def add_book(request):
"""
Tests:
- GETTest
- SecurityTest
"""
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.method == "POST":
form = BookForm(request.POST)
if form.is_valid():
student_id = form.cleaned_data['seller']
price = form.cleaned_data['price']
barcode = form.cleaned_data['barcode']
try:
metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
initial = {
'barcode' : barcode,
'seller' : student_id,
'price' : price,
'edition' : '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form' : form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller = User.objects.get(id=student_id)
except User.DoesNotExist:
seller = import_user(student_id)
if seller == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
book = Book(price=price, status="F", metabook=metabook, seller=seller)
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {
'title' : metabook.title,
'book_id' : book.id
}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
# the form isn't valid. send the user back.
var_dict = {'form' : form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
else:
# the user is hitting the page for the first time
form = BookForm()
var_dict = {'form' : form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def add_book(request):
"""
Tests:
- GETTest
- SecurityTest
"""
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.method == "POST":
form = BookForm(request.POST)
if form.is_valid():
student_id = form.cleaned_data['seller']
price = form.cleaned_data['price']
barcode = form.cleaned_data['barcode']
try:
metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
initial = {
'barcode': barcode,
'seller': student_id,
'price': price,
'edition': '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form': form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller = User.objects.get(id=student_id)
except User.DoesNotExist:
seller = import_user(student_id)
if seller == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
book = Book(price=price,
status="F",
metabook=metabook,
seller=seller)
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {'title': metabook.title, 'book_id': book.id}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
# the form isn't valid. send the user back.
var_dict = {'form': form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
else:
# the user is hitting the page for the first time
form = BookForm()
var_dict = {'form': form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request):
"""
Applies changes to a book made on the edit page
If the barcode doesn't exist,
it makes the user create a MetaBook object as well
Tests:
- GETTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
form = BookForm(request.POST)
if form.is_valid():
id_to_edit = request.POST.get('idToEdit')
try:
book = Book.objects.get(id=id_to_edit)
except Book.DoesNotExist:
message = 'Book with ref# "%s" does not exist' % id_to_edit
return tidy_error(request, message)
try:
barcode = form.cleaned_data['barcode']
book.metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
# barcode doesn't exist in db, we have to create a metabook.
initial = {
'barcode': barcode,
'seller' : form.cleaned_data['seller'],
'price' : form.cleaned_data['price'],
'book_id' : book.id,
'edition' : '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form' : form}
template = 'books/attach_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller_id = form.cleaned_data['seller']
book.seller = User.objects.get(id=seller_id)
except User.DoesNotExist:
user = import_user(seller_id)
if user == None:
message = "Invalid Student ID: %s" % id_to_edit
return tidy_error(request, message)
book.seller = user
book.price = form.cleaned_data['price']
book.save()
Log(who=request.user, action='E', book=book).save()
var_dict = {'book' : book}
template = 'books/update_book/edited.html'
return rtr(template, var_dict, context_instance=RC(request))
elif request.POST.get('idToEdit'):
# form isn't valid, but we have an id to work with. send user back
id_to_edit = request.POST.get('idToEdit')
var_dict = {
'form' : form,
'too_many' : False,
'id' : id_to_edit,
'logs' : Log.objects.filter(book=id_to_edit),
}
template = 'books/update_book/edit.html'
return rtr(template, var_dict, context_instance=RC(request))
def update_book(request):
"""
This view is used to update book data
Tests:
- GETTest
- EmailTest
- HoldGlitchTest
- NotAllowedTest
"""
if not request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
bunch = Book.objects.none()
action = request.POST.get("Action", '')
# We need at least 1 thing to edit, otherwise bad things can happen
# Since the keys have to be unique, the template appends a number to each idToEdit
if not request.POST.has_key('idToEdit'):
var_dict = {
'message': "Didn't get any books to process",
}
t = loader.get_template('400.html')
c = RC(request, var_dict)
return HttpResponseBadRequest(t.render(c))
# For each form key of idToEdit add its value to our list of items to process
for value in request.POST.getlist('idToEdit'):
bunch = bunch | Book.objects.filter(pk=int(value))
if action == "Delete":
bunch = bunch.exclude(status='D')
for book in bunch:
Log(action='D', book=book, who=request.user).save()
var_dict = {'num_deleted': bunch.count()}
bunch.update(status='D')
template = 'books/update_book/deleted.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action[:1] == "To Be Deleted"[:1]:
# apparently some browsers have issues passing spaces
# can't do this for Deleted, Seller Paid, and Sold Books
bunch = bunch.exclude(status__in='DPS')
send_tbd_emails(bunch)
for book in bunch:
Log(action='T', book=book, who=request.user).save()
var_dict = {
