannot edit this record. Saving will result in an error.")
if record['user_id'] != session['user_id']:
if not session['user_auth_level'] >= 10000: # not administrator
log_access('edit', 'access_denied: userid != records owner id')
return render_template('access_denied.html')
form = record
else:
return render_template('error.html')
tagsource = model.get_tag_source()
return render_template('new.html', form = form,
call_classification = model.get_call_classification(),
pt_hospital = model.get_pt_hospital(),
from_title = model.get_from_title(),
tagsource = model.get_tag_source(),
errors = errors,
message = message)
for record in records:
recordidslist.append(str(record['id']))
recent_type = [{"title": ""}, {"title": "Days"}, {"title": "Weeks"}, {"title": "Months"}, {"title": "Years"}]
sort_by = [{"title": "By Date: newest first", "value": "date_desc"},
{"title": "By Date: oldest first", "value": "date_asc"},
{"title": "By Id: largest first", "value": "id_desc"},
{"title": "By Id: smallest first", "value": "id_asc"},
{"title": "Most relevant first", "value": "relevance"},
{"title": "Default", "value": "default"}]
return render_template('search.html',
form=request.args,
records=records,
call_classification=model.get_call_classification(),
res_name=model.get_res_name(),
pt_hospital=model.get_pt_hospital(),
recent_type=recent_type,
sort_by=sort_by,
message=message,
errors=errors,
recordidslist='-'.join(recordidslist))
@app.route('/list', methods=['GET'])
@auth.requires_auth
def list():
# List page
page = int(request.args['p']) if 'p' in request.args else 1
log_access('list', 'page: ' + str(page))
page = page if page >= 1 else 1
return render_template('list.html',
