def create(req):
if not 'user_id' in req.session:
return redirect(reverse('landing'))
if not req.method == "POST":
return redirect(reverse('add_book'))
print(req.POST)
bookerrors = Book.objects.validate_book(req.POST)
authorerrors = Author.objects.validate_author(req.POST)
reviewerrors = Review.objects.validate_review(req.POST)
#if errors
if authorerrors or bookerrors or reviewerrors:
flash_errors(req, bookerrors,"bookerrors" )
flash_errors(req, authorerrors, "authorerrors")
flash_errors(req, reviewerrors, "reviewerrors")
return redirect(reverse("add_book"))
#create author, book, and review
book = Book.objects.create_book(req.POST)
user_id = req.session['user_id']
review = Review.objects.create_review(req.POST, book, user_id)
return redirect(reverse("dashboard"))
def billings_invoice_edit(request, pk):
bill_edit = True
instance = get_object_or_404(FixedCostInvoice, id=pk)
page_title, back_url = 'Edit %s' % instance.title, reverse('billings:billings')
payment_orders = instance.payorders
form = CreateBillForm(instance=instance)
form_payment = PaymentForm(initial={'content_type': ContentType.objects.get_for_model(FixedCostInvoice),
'object_id': pk,
'date_expired': datetime.datetime.now(),
'is_paid': True,
'is_expense': True,
'value': instance.get_remaining_value(),
})
if 'edit_form' in request.POST:
form = CreateBillForm(request.POST, instance=instance)
if form.is_valid():
if instance.payorders:
messages.info(request, 'You need to delete the payments first!')
else:
form.save()
return HttpResponseRedirect(reverse('billings:edit_bill', kwargs={'pk': pk}))
if 'create_payment' in request.POST:
form = PaymentForm(request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('billings:edit_bill', kwargs={'pk': pk}))
context = locals()
return render(request, 'billings/form.html', context)
def login_in(req):
if req.method == 'POST':
username = req.POST.get('username')
password = req.POST.get('password')
if req.POST.get('action') == 'login':
user = authenticate(username=username,password=password)
if user is not None:
# 认证成功
print("认证成功")
login(req,user)
return HttpResponseRedirect(reverse('first_page'))
else:
# 认证失败
print("认证失败")
return HttpResponse("认证失败")
elif req.POST.get('action') == 'register': #注册
try:
# 创建后台账户
u = User.objects.create_user(username,'',password)
# 这里应该要转到用户管理页,但是还没做
return HttpResponseRedirect(reverse('first_page'))
except Exception as e:
print("注册用户异常",e)
else:
return render(req,'login-register.html')
def test_non_staff_user_can_only_see_his_order(user_api_client, order):
# FIXME: Remove client.login() when JWT authentication is re-enabled.
user_api_client.login(username=order.user.email, password='******')
query = """
query OrderQuery($id: ID!) {
order(id: $id) {
orderId
}
}
"""
ID = graphene.Node.to_global_id('Order', order.id)
variables = json.dumps({'id': ID})
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
order_data = content['data']['order']
assert order_data['orderId'] == order.pk
order.user = None
order.save()
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
order_data = content['data']['order']
assert not order_data
def form_valid(self, form):
choice = int(form.cleaned_data['choice'])
ref = form.cleaned_data['ref']
if choice == 1:
return HttpResponseRedirect(reverse('invoice-detail', kwargs={'pk': ref}))
else:
return HttpResponseRedirect(reverse('person-detail', kwargs={'pk': ref}))
def get_success_url(self):
if self.request.user.is_first_login:
return reverse('users:user-first-login')
return self.request.POST.get(
self.redirect_field_name,
self.request.GET.get(self.redirect_field_name, reverse('index')))
def test_query_staff(
admin_api_client, user_api_client, staff_user, customer_user,
admin_user):
query = """
{
staffUsers {
edges {
node {
email
isStaff
}
}
}
}
"""
variables = json.dumps({})
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
data = content['data']['staffUsers']['edges']
assert len(data) == 2
staff_emails = [user['node']['email'] for user in data]
assert sorted(staff_emails) == [admin_user.email, staff_user.email]
assert all([user['node']['isStaff'] for user in data])
# check permissions
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
assert_no_permission(response)
def register(request):
context = {}
login_form = LoginForm()
context['login_form'] = login_form
if request.method == 'GET':
context['register_form'] = RegistrationForm()
return render(request, 'register.html', context)
register_form = RegistrationForm(request.POST)
context['register_form'] = register_form
if not register_form.is_valid():
return render(request, 'register.html', context)
if request.method == 'POST':
if not register_form.is_valid():
print "Register NOT Valid!"
