Commit 90f9e20a authored by Mikaël Salson's avatar Mikaël Salson Committed by Vidjil Team
Browse files

VidjilAuth: Use can_modify_patient(id) instead of has_permission('admin', 'patient', id)

parent 4af64fa4
......@@ -107,7 +107,7 @@ def delete():
def permission():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
query = db( (db.auth_group.role != 'admin') ).select()
......
......@@ -127,7 +127,7 @@ def run_request():
id_patient = db.sequence_file[request.vars["sequence_file_id"]].patient_id
if not auth.has_permission('admin', 'patient', id_patient) :
if not auth.can_modify_patient(id_patient) :
error += "you do not have permission to launch process for this patient ("+str(id_patient)+"), "
if id_config:
......@@ -351,7 +351,7 @@ def save_analysis():
error += "id patient file needed, "
if not "config" in request.vars:
error += "id config needed, "
if not auth.has_permission('admin', 'patient', request.vars['patient']) :
if not auth.can_modify_patient(request.vars['patient']) :
error += "you do not have permission to save changes on this patient"
if error == "" :
......
......@@ -10,7 +10,7 @@ if request.env.http_origin:
def add():
if not auth.has_permission('admin', 'patient', request.vars['id'], auth.user_id) and not auth.has_membership("admin"):
if not auth.can_modify_patient(request.vars['id'], auth.user_id):
res = {"success" : "false", "message" : "you need admin permission on this patient to add files"}
log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
......@@ -77,7 +77,7 @@ def add_form():
def edit():
if auth.has_permission('admin', 'patient', request.vars['patient_id']) or auth.has_membership("admin"):
if auth.can_modify_patient(request.vars['patient_id']):
return dict(message=T('edit file'))
#elif not auth.has_permission('upload', 'sequence_file', request.vars['id'], auth.user_id):
# res = {"success" : "false", "message" : "you don't have right to upload files"}
......@@ -153,7 +153,7 @@ def upload():
def confirm():
if auth.has_permission('admin', 'patient', request.vars['patient_id']) or auth.has_membership("admin"):
if auth.can_modify_patient(request.vars['patient_id']):
return dict(message=T('confirm sequence file deletion'))
else:
res = {"success" : "false", "message" : "you need admin permission to delete this file"}
......@@ -166,7 +166,7 @@ def delete():
patient_id = db.sequence_file[request.vars["id"]].patient_id
if auth.has_permission('admin', 'patient', patient_id):
if auth.can_modify_patient(patient_id):
db(db.sequence_file.id == request.vars["id"]).delete()
db(db.results_file.sequence_file_id == request.vars["id"]).delete()
......
......@@ -311,7 +311,7 @@ def index():
keys = result.keys()
(auth.has_permission('admin', 'patient', row['id']) )
(auth.can_modify_patient(row['id']) )
query = db(
(db.auth_permission.name == "admin") &
(db.auth_permission.table_name == "patient") &
......@@ -483,7 +483,7 @@ def add_form():
## return edit form
def edit():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
return dict(message=T('edit patient'))
else :
res = {"message": ACCESS_DENIED}
......@@ -497,7 +497,7 @@ def edit():
## redirect to patient list if success
## return a flash error message if fail
def edit_form():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
error = ""
if request.vars["first_name"] == "" :
error += "first name needed, "
......@@ -539,7 +539,7 @@ def download():
#
def confirm():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
log.debug('request patient deletion')
return dict(message=T('confirm patient deletion'))
else :
......@@ -550,7 +550,7 @@ def confirm():
#
def delete():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
import shutil, os.path
#delete data file
query = db( (db.sequence_file.patient_id==request.vars["id"])).select()
......@@ -576,7 +576,7 @@ def delete():
#
def permission():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
query = db( db.auth_group.role != 'admin' ).select()
......@@ -619,7 +619,7 @@ def permission():
#
def change_permission():
if (auth.has_permission('admin', 'patient', request.vars["patient_id"]) ):
if (auth.can_modify_patient(request.vars["patient_id"]) ):
error = ""
if request.vars["group_id"] == "" :
error += "missing group_id, "
......
......@@ -74,14 +74,14 @@ def run_all():
## display run page result
## need ["results_file_id"]
def info():
if (auth.has_permission('admin', 'patient', db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id ) ):
if (auth.can_modify_patient(db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id ) ):
return dict(message=T('result info'))
else :
res = {"message": "acces denied"}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
def confirm():
if (auth.has_permission('admin', 'patient', db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
if (auth.can_modify_patient(db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
& auth.can_process_file()):
return dict(message=T('result confirm'))
else :
......@@ -90,7 +90,7 @@ def confirm():
#
def delete():
if (auth.has_permission('admin', 'patient', db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
if (auth.can_modify_patient(db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
& auth.can_process_file()):
config_id = db.results_file[request.vars["results_file_id"]].config_id
......
......@@ -82,7 +82,7 @@
<td> {{=row.sequence_file.provider}} {{if row.sequence_file.provider:}}{{=row.sequence_file.provider.last_name}}{{pass}}</td>
{{pass}}
{{if (auth.has_permission('admin', 'patient', request.vars["id"]) ):}}
{{if (auth.can_modify_patient(request.vars["id"]) ):}}
<td class="pointer" onclick="db.call('file/edit', {'id' :'{{=row.sequence_file.id}}', 'patient_id' :'{{=request.vars['id']}}'} )" > e </td>
<td class="pointer" onclick="db.call('file/confirm', {'id' :'{{=row.sequence_file.id}}', 'patient_id' :'{{=request.vars['id']}}'} )" > X </td>
<td> <a {{if row.sequence_file.data_file == None :}} {{=XML("class='inactive' title='file is missing' ")}}
......@@ -122,7 +122,7 @@
<div class="db_block">
<div class="db_block_left">
{{if auth.has_permission('admin', 'patient', request.vars["id"]):}}
{{if auth.can_modify_patient(request.vars["id"]):}}
<span class="button2" onclick="db.call('file/add', { 'id' : '{{=request.vars["id"]}}' } )"> + add file </span>
{{if not auth.can_process_file() :}}
......
......@@ -16,7 +16,7 @@
<td class="column1"> private info</td>
</tr>
</thead>
{{admin = auth.has_permission("admin", "patient", request.vars["id"], auth.user.id)}}
{{admin = auth.can_modify_patient(request.vars["id"])}}
{{ for row in query :}}
<tr>
<td> {{=row.id}} </td><td> {{=row.owner}} </td>
......@@ -51,6 +51,6 @@
<table class="db_table" id="db_fixed_header"></table>
</div>
{{if not auth.has_permission("admin", "patient", request.vars["id"], auth.user.id) :}}
{{if not auth.can_modify_patient(request.vars["id"]) :}}
<div>you need admin access on this patient if you want to change permission </div>
{{pass}}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment