diff --git a/app/web/cases/views.py b/app/web/cases/views.py index 50809981..f0230fbc 100644 --- a/app/web/cases/views.py +++ b/app/web/cases/views.py @@ -1264,13 +1264,19 @@ def post(self, request, *args, **kwargs): return response -@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER]) -def download_document(request, case_pk, document_pk): +def get_document_for_case(request, case_pk, document_pk): + """ + Utility function to retrieve and validate the document. + """ qs = Case._default_manager.by_user(user=request.user) case = qs.filter(pk=case_pk).first() + if not case: raise PermissionDenied + document = get_object_or_404(Document, id=document_pk) + + # Check permissions if any(user_type in [WONEN, WONINGCORPORATIE_MEDEWERKER] for user_type in request.user.user_type_values): form_status_list = [f[0] for f in case.casestatus_set.all().order_by('form').distinct().values_list('form')] shared_in_forms = [f for f in document.forms if f in form_status_list] @@ -1280,44 +1286,42 @@ def download_document(request, case_pk, document_pk): if document.case != case: raise PermissionDenied + # Check if file exists in storage if not default_storage.exists(default_storage.generate_filename(document.uploaded_file.name)): raise Http404() - - with default_storage.open(document.uploaded_file.name, 'rb') as file: - response = HttpResponse(file.read(), content_type='application/octet-stream') - response['Content-Disposition'] = f'attachment; filename="{document.uploaded_file.name}"' - return response + return document -@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER]) -def view_document(request, case_pk, document_pk): - qs = Case._default_manager.by_user(user=request.user) - case = qs.filter(pk=case_pk).first() - if not case: - raise PermissionDenied - document = get_object_or_404(Document, id=document_pk) - - if any(user_type in [WONEN, WONINGCORPORATIE_MEDEWERKER] for user_type in request.user.user_type_values): - form_status_list = [f[0] for f in case.casestatus_set.all().order_by('form').distinct().values_list('form')] - shared_in_forms = [f for f in document.forms if f in form_status_list] - if not shared_in_forms: - raise PermissionDenied - - if document.case != case: - raise PermissionDenied - if not default_storage.exists(default_storage.generate_filename(document.uploaded_file.name)): - raise Http404() - - # Open the file and adjust the content type to match the file type +def serve_document(document, disposition_type): + """ + Utility function to serve a document with a specified Content-Disposition type. + """ with default_storage.open(document.uploaded_file.name, 'rb') as file: file_data = file.read() - # Guess the MIME type of the file based on its name + # Guess the MIME type of the file content_type = mimetypes.guess_type(document.uploaded_file.name)[0] or 'application/octet-stream' - # Set Content-Disposition to inline for browser preview response = HttpResponse(file_data, content_type=content_type) - response['Content-Disposition'] = f'inline; filename="{document.uploaded_file.name}"' + response['Content-Disposition'] = f'{disposition_type}; filename="{document.uploaded_file.name}"' return response + + +@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER]) +def download_document(request, case_pk, document_pk): + # Retrieve and validate the document + document = get_document_for_case(request, case_pk, document_pk) + + # Serve the document as an attachment (download) + return serve_document(document, 'attachment') + + +@user_passes_test(auth_test, user_type=[WONEN, BEGELEIDER, PB_FEDERATIE_BEHEERDER, WONINGCORPORATIE_MEDEWERKER]) +def view_document(request, case_pk, document_pk): + # Retrieve and validate the document + document = get_document_for_case(request, case_pk, document_pk) + + # Serve the document inline (for viewing) + return serve_document(document, 'inline')