else:
username = register_form.cleaned_data.get('username')
print username
# register_form.save()
new_user = User.objects.create_user(username=register_form.cleaned_data['username'],
email=register_form.cleaned_data['email'],
password=register_form.cleaned_data['password'],
first_name=register_form.cleaned_data['first_name'],
last_name=register_form.cleaned_data['last_name'])
# We need to activate every new user.
new_user.is_active = False
new_user.save()
# Create related profile for this new user
profile = Profile(user=new_user)
profile.save()
token = default_token_generator.make_token(new_user)
# Send the validation email.
confirm_message = """
Welcome to Grumblr!\n
Please click the link below to verify your email address:\n
http://%s%s
""" % (request.get_host(), reverse('confirm', args=(new_user.username, token, )))
confirm_link = """
http://%s%s
""" % (request.get_host(), reverse('confirm', args=(new_user.username, token, )))
send_mail(subject = "Hello from Grumblr!",
message = confirm_message,
from_email="*****@*****.**",
recipient_list = [new_user.email])
context['username'] = new_user.username
context['email'] = new_user.email
context['confirm_message'] = confirm_message
context['confirm_link'] = confirm_link
return render(request, 'activation.html', context)
return redirect('/')
return render(request, 'register.html', {})
def follow(request, viewuser):
user = get_object_or_404(User, username=viewuser)
profile = get_object_or_404(Profile, user=user)
posts = Post.objects.filter(profile=profile).order_by('-timestamp')
context = {
'posts': posts,
'user': user,
'profile': profile,
'viewuser': viewuser,
}
followee = User.objects.get(username=viewuser)
follower = User.objects.get(username=request.user)
profile_ee = Profile.objects.get(user=followee)
profile_er = Profile.objects.get(user=follower)
follows = Follow.objects.filter(follower=profile_er)
for item in follows:
if profile_ee == item.followee:
item.delete()
print "Already followed."
# return render(request, 'profile.html', context)
return redirect(reverse('profile', args=(viewuser,)))
follow = Follow(follower=profile_er, followee=profile_ee)
follow.save()
# return render(request, 'profile.html', context)
return redirect(reverse('profile', args=(viewuser,)))
def test_voucher_permissions(
staff_api_client, staff_user, permission_manage_discounts):
query = """
query vouchers{
vouchers(first: 1) {
edges {
node {
name
}
}
}
}
"""
# Query to ensure user with no permissions can't see vouchers
response = staff_api_client.post(reverse('api'), {'query': query})
content = get_graphql_content(response)
message = 'You do not have permission to perform this action'
assert content['errors'][0]['message'] == message
# Give staff user proper permissions
staff_user.user_permissions.add(permission_manage_discounts)
# Query again
response = staff_api_client.post(reverse('api'), {'query': query})
content = get_graphql_content(response)
assert 'errors' not in content
def get_context_data(self, **kwargs):
ctx = super().get_context_data(**kwargs)
settings_tabs = [
{
"name": "General settings",
"active": self.active_settings == self.GENERAL_SETTINGS,
"url": reverse("user-settings", kwargs={"pk": self.request.user.pk})
}
]
if self.request.user.is_teacher():
settings_tabs.append(
{
"name": "Teacher settings",
"active": self.active_settings == self.TEACHER_SETTINGS,
"url": reverse("teacher-profile-settings", kwargs={"pk": self.request.user.teacherprofile.pk})
}
)
if self.request.user.is_student():
settings_tabs.append(
{
"name": "Student settings",
"active": self.active_settings == self.STUDENT_SETTINGS,
"url": reverse("student-profile-settings", kwargs={"pk": self.request.user.pk})
}
)
ctx['settings_tabs'] = settings_tabs
return ctx
def test_create_sale(user_api_client, admin_api_client):
query = """
mutation saleCreate(
$type: DiscountValueTypeEnum, $name: String, $value: Decimal) {
saleCreate(input: {name: $name, type: $type, value: $value}) {
errors {
field
message
}
sale {
type
name
value
}
}
}
"""
variables = json.dumps({
'name': 'test sale',
'type': DiscountValueTypeEnum.FIXED.name,
'value': '10.12'})
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
assert_no_permission(response)
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
assert 'errors' not in content
data = content['data']['saleCreate']['sale']
assert data['type'] == DiscountValueType.FIXED.upper()
assert data['name'] == 'test sale'
assert data['value'] == 10.12
def test_update_sale(user_api_client, admin_api_client, sale):
query = """
mutation saleUpdate($type: DiscountValueTypeEnum, $id: ID!) {
saleUpdate(id: $id, input: {type: $type}) {
errors {
field
message
}
sale {
type
}
}
}
"""
# Set discount value type to 'fixed' and change it in mutation
sale.type = DiscountValueType.FIXED
sale.save()
variables = json.dumps({
'id': graphene.Node.to_global_id('Sale', sale.id),
'type': DiscountValueTypeEnum.PERCENTAGE.name})
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
assert_no_permission(response)
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
assert 'errors' not in content
data = content['data']['saleUpdate']['sale']
assert data['type'] == DiscountValueType.PERCENTAGE.upper()
def test_sale_delete_mutation(user_api_client, admin_api_client, sale):
query = """
mutation DeleteSale($id: ID!) {
saleDelete(id: $id) {
sale {
name
id
}
errors {
field
message
}
}
}
"""
variables = json.dumps({
'id': graphene.Node.to_global_id('Sale', sale.id)})
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
assert_no_permission(response)
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
assert 'errors' not in content
data = content['data']['saleDelete']
assert data['sale']['name'] == sale.name
with pytest.raises(sale._meta.model.DoesNotExist):
sale.refresh_from_db()
def edit_payroll_invoice(request, dk):
instance = get_object_or_404(PayrollInvoice, id=dk)
payments = instance.payorders
form = CreatePayrollForm(instance=instance)
page_title, back_url = 'Edit %s' % instance.title, reverse('billings:payroll_page')
duplicate_url = reverse('billings:duplicate_payroll_invoice', kwargs={'dk': dk})
form_payment = PaymentForm(initial={'content_type': ContentType.objects.get_for_model(PayrollInvoice),
'object_id': dk,
'date_expired': datetime.datetime.now(),
'is_paid': True,
'is_expense': True,
'value': instance.get_remaining_value(),
})
if 'edit_form' in request.POST:
form = CreatePayrollForm(request.POST, instance=instance)
if form.is_valid():
if instance.payorders.all():
messages.info(request, 'You need to delete the payments first!')
else:
form.save()
messages.success(request, 'You edit the invoice succesfully')
return HttpResponseRedirect(reverse('billings:payroll_page'))
if 'create_payment' in request.POST:
form = PaymentForm(request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('billings:edit_bill', kwargs={'pk': dk}))
context = locals()
return render(request, 'billings/form.html', context)
def registration(request):
"""Render the registration page"""
if request.user.is_authenticated:
return redirect(reverse('index'))
if request.method =="POST":
registration_form = UserRegistrationForm(request.POST)
if registration_form.is_valid():
registration_form.save()
user = auth.authenticate(username=request.POST['username'],
password=request.POST['password1'])
if user:
auth.login(user=user, request=request)
messages.success(request, "You have successfully registered")
return redirect(reverse('index'))
else:
messages.error(request, "Unable to register your account at this time")
else:
registration_form = UserRegistrationForm()
return render(request, 'registration.html',
{"registration_form": registration_form})
def delete(request,post_id):
try:
post=Post.objects.get(id=post_id)
post.delete()
return redirect(reverse('secrets:popular'))
except:
return redirect(reverse('secrets:popular'))
def test_staff_update(admin_api_client, staff_user, user_api_client):
query = """
mutation UpdateStaff($id: ID!, $permissions: [String]) {
staffUpdate(id: $id, input: {permissions: $permissions}) {
errors {
field
message
}
user {
permissions {
code
}
}
}
}
"""
id = graphene.Node.to_global_id('User', staff_user.id)
variables = json.dumps({'id': id, 'permissions': []})
# check unauthorized access
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
assert_no_permission(response)
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
assert 'errors' not in content
data = content['data']['staffUpdate']
assert data['errors'] == []
assert data['user']['permissions'] == []
def get_session(session_id, fail_url="crapdb:index",
error="No session or session expired",
http_response=False):
'''
Returns a tuple of (status, session or redirect)
- If status is True the second element is a session object
- If status is False the second element is a django redirect
'''
if not is_user_data_valid(session_id, data_type=DataType.OID):
