def user(request, user_id):
"""
Tests:
- GETTest
- SecurityTest
"""
if request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request, {})
return HttpResponseForbidden(t.render(c))
try:
user_obj = User.objects.get(id=user_id)
except User.DoesNotExist:
user_obj = import_user(user_id)
if user_obj == None:
message = "Invalid Student ID: %s" % user_id
return tidy_error(request, message)
logs_of_books_for_sale = Log.objects.filter(book__seller=user_obj).filter(action='A')
var_dict = {
'user_obj' : user_obj,
'logs' : Log.objects.filter(who=user_obj).order_by('when'),
'logs_of_books_for_sale' : logs_of_books_for_sale,
}
return rtr('books/reports/user.html', var_dict, context_instance=RC(request))
def user(request, user_id):
"""
Tests:
- GETTest
- SecurityTest
"""
if request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request, {})
return HttpResponseForbidden(t.render(c))
try:
user_obj = User.objects.get(id=user_id)
except User.DoesNotExist:
user_obj = import_user(user_id)
if user_obj == None:
message = "Invalid Student ID: %s" % user_id
return tidy_error(request, message)
logs_of_books_for_sale = Log.objects.filter(book__seller=user_obj).filter(
action='A')
var_dict = {
'user_obj': user_obj,
'logs': Log.objects.filter(who=user_obj).order_by('when'),
'logs_of_books_for_sale': logs_of_books_for_sale,
}
return rtr('books/reports/user.html',
var_dict,
context_instance=RC(request))
def add_new_book(request):
"""
Tests:
- GETTest
- AddNewBookTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == 'POST':
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.POST.get("Action", '') == 'Add':
form = NewBookForm(request.POST)
if form.is_valid():
# This came from the add_book view, and we need to
# create a book and a metabook
barcode = form.cleaned_data['barcode']
price = form.cleaned_data['price']
sid = form.cleaned_data['seller']
author = form.cleaned_data['author']
title = form.cleaned_data['title']
ed = form.cleaned_data['edition']
dept = form.cleaned_data['department']
course_num = form.cleaned_data['course_number']
metabook = MetaBook(barcode=barcode, author=author, title=title, edition=ed)
metabook.save()
goc = Course.objects.get_or_create
course, created = goc(department=dept, number=course_num)
metabook.courses.add(course)
metabook.save()
try:
seller = User.objects.get(pk=sid)
except User.DoesNotExist:
seller = import_user(sid)
if seller == None:
message = "Invalid Student ID: %s" % sid
return tidy_error(request, message)
book = Book(seller=seller, price=Decimal(price), metabook=metabook)
book.status = 'F'
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {
'title' : metabook.title,
'author' : metabook.author,
'seller_name' : seller.get_full_name(),
'book_id' : book.id,
}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
var_dict = {'form' : form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def add_book(request):
"""
Tests:
- GETTest
- SecurityTest
"""
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.method == "POST":
form = BookForm(request.POST)
if form.is_valid():
student_id = form.cleaned_data['seller']
price = form.cleaned_data['price']
barcode = form.cleaned_data['barcode']
try:
metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
initial = {
'barcode' : barcode,
'seller' : student_id,
'price' : price,
'edition' : '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form' : form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller = User.objects.get(id=student_id)
except User.DoesNotExist:
seller = import_user(student_id)
if seller == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
book = Book(price=price, status="F", metabook=metabook, seller=seller)
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {
'title' : metabook.title,
'book_id' : book.id
}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
# the form isn't valid. send the user back.
var_dict = {'form' : form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
else:
# the user is hitting the page for the first time
form = BookForm()
var_dict = {'form' : form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def add_book(request):
"""
Tests:
- GETTest
- SecurityTest
"""
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.method == "POST":
form = BookForm(request.POST)
if form.is_valid():
student_id = form.cleaned_data['seller']
price = form.cleaned_data['price']
barcode = form.cleaned_data['barcode']
try:
metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
initial = {
'barcode': barcode,
'seller': student_id,
'price': price,
'edition': '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form': form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller = User.objects.get(id=student_id)
except User.DoesNotExist:
seller = import_user(student_id)
if seller == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
book = Book(price=price,
status="F",
metabook=metabook,
seller=seller)
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {'title': metabook.title, 'book_id': book.id}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
