def edit_note(request):
""" Function to edit existing note. Checks user rights before editing. """
note_id = request.GET.get('id', '')
note = Notes.objects.get(id=note_id)
error = ''
user = User.objects.get(id=request.user.id)
if note.user_id != user.id: # additional check in case of cheating
error = 'This note is private, only author can edit this note.'
if request.method == 'POST':
cleaned_body = django_wysiwyg.clean_html(request.POST['body'])
form = NoteForm(request.POST, instance=note)
form.instance.user = user
form.instance.body = cleaned_body
form.instance.date = timezone.now()
if form.is_valid():
form.save()
return HttpResponseRedirect('/show_note/?id={}'.format(note_id),
RequestContext(request))
else:
form = NoteForm(instance=note)
return render_to_response('notes/edit_note.html', {
'form': form,
'note_id': note_id,
'error': error
}, RequestContext(request))
def add_note(request):
""" Function to add new note. """
redirect_to = request.GET.get('next', '/home/')
if request.method == 'POST':
user = User.objects.get(id=request.user.id)
cleaned_body = django_wysiwyg.clean_html(request.POST['body'])
form = NoteForm(request.POST)
form.instance.user = user
form.instance.body = cleaned_body
if form.is_valid():
form.save()
messages.info(request, "Your note was successfully saved.")
return HttpResponseRedirect(redirect_to, RequestContext(request))
else:
form = NoteForm()
return render_to_response('notes/add_note.html', {
'form': form,
'redirect_to': redirect_to
}, RequestContext(request))