# WTF is this shit?!
print("********get_session() - Session ID length - Somebody is messing around*********")
if not http_response:
return (False, redirect(reverse(fail_url) + "?error={}".format(error)))
else:
return (False, HttpResponse(json.dumps({"redirect": error})))
session = None
try:
session = Session.get_session(session_id)
except KeyError:
if not http_response:
return (False, redirect(reverse(fail_url) + "?error={}".format(error)))
else:
return (False, HttpResponse(json.dumps({"redirect": error})))
return (True, session)
def test_customer_update(admin_api_client, customer_user, user_api_client):
query = """
mutation UpdateCustomer($id: ID!, $note: String) {
customerUpdate(id: $id, input: {note: $note}) {
errors {
field
message
}
user {
id
email
isStaff
isActive
note
}
}
}
"""
id = graphene.Node.to_global_id('User', customer_user.id)
note = 'Test update note'
variables = json.dumps({'id': id, 'note': note})
# check unauthorized access
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
assert_no_permission(response)
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
assert 'errors' not in content
data = content['data']['customerUpdate']
assert data['errors'] == []
assert data['user']['note'] == note
def post(self, request):
if request.user.is_authenticated:
return redirect(reverse('super_store:brands'))
form = self.form_class(request.POST)
message = ''
if form.is_valid():
username = form.cleaned_data['email']
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(self.request, user)
redirect_to = request.GET.get('next', '')
if redirect_to != '':
if is_safe_url(url=redirect_to, host=request.get_host()):
return redirect(redirect_to)
else:
return render(self.request, redirect_to,
{'error': message, 'form': form})
else:
return redirect(reverse('super_store:brands'))
else:
message = Message.LOGIN_DISABLED
else:
message = Message.LOGIN_INVALID
return render(self.request, self.template_name,
{'error': message, 'form': form})
def test_query_users(admin_api_client, user_api_client):
query = """
query Users($isStaff: Boolean) {
users(isStaff: $isStaff) {
totalCount
edges {
node {
isStaff
}
}
}
}
"""
variables = json.dumps({'isStaff': True})
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
users = content['data']['users']['edges']
assert users
assert all([user['node']['isStaff'] for user in users])
variables = json.dumps({'isStaff': False})
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
users = content['data']['users']['edges']
assert users
assert all([not user['node']['isStaff'] for user in users])
# check permissions
response = user_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
assert_no_permission(response)
def test_get_redirect_url(self, waffle_mock, percentage_mock):
student = User.objects.create_user('student', '*****@*****.**', '123123')
# user has instructor and onboarding is enabled and equals 100
waffle_mock.switch_is_active.return_value = True
percentage_mock.return_value = 100
Instructor.objects.create(
user=student,
)
self.assertEqual(get_redirect_url(student), reverse('ctms:my_courses'))
waffle_mock.assert_called()
percentage_mock.assert_called()
# user has instructor and onboarding is enabled and equals less than 100
waffle_mock.reset_mock()
percentage_mock.reset_mock()
waffle_mock.switch_is_active.return_value = True
percentage_mock.return_value = 70
self.assertEqual(get_redirect_url(student), reverse('ctms:onboarding'))
waffle_mock.assert_called()
percentage_mock.assert_called()
# user has instructor and onboarding is disabled
waffle_mock.reset_mock()
percentage_mock.reset_mock()
waffle_mock.switch_is_active.return_value = False
self.assertEqual(get_redirect_url(student), reverse('ctms:my_courses'))
waffle_mock.assert_called()
percentage_mock.assert_called()
def test_create_token_mutation(admin_client, staff_user):
query = '''
mutation {
tokenCreate(email: "%(email)s", password: "******") {
token
errors {
field
message
}
}
}
'''
success_query = query % {'email': staff_user.email, 'password': '******'}
response = admin_client.post(
reverse('api'), json.dumps({'query': success_query}),
content_type='application/json')
content = get_graphql_content(response)
assert 'errors' not in content
token_data = content['data']['tokenCreate']
assert token_data['token']
assert not token_data['errors']
error_query = query % {'email': staff_user.email, 'password': '******'}
response = admin_client.post(
reverse('api'), json.dumps({'query': error_query}),
content_type='application/json')
content = get_graphql_content(response)
assert 'errors' not in content
token_data = content['data']['tokenCreate']
assert not token_data['token']
errors = token_data['errors']
assert errors
assert not errors[0]['field']
def get_application_channel_for_code():
"""
获取应用渠道控制的后台菜单
"""
code_list = [reverse("distribution:receive_experience_card"), reverse("distribution:use_experience_card"), reverse("distribution:add_experience_card"), reverse("distribution:distribution_ratio"), reverse("distribution:distribution_manage"), reverse("distribution:youin_income_list")]
code_list = ",".join(code_list)
return code_list
def test_customer_access(self):
"""
A Customer cannot access any URL
"""
# not logged-in
for url in self.urls_get:
response = self.client.get(url, follow=True)
self.assertTrue(is_login_page(response))
