def api_item(request, item_pk=None):
created = False
if item_pk:
item = Item.objects.get(pk=item_pk)
if not item.created_by == request.user:
import pdb
pdb.set_trace()
return HttpResponse(status=403)
else:
item = Item()
item.created_by = request.user
created = True
if request.POST.get('delete'):
item.delete()
else:
expense = Expense.objects.get(pk=request.POST.get('expense'))
if not expense.created_by == request.user:
return HttpResponse(status=403)
item.expense = expense
item.description = request.POST.get('description')
item.amount = request.POST.get('amount')
item.save()
user_pks = request.POST.getlist('users')
item.users.clear()
for pk in user_pks:
user = User.objects.get(pk=pk)
item.users.add(user)
if request.is_ajax():
return HttpResponse(json.dumps({
'type': 'item',
'item_pk': item.pk,
'item_created': created,
'item_form': render_to_response('item_form.html', {'expense':item.expense, 'item':item}, context_instance = RequestContext(request)).content,
'empty_form': render_to_response('item_form.html', {'expense':item.expense}, context_instance = RequestContext(request)).content
}))
return HttpResponseRedirect("/%s" % item.expense_id)
