Commit 0e07c411 authored by Marc Duez's avatar Marc Duez
Browse files

server : file.py controller > accept str and ref / admin rights

parent daca570f
...@@ -10,11 +10,11 @@ if request.env.http_origin: ...@@ -10,11 +10,11 @@ if request.env.http_origin:
def add(): def add():
if not auth.has_permission('admin', 'patient', request.vars['id'], auth.user_id): if not auth.has_permission('admin', 'patient', request.vars['id'], auth.user_id) and not auth.has_membership("admin"):
res = {"success" : "false", "message" : "you need admin permission on this patient to add files"} res = {"success" : "false", "message" : "you need admin permission on this patient to add files"}
log.error(res) log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':')) return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
elif not auth.has_permission('upload', 'sequence_file', request.vars['id'], auth.user_id): elif not auth.has_permission('upload', 'sequence_file', request.vars['id'], auth.user_id) and not auth.has_membership("admin"):
res = {"success" : "false", "message" : "you don't have right to upload files"} res = {"success" : "false", "message" : "you don't have right to upload files"}
log.error(res) log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':')) return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
...@@ -100,7 +100,7 @@ def edit_form(): ...@@ -100,7 +100,7 @@ def edit_form():
error += " missing filename" error += " missing filename"
if error=="" : if error=="" :
mes = "file " + request.vars['id'] + " : " mes = "file " + str(request.vars['id']) + " : "
filename = db.sequence_file[request.vars['id']].filename filename = db.sequence_file[request.vars['id']].filename
if request.vars['filename'] != "": if request.vars['filename'] != "":
filename = request.vars['filename'] filename = request.vars['filename']
...@@ -118,7 +118,7 @@ def edit_form(): ...@@ -118,7 +118,7 @@ def edit_form():
res = {"file_id" : request.vars['id'], res = {"file_id" : request.vars['id'],
"redirect": "patient/info", "redirect": "patient/info",
"args" : { "id" : patient_id}, "args" : { "id" : patient_id},
"message": "%s: metadata saved" % request.vars['filename']} "message": "%s: metadata saved" % str(request.vars['filename'])}
log.info(res) log.info(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':')) return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
...@@ -130,7 +130,7 @@ def upload(): ...@@ -130,7 +130,7 @@ def upload():
if error=="" : if error=="" :
mes = "file " + request.vars['id'] + " : " mes = "file " + str(request.vars['id']) + " : "
res = {"message": mes + ": processing uploaded file", res = {"message": mes + ": processing uploaded file",
"redirect": "patient/info", "redirect": "patient/info",
"args" : {"id" : request.vars['id']} "args" : {"id" : request.vars['id']}
...@@ -151,7 +151,7 @@ def upload(): ...@@ -151,7 +151,7 @@ def upload():
def confirm(): def confirm():
if auth.has_permission('admin', 'patient', request.vars['patient_id']): if auth.has_permission('admin', 'patient', request.vars['patient_id']) or auth.has_membership("admin"):
return dict(message=T('confirm sequence file deletion')) return dict(message=T('confirm sequence file deletion'))
else: else:
res = {"success" : "false", "message" : "you need admin permission to delete this file"} res = {"success" : "false", "message" : "you need admin permission to delete this file"}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment