Updated methods

Amsterdam · Sep 18, 2024 · 3dc06ea · 3dc06ea
1 parent 53665f2
commit 3dc06ea
Showing 1 changed file with 34 additions and 30 deletions.
diff --git a/app/web/cases/views.py b/app/web/cases/views.py
@@ -1264,13 +1264,19 @@ def post(self, request, *args, **kwargs):
         return response
 
 
-@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER])
-def download_document(request, case_pk, document_pk):
+def get_document_for_case(request, case_pk, document_pk):
+    """
+    Utility function to retrieve and validate the document.
+    """
     qs = Case._default_manager.by_user(user=request.user)
     case = qs.filter(pk=case_pk).first()
+
     if not case:
         raise PermissionDenied
+
     document = get_object_or_404(Document, id=document_pk)
+
+    # Check permissions
     if any(user_type in [WONEN, WONINGCORPORATIE_MEDEWERKER] for user_type in request.user.user_type_values):
         form_status_list = [f[0] for f in case.casestatus_set.all().order_by('form').distinct().values_list('form')]
         shared_in_forms = [f for f in document.forms if f in form_status_list]
@@ -1280,44 +1286,42 @@ def download_document(request, case_pk, document_pk):
     if document.case != case:
         raise PermissionDenied
 
+    # Check if file exists in storage
     if not default_storage.exists(default_storage.generate_filename(document.uploaded_file.name)):
         raise Http404()
-
-    with default_storage.open(document.uploaded_file.name, 'rb') as file:
-        response = HttpResponse(file.read(), content_type='application/octet-stream')
-        response['Content-Disposition'] = f'attachment; filename="{document.uploaded_file.name}"'
-        return response
 
+    return document
 
-@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER])
-def view_document(request, case_pk, document_pk):
-    qs = Case._default_manager.by_user(user=request.user)
-    case = qs.filter(pk=case_pk).first()
-    if not case:
-        raise PermissionDenied
-    document = get_object_or_404(Document, id=document_pk)
-
-    if any(user_type in [WONEN, WONINGCORPORATIE_MEDEWERKER] for user_type in request.user.user_type_values):
-        form_status_list = [f[0] for f in case.casestatus_set.all().order_by('form').distinct().values_list('form')]
-        shared_in_forms = [f for f in document.forms if f in form_status_list]
-        if not shared_in_forms:
-            raise PermissionDenied
-
-    if document.case != case:
-        raise PermissionDenied
 
-    if not default_storage.exists(default_storage.generate_filename(document.uploaded_file.name)):
-        raise Http404()
-
-    # Open the file and adjust the content type to match the file type
+def serve_document(document, disposition_type):
+    """
+    Utility function to serve a document with a specified Content-Disposition type.
+    """
     with default_storage.open(document.uploaded_file.name, 'rb') as file:
         file_data = file.read()
 
-    # Guess the MIME type of the file based on its name
+    # Guess the MIME type of the file
     content_type = mimetypes.guess_type(document.uploaded_file.name)[0] or 'application/octet-stream'
 
-    # Set Content-Disposition to inline for browser preview
     response = HttpResponse(file_data, content_type=content_type)
-    response['Content-Disposition'] = f'inline; filename="{document.uploaded_file.name}"'
+    response['Content-Disposition'] = f'{disposition_type}; filename="{document.uploaded_file.name}"'
 
     return response
+
+
+@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER])
+def download_document(request, case_pk, document_pk):
+    # Retrieve and validate the document
+    document = get_document_for_case(request, case_pk, document_pk)
+
+    # Serve the document as an attachment (download)
+    return serve_document(document, 'attachment')
+
+
+@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER])
+def view_document(request, case_pk, document_pk):
+    # Retrieve and validate the document
+    document = get_document_for_case(request, case_pk, document_pk)
+
+    # Serve the document inline (for viewing)
+    return serve_document(document, 'inline')