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertTrue(is_login_page(response))
# logged-in. Should throw a 403 or redirect to login
self.client.login(self.user.email)
for url in self.urls_get:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302,
target_status_code=200)
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302,
target_status_code=200)
def test_category_create_mutation(admin_api_client):
query = """
mutation($name: String, $slug: String, $description: String, $parentId: ID) {
categoryCreate(
input: {
name: $name
slug: $slug
description: $description
parent: $parentId
}
) {
category {
id
name
slug
description
parent {
name
id
}
}
errors {
field
message
}
}
}
"""
category_name = 'Test category'
category_slug = slugify(category_name)
category_description = 'Test description'
# test creating root category
variables = json.dumps({
'name': category_name, 'description': category_description,
'slug': category_slug})
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
assert 'errors' not in content
data = content['data']['categoryCreate']
assert data['errors'] == []
assert data['category']['name'] == category_name
assert data['category']['description'] == category_description
assert not data['category']['parent']
# test creating subcategory
parent_id = data['category']['id']
variables = json.dumps({
'name': category_name, 'description': category_description,
'parentId': parent_id, 'slug': category_slug})
response = admin_api_client.post(
reverse('api'), {'query': query, 'variables': variables})
content = get_graphql_content(response)
assert 'errors' not in content
data = content['data']['categoryCreate']
assert data['errors'] == []
assert data['category']['parent']['id'] == parent_id
def test_get_redirect_url_with_invite(self):
student = User.objects.create_user('student', '*****@*****.**', '123123')
instructor_user = User.objects.create_user('instructor', '*****@*****.**', '123123')
Instructor.objects.create(
user=instructor_user,
)
course = Course.objects.create(title='Test title',
description='test description',
access='Public',
enrollCode='111',
lockout='222',
addedBy=instructor_user)
unit = Unit.objects.create(title='Test title', addedBy=instructor_user)
courseunit = CourseUnit.objects.create(
unit=unit, course=course,
order=0, addedBy=instructor_user, releaseTime=timezone.now()
)
enroll_unit_code = EnrollUnitCode.get_code(courseunit, give_instance=True)
# create invite
Invite.create_new(True, course, instructor_user.instructor, student.email, 'student', enroll_unit_code)
# simulate student has come in chat but haven't started it yet
Role.objects.create(
user=student,
course=course,
role=Role.ENROLLED
)
self.assertEqual(get_redirect_url(student), reverse('lms:course_view', kwargs={'course_id': course.id})) # to lms/course from role
course_2 = Course.objects.create(
title='Test title2',
description='test description2',
access='Public',
enrollCode='1112',
lockout='2222',
addedBy=instructor_user
)
unit_2 = Unit.objects.create(title='Test title 2', addedBy=instructor_user)
courseunit_2 = CourseUnit.objects.create(
unit=unit_2, course=course_2,
order=1, addedBy=instructor_user, releaseTime=timezone.now()
)
enroll_unit_code_2 = EnrollUnitCode.get_code(courseunit_2, give_instance=True)
Chat.objects.create(
user=student,
instructor=instructor_user,
enroll_code=enroll_unit_code_2
)
self.assertEqual(get_redirect_url(student), reverse('lms:course_view', kwargs={'course_id': course_2.id})) # to lms/course from role
def update(req, id):
data = req.POST
errors = User.objects.validate(data)
if errors:
req.session['errors'] = errors
return redirect(reverse("edit", kwargs={'id':id}))
user = User.objects.edit_user(data)
return redirect(reverse("show_user", kwargs={'id':user.id}))
def edit_user(request, id):
if request.method == "POST":
errors = User.objects.validate(request.POST)
if errors:
request.session['errors'] = errors
return redirect(reverse('edit', kwargs = {'id':user.id}))
id = request.POST['id']
user = User.objects.edit(request.POST)
return redirect(reverse('show', kwargs = {'id':user.id}))
def get_absolute_url(self):
return reverse("shop:product_category_list", args=[self.slug])
def myaccount(request):
def getParams(request):
params = [
"name_card", "month", "year", "card_no", "cvv", "name_address",
"country", "address", "postcode", "blok", "unit"
]
result = []
for param in params:
result += [request.POST[param]]
return result
def returnParams(request, details, records, total, ids, message):
return render(
request, "library/payment.html", {
"name_card": details[0],
"month": details[1],
"year": details[2],
"card_no": details[3],
"cvv": details[4],
"name_address": details[5],
"country": details[6],
"address": details[7],
"postcode": details[8],
"blok": details[9],
"unit": details[10],
"message": message,
"outstandings": records,
"total": total,
"bookids": ids
})
def payment(request, borrows, reserves, outstandings):
button = request.POST["button"]
# if the user wants to check out
if button == "CHECK OUT":
details = getParams(request)
bookids = request.POST.getlist("ids")
bookids = convertToInteger(bookids)
# if there are missing fileds except block and unit
i = 0
for detail in details:
if i is not 9 and i is not 10 and detail is "":
total = request.POST["total"]
message = "Please fill in the missing fields."
return returnParams(request, details, outstandings, total,
bookids, message)
i += 1
# if the payment is successful
for bookid in bookids:
q = f"SELECT AVAILABILITY FROM BOOK WHERE BOOKID = {bookid}"
c.execute(q)
availability = c.fetchone()
if availability[0] == "BORROWED":
q = f"UPDATE BOOK SET AVAILABILITY = 'AVAILABLE' WHERE BOOKID = {bookid}"
c.execute(q)
elif availability[0] == "RESERVED":
today = (date.today() +
timedelta(days=13)).strftime("%Y-%m-%d")
q = f"UPDATE RESERVES SET DUEDATE = '{today}' WHERE BOOKID = {bookid}"
c.execute(q)
q = f"DELETE FROM BORROWS WHERE BOOKID = {bookid}"
c.execute(q)
request.session["message"] = "Payment successful."
return HttpResponseRedirect(reverse("myaccount"))
# get selected bookids
if "bookids" not in request.POST:
return render(
request, "library/myaccount.html", {
"borrows": borrows,
"reserves": reserves,
"outstandings": outstandings,
"total": 0
})
results = dict(request.POST)["bookids"]
bookids = [int(i) for i in results]
# calculate total fine
sum = 0
for record in list(outstandings):
if list(record)[0] in bookids:
sum += list(record)[3]
# if the user wants to calculate the fines
if button == "Calculate":
return render(
request, "library/myaccount.html", {
"borrows": borrows,
"reserves": reserves,
"outstandings": outstandings,
"total": sum,
"bookids": bookids
})
# if the user wants to pay
if button == "Pay":
return render(request, "library/payment.html", {
"total": sum,
"outstandings": outstandings,
"bookids": bookids
})
if "userid" not in request.session:
if "admin" in request.session:
request.session[
"message"] = "Please log out and sign in as a member user."
return HttpResponseRedirect(reverse("adminhome"))
return HttpResponseRedirect(reverse("login"))
# get system messages
message = getSessionMessage(request)
# get the borrow records
userid = request.session["userid"][0]
# if the user has unpaid fines, clear all reservations
checkUnpaidFines(userid)
c = connection.cursor()
q = f"SELECT BOOKID, TITLE, DUEDATE, EXTENSION FROM "\
f"BORROWS NATURAL JOIN BOOK WHERE USERID = '{userid}'"
c.execute(q)
borrows = c.fetchall()
# get the reserve records
q = f"WITH T AS (SELECT BOOKID AS TBOOKID, TITLE, DUEDATE AS RESERVEDATE "\
f"FROM RESERVES NATURAL JOIN BOOK WHERE USERID = '{userid}') "\
f"SELECT TBOOKID, TITLE, RESERVEDATE, DUEDATE AS BORROWDATE "\
f"FROM T LEFT JOIN BORROWS ON BOOKID = TBOOKID"
c.execute(q)
reserves = c.fetchall()
# get outstanding fees records
c = connection.cursor()
q = f"SELECT BOOKID, TITLE, DUEDATE, DATEDIFF(NOW(), DUEDATE) AS AMOUNT " \
f"FROM BORROWS NATURAL JOIN BOOK WHERE DATEDIFF(NOW(), DUEDATE) > 0 AND USERID = '{userid}'"
c.execute(q)
outstandings = c.fetchall()
# if the user press calculate or pay buttons
if request.method == "POST":
return payment(request, borrows, reserves, outstandings)
return render(
request, "library/myaccount.html", {
"message": message,
"borrows": borrows,
"reserves": reserves,
"outstandings": outstandings
})
def get_absolute_url(self):
return reverse("shop:product_detail", args=[self.id, self.slug])
def get_success_url(self):
return reverse('post-detail', args=[self.get_object().post.id])
def get_absolute_url(self):
return reverse("detail", kwargs={
'slug' : self.slug
})
def get_absolute_url(self):
return reverse("core:product", kwargs={'slug': self.slug})
def get_success_url(self):
return reverse('direcciones_envio:direcciones')
def get_absolute_url(self):
return reverse('tag_detail_url', kwargs={'slug': self.slug})
def get_success_url(self):
return reverse("authors_admin:index")
def payment(request, borrows, reserves, outstandings):
button = request.POST["button"]
# if the user wants to check out
if button == "CHECK OUT":
details = getParams(request)
bookids = request.POST.getlist("ids")
bookids = convertToInteger(bookids)
# if there are missing fileds except block and unit
i = 0
for detail in details:
if i is not 9 and i is not 10 and detail is "":
total = request.POST["total"]
message = "Please fill in the missing fields."
