def add_work_item(request, wip_report): report = get_object_or_404(WIPReport, name=wip_report) # Some security allow_access = False for group in request.user.groups.all(): if group in report.write_acl.all(): allow_access = True if allow_access: if request.method == 'POST': form = WIPItemEditorForm(report, request.POST) if form.is_valid(): t = form.save() heading = Heading.objects.get(id=request.POST['heading']) heading.wip_items.add(t) heading.save() _add_wip_to_archive(report) return HttpResponse( return_json_success() ) else: return HttpResponse( handle_form_errors(form.errors)) else: return HttpResponse( handle_form_errors(form.errors)) else: return HttpResponse( handle_form_errors(form.errors))