'num_doomed': bunch.count(),
'num_owners': len(set(map(lambda x: x.seller, bunch))),
}
bunch.update(status='T')
template = 'books/update_book/to_be_deleted.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action == "Sold":
# Allow only if For Sale or On Hold
bunch = bunch.filter(status__in='FO')
for book in bunch:
Log(action='S', book=book, who=request.user).save()
send_sold_emails(list(bunch))
var_dict = {
'sold': bunch.count(),
'num_owners': len(set(map(lambda x: x.seller, bunch))),
}
bunch.update(status='S', sell_date=datetime.today())
template = 'books/update_book/sold.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action[:5] == "Seller Paid"[:5]:
# apparently some browsers have issues passing spaces
# only staff can do this
if not request.user.is_staff:
bunch = Book.objects.none()
# A Seller can be paid only after the book was sold
else:
bunch = bunch.filter(status='S')
for book in bunch:
Log(action='P', book=book, who=request.user).save()
var_dict = {'paid': bunch.count()}
bunch.update(status='P')
template = 'books/update_book/seller_paid.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action == "Missing":
# Must be For Sale, On Hold or To Be Deleted for it to go Missing
bunch = bunch.filter(status__in='FOT')
for book in bunch:
Log(action='M', book=book, who=request.user).save()
send_missing_emails(bunch)
var_dict = {
'num_owners': len(set(map(lambda x: x.seller, bunch))),
'num_missing': bunch.count(),
}
bunch.update(status='M')
template = 'books/update_book/missing.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action[:4] == "Place on Hold"[:4]:
# apparently some browsers have issues passing spaces
extended = bunch.filter(status='O', holder=request.user)
new_hold = bunch.filter(status='F')
failed = bunch.exclude(status__in='OF', holder=request.user)
for book in new_hold:
Log(action='O', book=book, who=request.user).save()
for book in extended:
Log(action='X', book=book, who=request.user).save()
held = extended | new_hold
var_dict = {
'failed': failed,
'extended': extended,
'new_hold': new_hold,
'num_held': held.count(),
'total_price': sum(map(lambda x: x.price, held)),
}
extended.update(hold_date=datetime.today())
new_hold.update(status='O',
hold_date=datetime.today(),
holder=request.user)
template = 'books/update_book/place_hold.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action[:5] == "Remove Holds"[:5]:
bunch = bunch.filter(status='O')
if not request.user.is_staff: bunch = bunch.filter(holder=request.user)
for book in bunch:
Log(action='R', book=book, who=request.user).save()
var_dict = {'removed': bunch.count()}
bunch.update(status='F', hold_date=None, holder=None)
template = 'books/update_book/remove_holds.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action == "Edit":
if bunch.count() > 1: too_many = True
else: too_many = False
item = bunch[0]
initial = {
'seller': item.seller.id,
'price': item.price,
'barcode': item.metabook.barcode,
}
form = BookForm(initial=initial)
logs = Log.objects.filter(book=item)
var_dict = {
'form': form,
'too_many': too_many,
'id': item.id,
'logs': logs,
}
template = 'books/update_book/edit.html'
return rtr(template, var_dict, context_instance=RC(request))
elif action == "Undelete":
# only staff can do this
if not request.user.is_staff:
bunch = Book.objects.none()
# Filter out any books that aren't deleted
bunch = bunch.filter(status='D')
# For each book revert to what its previous status was before being deleted
for book in bunch:
book.status = book.previous_status()
book.save()
Log(action='U', book=book, who=request.user).save()
var_dict = {'num_undeleted': bunch.count()}
template = 'books/update_book/undeleted.html'
return rtr(template, var_dict, context_instance=RC(request))
else:
var_dict = {'action': action}
template = 'books/update_book/error.html'
return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request):
"""
Applies changes to a book made on the edit page
If the barcode doesn't exist,
it makes the user create a MetaBook object as well
Tests:
- GETTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
form = BookForm(request.POST)
if form.is_valid():
id_to_edit = request.POST.get('idToEdit')
try:
book = Book.objects.get(id=id_to_edit)
except Book.DoesNotExist:
message = 'Book with ref# "%s" does not exist' % id_to_edit
return tidy_error(request, message)
try:
barcode = form.cleaned_data['barcode']
book.metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
# barcode doesn't exist in db, we have to create a metabook.
initial = {
'barcode': barcode,
'seller': form.cleaned_data['seller'],
'price': form.cleaned_data['price'],
'book_id': book.id,
'edition': '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form': form}
template = 'books/attach_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller_id = form.cleaned_data['seller']
book.seller = User.objects.get(id=seller_id)
except User.DoesNotExist:
user = import_user(seller_id)
if user == None:
message = "Invalid Student ID: %s" % id_to_edit
return tidy_error(request, message)
book.seller = user
book.price = form.cleaned_data['price']
book.save()
Log(who=request.user, action='E', book=book).save()
var_dict = {'book': book}
template = 'books/update_book/edited.html'
return rtr(template, var_dict, context_instance=RC(request))
elif request.POST.get('idToEdit'):
# form isn't valid, but we have an id to work with. send user back
id_to_edit = request.POST.get('idToEdit')
var_dict = {
'form': form,
'too_many': False,
'id': id_to_edit,
'logs': Log.objects.filter(book=id_to_edit),
}
template = 'books/update_book/edit.html'
return rtr(template, var_dict, context_instance=RC(request))