# the form isn't valid. send the user back.
var_dict = {'form': form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
else:
# the user is hitting the page for the first time
form = BookForm()
var_dict = {'form': form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def my_books(request):
"""
Displays books the user has on hold
and is selling, sorts by search box, filters, calculates total prices
Tests: GETTest
"""
#gets users books
selling = Book.objects.filter(seller = request.user)
holding = Book.objects.filter(holder = request.user)
priceHold = 0
priceSell = 0
searched = False
#calculate totals for book
for book in holding:
priceHold = book.price + priceHold
for book in selling:
priceSell = book.price + priceSell
# Filter for the search box
if request.GET.has_key("filter") and request.GET.has_key("field"):
# only run the filter if the GET args are there
selling = book_filter(request.GET["filter"] , request.GET["field"],
selling)
holding = book_filter(request.GET["filter"] , request.GET["field"],
holding)
searched = True
# Sorts results by request
elif request.GET.has_key("sort_by") and request.GET.has_key("dir"):
holding = book_sort(request.GET["sort_by"], request.GET["dir"])
holding = holding.filter(holder = request.user)
elif request.GET.has_key("sort_with") and request.GET.has_key("dir"):
selling = book_sort(request.GET["sort_with"], request.GET["dir"])
selling = selling.filter(seller = request.user)
var_dict = {
'sellP' : selling,
'holdP' : holding,
'priceH' : priceHold,
'priceS' : priceSell,
'field' : request.GET.get('field', 'any_field'),
'filter_text' : request.GET.get('filter', ''),
'search' : searched
}
template = 'books/my_books.html'
return rtr(template, var_dict, context_instance=RC(request))
# Save New User
if action == "Save":
role = request.POST.get("role", '')
try:
user = User.objects.get(id = student_id)
except User.DoesNotExist:
user = import_user(student_id)
if user == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
if request.POST.get("role", '') == "Administrator":
user.is_superuser = True
user.is_staff = True
user.save()
else:
user.is_superuser = False
user.is_staff = True
user.save()
var_dict = {
'user_name' : user.get_full_name(),
'administrator' : user.is_superuser,
}
template = 'books/update_staff/saved.html'
return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request):
"""
Applies changes to a book made on the edit page
If the barcode doesn't exist,
it makes the user create a MetaBook object as well
Tests:
- GETTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
form = BookForm(request.POST)
if form.is_valid():
id_to_edit = request.POST.get('idToEdit')
try:
book = Book.objects.get(id=id_to_edit)
except Book.DoesNotExist:
message = 'Book with ref# "%s" does not exist' % id_to_edit
return tidy_error(request, message)
try:
barcode = form.cleaned_data['barcode']
book.metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
# barcode doesn't exist in db, we have to create a metabook.
initial = {
'barcode': barcode,
'seller' : form.cleaned_data['seller'],
'price' : form.cleaned_data['price'],
'book_id' : book.id,
'edition' : '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form' : form}
template = 'books/attach_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller_id = form.cleaned_data['seller']
book.seller = User.objects.get(id=seller_id)
except User.DoesNotExist:
user = import_user(seller_id)
if user == None:
message = "Invalid Student ID: %s" % id_to_edit
return tidy_error(request, message)
book.seller = user
book.price = form.cleaned_data['price']
book.save()
Log(who=request.user, action='E', book=book).save()
var_dict = {'book' : book}
template = 'books/update_book/edited.html'
return rtr(template, var_dict, context_instance=RC(request))
elif request.POST.get('idToEdit'):
# form isn't valid, but we have an id to work with. send user back
id_to_edit = request.POST.get('idToEdit')
var_dict = {
'form' : form,
'too_many' : False,
'id' : id_to_edit,
'logs' : Log.objects.filter(book=id_to_edit),
}
template = 'books/update_book/edit.html'
return rtr(template, var_dict, context_instance=RC(request))
def add_new_book(request):
"""
Tests:
- GETTest
- AddNewBookTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == 'POST':
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.POST.get("Action", '') == 'Add':
form = NewBookForm(request.POST)
if form.is_valid():
# This came from the add_book view, and we need to
# create a book and a metabook
barcode = form.cleaned_data['barcode']
price = form.cleaned_data['price']
sid = form.cleaned_data['seller']
author = form.cleaned_data['author']
title = form.cleaned_data['title']
ed = form.cleaned_data['edition']