return returnParams(request, details, outstandings, total,
bookids, message)
i += 1
# if the payment is successful
for bookid in bookids:
q = f"SELECT AVAILABILITY FROM BOOK WHERE BOOKID = {bookid}"
c.execute(q)
availability = c.fetchone()
if availability[0] == "BORROWED":
q = f"UPDATE BOOK SET AVAILABILITY = 'AVAILABLE' WHERE BOOKID = {bookid}"
c.execute(q)
elif availability[0] == "RESERVED":
today = (date.today() +
timedelta(days=13)).strftime("%Y-%m-%d")
q = f"UPDATE RESERVES SET DUEDATE = '{today}' WHERE BOOKID = {bookid}"
c.execute(q)
q = f"DELETE FROM BORROWS WHERE BOOKID = {bookid}"
c.execute(q)
request.session["message"] = "Payment successful."
return HttpResponseRedirect(reverse("myaccount"))
# get selected bookids
if "bookids" not in request.POST:
return render(
request, "library/myaccount.html", {
"borrows": borrows,
"reserves": reserves,
"outstandings": outstandings,
"total": 0
})
results = dict(request.POST)["bookids"]
bookids = [int(i) for i in results]
# calculate total fine
sum = 0
for record in list(outstandings):
if list(record)[0] in bookids:
sum += list(record)[3]
# if the user wants to calculate the fines
if button == "Calculate":
return render(
request, "library/myaccount.html", {
"borrows": borrows,
"reserves": reserves,
"outstandings": outstandings,
"total": sum,
"bookids": bookids
})
# if the user wants to pay
if button == "Pay":
return render(request, "library/payment.html", {
"total": sum,
"outstandings": outstandings,
"bookids": bookids
})
def get_absolute_url(self):
return reverse("profiles:profile-detail-view",
kwargs={"slug": self.slug})
def get_absolute_url(self):
return reverse('core:products-page', kwargs={'slug': self.slug})
def get_add_to_cart_url(self):
return reverse('core:add-to-cart', kwargs={'slug': self.slug})
def get_remove_from_cart_url(self):
return reverse('core:remove-from-cart', kwargs={'slug': self.slug})
def get_absolute_url(self):
return reverse("screenshot_get", kwargs={"id": self.id})
def test_phone_number_field_type(api_client, data_fixture):
user, token = data_fixture.create_user_and_token(email="*****@*****.**",
password="******",
first_name="Test1")
table = data_fixture.create_database_table(user=user)
response = api_client.post(
reverse("api:database:fields:list", kwargs={"table_id": table.id}),
{
"name": "phone",
"type": "phone_number"
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json["type"] == "phone_number"
assert PhoneNumberField.objects.all().count() == 1
field_id = response_json["id"]
response = api_client.patch(
reverse("api:database:fields:item", kwargs={"field_id": field_id}),
{"name": "Phone"},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == HTTP_200_OK
expected_phone_number = "+44761198672"
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{f"field_{field_id}": expected_phone_number},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json[f"field_{field_id}"] == expected_phone_number
model = table.get_model(attribute_names=True)
row = model.objects.all().last()
assert row.phone == expected_phone_number
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{f"field_{field_id}": ""},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json[f"field_{field_id}"] == ""
row = model.objects.all().last()
assert row.phone == ""
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{f"field_{field_id}": None},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json[f"field_{field_id}"] == ""
row = model.objects.all().last()
assert row.phone == ""
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json[f"field_{field_id}"] == ""
row = model.objects.all().last()
assert row.phone == ""
email = reverse("api:database:fields:item", kwargs={"field_id": field_id})
response = api_client.delete(email, HTTP_AUTHORIZATION=f"JWT {token}")
assert response.status_code == HTTP_204_NO_CONTENT
assert PhoneNumberField.objects.all().count() == 0
def get_delete_url(self):
return reverse('tag_delete_url', kwargs={'slug': self.slug})
def get_absolute_url(self):
return reverse("blog:blog_detail", kwargs={"slug": self.slug})
def get_update_url(self):
return reverse('post_update_url', kwargs={'slug': self.slug})
def form_valid(self, form):
pk = self.kwargs.get("pk")
form.save(pk)
messages.success(self.request, "Photo Uploaded")
return redirect(reverse("rooms:photos", kwargs={"pk": pk}))
def get_absolute_url(self):
return reverse('movie_detail', kwargs={'slug': self.url})
def get_success_url(self):
room_pk = self.kwargs.get("room_pk")
return reverse("rooms:photos", kwargs={"pk": room_pk})
def user_logout(request):
logout(request)
return redirect(reverse('article:article_list'))
def test_deleting_movie(self):
response = self.client.delete(reverse('detail', kwargs={'pk': 1}))
self.assertEqual(204, response.status_code)
def get_blog_url(self):
return reverse("home:blog", kwargs={'slug': self.slug})
def test_getting_movies(self):
response = self.client.get(reverse('movies'), format="json")
self.assertEqual(len(response.data), 1)
def logout(request):
dj_logout(request)
return HttpResponseRedirect(reverse('deals_app:base'))
def logout(request):
"""Log the user out"""
auth.logout(request)
messages.success(request,
