#32 Disable file download

* refactors: attached files can only be downloaded by users with shared access
* adds hint on unshared data being unshared for compensation, ema, eco-account
* minor optical enhancement for user contact form

intervention/views.py

@@ -14,7 +14,8 @@ from konova.forms import SimpleGeomForm, NewDocumentForm, RemoveModalForm, Recor
 from konova.sub_settings.django_settings import DEFAULT_DATE_FORMAT
 from konova.utils.documents import remove_document, get_document
 from konova.utils.generators import generate_qr_code
-from konova.utils.message_templates import INTERVENTION_INVALID, FORM_INVALID, IDENTIFIER_REPLACED
+from konova.utils.message_templates import INTERVENTION_INVALID, FORM_INVALID, IDENTIFIER_REPLACED, \
+    DATA_UNSHARED_EXPLANATION
 from konova.utils.user_checks import in_group
 
 
@@ -158,6 +159,15 @@ def get_document_view(request: HttpRequest, doc_id: str):
 
     """
     doc = get_object_or_404(InterventionDocument, id=doc_id)
+    user = request.user
+    instance = doc.instance
+    # File download only possible if related instance is shared with user
+    if not instance.users.filter(id=user.id):
+        messages.info(
+            request,
+            DATA_UNSHARED
+        )
+        return redirect("intervention:detail", id=instance.id)
     return get_document(doc)
 
 
@@ -234,7 +244,7 @@ def detail_view(request: HttpRequest, id: str):
     }
 
     if not is_data_shared:
-        messages.info(request, _("Remember: This data has not been shared with you, yet. This means you can only read but can not edit or perform any actions like running a check or recording."))
+        messages.info(request, DATA_UNSHARED_EXPLANATION)
 
     context = BaseContext(request, context).context
     return render(request, template, context)