Developer in training here. Im working with an existing codebase that has some issues. Here is a little background information: When a company signs up for the app, all of the employees of that company are given login credentials, and from the doc mgmt area, anyone in the company can upload folders and files to that area, which is then available for viewing by everyone in that company through their respective accounts. There is a bug. Employee A cannot see any of the files uploaded by employee B. All the files/folders available on employee A’s doc mgmt area should be the same as the ones available on employee B’s doc mgmt area. From my understanding of the code (I might be wrong) it looks at the primary (parent/admin folder?) or employee folder. What it should do is look at the primary folder and the company folder. I made a new relationship between DocumentFolder and Company models… I am struggling to change the code in the views. Please assist…
post models please.
Also, please refrain from posting screenshots – instead post code snippets/fragments and properly format them (inlined) or use the triple backtick ``` for independent blocks.
Im sorry I had to send all models as separate shots, I am a new user so I am restricted to one img per message.
You should copy and paste the code into blocks of three leading and trailing backticks ``` rather than using images. It lets people copy and paste your code with changes and is easier to read on a variety of devices.
Here is the views.py:
# get parent folder's
if action == 'parent':
parentFolder = get_object_or_404(DocumentFolder, pk=parentId)
if parentFolder.parent is None:
parentId = "0"
else:
parentId = parentFolder.parent.id
fPriFolder =Q(user=None)
fMyFolder = Q(user=self.request.user)
if parentId == "0" or parentId == None:
fParent = Q(parent=None)
fFolder = Q(folder=None)
else:
fParent = Q(parent__id=parentId)
fFolder = Q(folder__id=parentId)
qsFolder = DocumentFolder.objects.filter(( fPriFolder | fMyFolder) & fParent)
qsFile = DocumentFile.objects.filter(fFolder)
if product is not None:
qsFolder = qsFolder.filter(( fPriFolder | Q(product=product)))
qsFile = qsFile.filter(Q(product=product))
else:
qsFolder = qsFolder.filter(( fPriFolder & Q(product=None)))
qsFile = qsFile.filter(Q(product=None))
qsFolder = qsFolder.order_by('user').order_by('created_at')
folders = list(qsFolder.values())
files = list(qsFile.values())
return JsonResponse({"status": True, "folder": folders, "file": files, "parent": parentId}, status=200)
I didnt follow your directions to the T but is that at least a little better?
I think the best route forward for you is to understand why the folder structure is different. The easiest way is to isolate how the folders get fetched (edit: I removed all references to files, but it turns out that wasn’t as helpful as I had hoped).
if action == 'parent':
parentFolder = get_object_or_404(DocumentFolder, pk=parentId)
if parentFolder.parent is None:
parentId = "0"
else:
parentId = parentFolder.parent.id
fPriFolder =Q(user=None)
fMyFolder = Q(user=self.request.user)
if parentId == "0" or parentId == None:
fParent = Q(parent=None)
fFolder = Q(folder=None)
else:
fParent = Q(parent__id=parentId)
fFolder = Q(folder__id=parentId)
qsFolder = DocumentFolder.objects.filter(( fPriFolder | fMyFolder) & fParent)
if product is not None:
qsFolder = qsFolder.filter(( fPriFolder | Q(product=product)))
else:
qsFolder = qsFolder.filter(( fPriFolder & Q(product=None)))
qsFolder = qsFolder.order_by('user').order_by('created_at')
folders = list(qsFolder.values())
In the above, what is limiting the folders to a specific user. That is fMyFolder. However, that’s only being used in logical OR operation: fPriFolder | fMyFolder. So from my perspective, any user should be able to view another users content if they have the right parentId and product values.
That said, you only shared part of the view. There could be important logic in front of this that’s limiting the data.
What I’d recommend is opening up a python manage.py shell and playing around with the QuerySets until to better understand how this works with your dataset and why it’s doing what it’s doing. Then try to integrate your new relationship (you never specified what it is).
class ManagementSystemGetView(LoginRequiredMixin, AjaxableResponseMixin, View):
def post(self, request, **kwargs):
parentId = self.request.POST.get('level')
action = self.request.POST.get('action')
product = self.request.user.company.get_open_isoproduct()
# rename folder
if action == 'rename_folder':
value = self.request.POST.get('value')
targetId = self.request.POST.get('id')
if parentId == "0":
parentId = None
if targetId == "0":
folder = DocumentFolder()
folder.product = product
folder.parent_id = parentId
folder.user = self.request.user
folder.name = value
folder.created_by_admin = False
folder.save()
targetId = folder.id
else:
folder = get_object_or_404(DocumentFolder, pk=targetId)
folder.name = value
folder.save()
return JsonResponse({"status": True, "id": targetId}, status=200)
# rename file
if action == 'rename_file':
value = self.request.POST.get('value')
file = get_object_or_404(DocumentFile, pk=parentId)
file.name = value
file.save()
return JsonResponse({"status": True}, status=200)
# delete folder by id with all subfolders and sub files
if action == 'delete_folder':
folder = get_object_or_404(DocumentFolder, pk=parentId)
exists = []
exists = folder.recursive(folder, exists)
DocumentFolder.objects.filter(
id__in=exists).delete()
DocumentFile.objects.filter(folder__id__in=exists).delete()
return JsonResponse({"status": True}, status=200)
# delete file only
if action == 'delete_file':
file = get_object_or_404(DocumentFile, pk=parentId)
file.delete()
return JsonResponse({"status": True}, status=200)
# get parent folder's
if action == 'parent':
parentFolder = get_object_or_404(DocumentFolder, pk=parentId)
if parentFolder.parent is None:
parentId = "0"
else:
parentId = parentFolder.parent.id
fPriFolder =Q(user=None)
fMyFolder = Q(user=self.request.user)
if parentId == "0" or parentId == None:
fParent = Q(parent=None)
fFolder = Q(folder=None)
else:
fParent = Q(parent__id=parentId)
fFolder = Q(folder__id=parentId)
qsFolder = DocumentFolder.objects.filter(( fPriFolder | fMyFolder) & fParent)
qsFile = DocumentFile.objects.filter(fFolder)
if product is not None:
qsFolder = qsFolder.filter(( fPriFolder | Q(product=product)))
qsFile = qsFile.filter(Q(product=product))
else:
qsFolder = qsFolder.filter(( fPriFolder & Q(product=None)))
qsFile = qsFile.filter(Q(product=None))
qsFolder = qsFolder.order_by('user').order_by('created_at')
folders = list(qsFolder.values())
files = list(qsFile.values())
return JsonResponse({"status": True, "folder": folders, "file": files, "parent": parentId}, status=200)
Here is the rest of the class. I created a relationship between docfolder and company bec i want to retrieve folders according to the parents, or the companies. I have never played around with the query sets, let me try this.