"You have sucessfully logged out! Hope to see back soon")
return redirect(reverse('index'))
def test_number_field_type(api_client, data_fixture):
user, token = data_fixture.create_user_and_token(email="*****@*****.**",
password="******",
first_name="Test1")
table = data_fixture.create_database_table(user=user)
# Create a positive integer field
response = api_client.post(
reverse("api:database:fields:list", kwargs={"table_id": table.id}),
{
"name": "PositiveInt",
"type": "number",
"number_type": "INTEGER",
"number_negative": False,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
# Make sure the field was created properly
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json["type"] == "number"
assert NumberField.objects.all().count() == 1
positive_int_field_id = response_json["id"]
# Create a negative integer field
response = api_client.post(
reverse("api:database:fields:list", kwargs={"table_id": table.id}),
{
"name": "NegativeInt",
"type": "number",
"number_type": "INTEGER",
"number_negative": True,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
# Make sure the field was created properly
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json["type"] == "number"
assert NumberField.objects.all().count() == 2
negative_int_field_id = response_json["id"]
# Create a positive decimal field
response = api_client.post(
reverse("api:database:fields:list", kwargs={"table_id": table.id}),
{
"name": "PositiveDecimal",
"type": "number",
"number_type": "DECIMAL",
"number_negative": False,
"number_decimal_places": 2,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
# Make sure the field was created properly
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json["type"] == "number"
assert NumberField.objects.all().count() == 3
positive_decimal_field_id = response_json["id"]
# Create a negative decimal field
response = api_client.post(
reverse("api:database:fields:list", kwargs={"table_id": table.id}),
{
"name": "NegativeDecimal",
"type": "number",
"number_type": "DECIMAL",
"number_negative": True,
"number_decimal_places": 2,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
# Make sure the field was created properly
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json["type"] == "number"
assert NumberField.objects.all().count() == 4
negative_decimal_field_id = response_json["id"]
# Test re-writing the name of a field. 'PositiveInt' is now called 'PositiveIntEdit'
response = api_client.patch(
reverse("api:database:fields:item",
kwargs={"field_id": positive_int_field_id}),
{"name": "PositiveIntEdit"},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == HTTP_200_OK
# Add a row with correct values
valid_pos_int = "99999999999999999999999999999999999999999999999999"
valid_neg_int = "-99999999999999999999999999999999999999999999999999"
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{
f"field_{positive_int_field_id}": valid_pos_int,
f"field_{negative_int_field_id}": valid_neg_int,
f"field_{positive_decimal_field_id}": 1000.00,
f"field_{negative_decimal_field_id}": -1000.00,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json[f"field_{positive_int_field_id}"] == valid_pos_int
assert response_json[f"field_{negative_int_field_id}"] == valid_neg_int
assert response_json[f"field_{positive_decimal_field_id}"] == "1000.00"
assert response_json[f"field_{negative_decimal_field_id}"] == "-1000.00"
model = table.get_model(attribute_names=True)
row = model.objects.all().last()
assert row.positiveintedit == Decimal(valid_pos_int)
assert row.negativeint == Decimal(valid_neg_int)
assert row.positivedecimal == Decimal(1000.00)
assert row.negativedecimal == Decimal(-1000.00)
# Add a row with Nones'
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{
f"field_{positive_int_field_id}": None,
f"field_{negative_int_field_id}": None,
f"field_{positive_decimal_field_id}": None,
f"field_{negative_decimal_field_id}": None,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json[f"field_{positive_int_field_id}"] is None
assert response_json[f"field_{negative_int_field_id}"] is None
assert response_json[f"field_{positive_decimal_field_id}"] is None
assert response_json[f"field_{negative_decimal_field_id}"] is None
row = model.objects.all().last()
assert row.positiveintedit is None
assert row.negativeint is None
assert row.positivedecimal is None
assert row.negativedecimal is None
# Add a row with an integer that's too big
invalid_pos_int = "999999999999999999999999999999999999999999999999999"
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{
f"field_{positive_int_field_id}": invalid_pos_int,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (response_json["detail"][f"field_{positive_int_field_id}"][0]
["code"] == "max_digits")
# Add a row with an integer that's too small
invalid_neg_int = "-9999999999999999999999999999999999999999999999999999"
response = api_client.post(
reverse("api:database:rows:list", kwargs={"table_id": table.id}),
{
f"field_{negative_int_field_id}": invalid_neg_int,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (response_json["detail"][f"field_{positive_int_field_id}"][0]
["code"] == "max_digits")
def location(self, item):
return reverse(item)