dept = form.cleaned_data['department']
course_num = form.cleaned_data['course_number']
metabook = MetaBook(barcode=barcode,
author=author,
title=title,
edition=ed)
metabook.save()
goc = Course.objects.get_or_create
course, created = goc(department=dept, number=course_num)
metabook.courses.add(course)
metabook.save()
try:
seller = User.objects.get(pk=sid)
except User.DoesNotExist:
seller = import_user(sid)
if seller == None:
message = "Invalid Student ID: %s" % sid
return tidy_error(request, message)
book = Book(seller=seller, price=Decimal(price), metabook=metabook)
book.status = 'F'
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {
'title': metabook.title,
'author': metabook.author,
'seller_name': seller.get_full_name(),
'book_id': book.id,
}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
var_dict = {'form': form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def my_books(request):
"""
Displays books the user has on hold
and is selling, sorts by search box, filters, calculates total prices
Tests: GETTest
"""
#gets users books
selling = Book.objects.filter(seller=request.user)
holding = Book.objects.filter(holder=request.user)
priceHold = 0
priceSell = 0
searched = False
#calculate totals for book
for book in holding:
priceHold = book.price + priceHold
for book in selling:
priceSell = book.price + priceSell
# Filter for the search box
if request.GET.has_key("filter") and request.GET.has_key("field"):
# only run the filter if the GET args are there
selling = book_filter(request.GET["filter"], request.GET["field"],
selling)
holding = book_filter(request.GET["filter"], request.GET["field"],
holding)
searched = True
# Sorts results by request
elif request.GET.has_key("sort_by") and request.GET.has_key("dir"):
holding = book_sort(request.GET["sort_by"], request.GET["dir"])
holding = holding.filter(holder=request.user)
elif request.GET.has_key("sort_with") and request.GET.has_key("dir"):
selling = book_sort(request.GET["sort_with"], request.GET["dir"])
selling = selling.filter(seller=request.user)
var_dict = {
'sellP': selling,
'holdP': holding,
'priceH': priceHold,
'priceS': priceSell,
'field': request.GET.get('field', 'any_field'),
'filter_text': request.GET.get('filter', ''),
'search': searched
}
template = 'books/my_books.html'
return rtr(template, var_dict, context_instance=RC(request))
# Save New User
if action == "Save":
role = request.POST.get("role", '')
try:
user = User.objects.get(id=student_id)
except User.DoesNotExist:
user = import_user(student_id)
if user == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
if request.POST.get("role", '') == "Administrator":
user.is_superuser = True
user.is_staff = True
user.save()
else:
user.is_superuser = False
user.is_staff = True
user.save()
var_dict = {
'user_name': user.get_full_name(),
'administrator': user.is_superuser,
}
template = 'books/update_staff/saved.html'
return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request):
"""
Applies changes to a book made on the edit page
If the barcode doesn't exist,
it makes the user create a MetaBook object as well
Tests:
- GETTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
form = BookForm(request.POST)
if form.is_valid():
id_to_edit = request.POST.get('idToEdit')
try:
book = Book.objects.get(id=id_to_edit)
except Book.DoesNotExist:
message = 'Book with ref# "%s" does not exist' % id_to_edit
return tidy_error(request, message)
try:
barcode = form.cleaned_data['barcode']
book.metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
# barcode doesn't exist in db, we have to create a metabook.
initial = {
'barcode': barcode,
'seller': form.cleaned_data['seller'],
'price': form.cleaned_data['price'],
'book_id': book.id,
'edition': '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form': form}
template = 'books/attach_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller_id = form.cleaned_data['seller']
book.seller = User.objects.get(id=seller_id)
except User.DoesNotExist:
user = import_user(seller_id)
if user == None:
message = "Invalid Student ID: %s" % id_to_edit
return tidy_error(request, message)
book.seller = user
book.price = form.cleaned_data['price']
book.save()
Log(who=request.user, action='E', book=book).save()
var_dict = {'book': book}
template = 'books/update_book/edited.html'
return rtr(template, var_dict, context_instance=RC(request))
elif request.POST.get('idToEdit'):
# form isn't valid, but we have an id to work with. send user back
id_to_edit = request.POST.get('idToEdit')
var_dict = {
'form': form,
'too_many': False,
'id': id_to_edit,
'logs': Log.objects.filter(book=id_to_edit),
}
template = 'books/update_book/edit.html'
return rtr(template, var_dict, context_instance=RC(request))
