Commit 0cf61ed1 authored by Marc Duez's avatar Marc Duez

server : default controller, add comment/security and improve return mesage

parent de2952dc
......@@ -145,7 +145,7 @@ def edit_form():
## return a flash error message if fail
@cache.action()
def download():
if (auth.has_permission('read', 'patient', request.vars["id"]) ):
if (auth.has_permission('read', 'patient', request.vars["id"]) ) or (auth.has_permission('admin', 'patient', request.vars["id"]) ):
return response.download(request, db)
else :
res = {"message": "acces denied"}
......
......@@ -146,9 +146,6 @@ db.define_table('analysis_file',
Field('analysis_file', 'upload', length=1000000000000))
if db(db.auth_user.id > 0).count() == 0:
id_first_user=""
......
......@@ -97,7 +97,7 @@ analysis_file = analysis.select()
<tr>
<td id="sequence_file_{{=row.sequence_file.id}}"> {{=filename}}</td>
<td> {{if filename != '':}}<a href="{{=URL('download', scheme='https', args=row.sequence_file.data_file)}}" >dl</a>{{pass}}</td>
<td> {{if filename != '':}}<a href="{{=URL('patient','download', scheme='https', args=row.sequence_file.data_file)}}" >dl</a>{{pass}}</td>
<td> {{=row.sequence_file.sampling_date}} </td>
<td> {{=row.sequence_file.info}} </td>
<td onclick="db.call('file/edit', {'id' :'{{=row.sequence_file.id}}', 'patient_id' :'{{=request.vars['id']}}'} )" > e </td>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment