def edit_update(request, project_id = None, update_id = None):
'''
Renders a form to edit an existing update. Very similar to post_update. Must
consider wrapping up the two in a single generic view.
'''
# Check whether the project exists and if so store it in `project`
if project_id is None or update_id is None:
raise Http404
try:
project = Project.objects.get(pk = int(project_id))
except Project.DoesNotExist:
raise Http404
# Check whether the update exists and if so store it in `update`
try:
update = Update.objects.get(pk = int(update_id))
except Update.DoesNotExist:
raise Http404
if update.project != project:
raise Http404 # Permission denied
# Check whether the current user has the necessary permissions
user = request.user
if not project.has_edit_permission(user):
raise Http404 # Permission denied
# Create a fresh form, pre-filled with the existing data
if ( update.internal ):
form = InternalUpdateForm(instance = update)
else:
form = ExternalUpdateForm(instance = update)
# If the form has been submitted
if request.method == 'POST':
# Fill the form with post data
if ( update.internal ):
form = InternalUpdateForm(request.POST, request.FILES, instance = update)
else:
form = ExternalUpdateForm(request.POST, request.FILES, instance = update)
if form.is_valid():
if project != form.cleaned_data['project']:
# What the hell? How did the project change even though it was a hidden field? Someone's tampering! Permission denied!
raise Http404
# Save the form if it is valid
form.save()
# Redirect to the project details page
return HttpResponseRedirect(project.get_absolute_url())
# Otherwise render the form
context = {
'project' : project,
'form' : form,
}
return render_to_response('projects/update_form.html', context, context_instance = RequestContext(request))
def post_update(request, project_id = None, internal = False):
'''
Create a new update. Consists of a description and evidence in the form of
a file.
Only a project representative can do this.
'''
# Check whether the project exists and if so store it in `project`
if project_id is None:
raise Http404
try:
project = Project.objects.get(pk = int(project_id))
except Project.DoesNotExist:
raise Http404
# Check whether the current user has the necessary permissions
user = request.user
if not project.has_edit_permission(user):
raise Http404 # Permission denied
# Create a fresh form, pre-filled with the (hidden) project parameter
if ( internal ):
form = InternalUpdateForm(initial = { 'internal' : True , 'project' : project,})
else:
form = ExternalUpdateForm(initial = { 'internal' : False, 'project' : project,} )
print form
# If the form has been submitted
if request.method == 'POST':
# Fill the form with post data
if ( internal ):
form = InternalUpdateForm(request.POST, request.FILES)
else:
form = ExternalUpdateForm(request.POST, request.FILES)
if form.is_valid():
if project != form.cleaned_data['project']:
# What the hell? How did the project change even though it was a hidden field? Someone's tampering! Permission denied!
raise Http404
# Save the form if it is valid
form.save()
# Redirect to the project details page
return HttpResponseRedirect(project.get_absolute_url())
# Otherwise, render the new form
context = {
'project' : project,
'form' : form,
}
return render_to_response('projects/update_form.html', context, context_instance = RequestContext(request))
