Commit 675cbb67 authored by Marc Duez's avatar Marc Duez

server patient controller/view > display only authorized config

parent c90568f9
......@@ -49,8 +49,6 @@ def info():
analysis_file = ""
analysis_filename = ""
if config :
query = db(
......@@ -184,7 +182,10 @@ def index():
##add confs info for each patient
row.confs=""
co = db.fused_file.id.count()
query_conf = db( db.fused_file.patient_id == row.patient.id ).select(db.fused_file.config_id, co, groupby=db.fused_file.config_id).sort(lambda row: co)
query_conf = db( (auth.accessible_query('read', db.config) | auth.accessible_query('admin', db.config) ) &
(db.config.id == db.fused_file.config_id) &
(db.fused_file.patient_id == row.patient.id)
).select(db.fused_file.config_id, co, groupby=db.fused_file.config_id).sort(lambda row: co)
for row2 in query_conf:
row.confs += " " + db.config[row2.fused_file.config_id].name
......
......@@ -66,4 +66,3 @@
{{else:}}
<!-- <span class="button2 inactive" onclick="db.call('patient/add')" title="you don't have permission to create new patient"> add patient </span> -->
{{pass}}
......@@ -20,7 +20,7 @@
<span>
<select id="choose_config" name="config" onchange="db.call('patient/info', {'id' :'{{=request.vars['id']}}', 'config_id' : this.value})">
<option value="-1" {{if not config :}}selected{{pass}}> --- </option>
{{for row in db(db.config).select(orderby=~db.config.name) :}}
{{for row in db((auth.accessible_query('read', db.config) | auth.accessible_query('admin', db.config) ) ).select(orderby=~db.config.name) :}}
<option value="{{=row.id }}" {{if row.id==config_id:}}selected{{pass}} >
{{=row.name}}
</option>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment