Esempio n. 1
0
def add_book(request):
    """
    Tests:
        - GETTest
        - SecurityTest
    """
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    if request.method == "POST":
        form = BookForm(request.POST)
        if form.is_valid():
            student_id = form.cleaned_data['seller']
            price = form.cleaned_data['price']
            barcode = form.cleaned_data['barcode']
            try:
                metabook = MetaBook.objects.get(barcode=barcode)
            except MetaBook.DoesNotExist: 
                initial = {
                    'barcode' : barcode,
                    'seller' : student_id,
                    'price' : price,
                    'edition' : '1',
                }
                form = NewBookForm(initial=initial)
                var_dict = {'form' : form}
                template = 'books/add_new_book.html'
                return rtr(template, var_dict, context_instance=RC(request))
            try:
                seller = User.objects.get(id=student_id)
            except User.DoesNotExist:
                seller = import_user(student_id)
                if seller == None:
                    message = "Invalid Student ID: %s" % student_id
                    return tidy_error(request, message)
            book = Book(price=price, status="F", metabook=metabook, seller=seller)
            book.save()
            Log(book=book, who=request.user, action='A').save()
            var_dict = {
                'title' : metabook.title,
                'book_id' : book.id
            }
            template = 'books/update_book/added.html'
            return rtr(template, var_dict, context_instance=RC(request))
        # the form isn't valid. send the user back.
        var_dict = {'form' : form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
    else:
        # the user is hitting the page for the first time
        form = BookForm()
        var_dict = {'form' : form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
Esempio n. 2
0
def add_book(request):
    """
    Tests:
        - GETTest
        - SecurityTest
    """
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    if request.method == "POST":
        form = BookForm(request.POST)
        if form.is_valid():
            student_id = form.cleaned_data['seller']
            price = form.cleaned_data['price']
            barcode = form.cleaned_data['barcode']
            try:
                metabook = MetaBook.objects.get(barcode=barcode)
            except MetaBook.DoesNotExist:
                initial = {
                    'barcode': barcode,
                    'seller': student_id,
                    'price': price,
                    'edition': '1',
                }
                form = NewBookForm(initial=initial)
                var_dict = {'form': form}
                template = 'books/add_new_book.html'
                return rtr(template, var_dict, context_instance=RC(request))
            try:
                seller = User.objects.get(id=student_id)
            except User.DoesNotExist:
                seller = import_user(student_id)
                if seller == None:
                    message = "Invalid Student ID: %s" % student_id
                    return tidy_error(request, message)
            book = Book(price=price,
                        status="F",
                        metabook=metabook,
                        seller=seller)
            book.save()
            Log(book=book, who=request.user, action='A').save()
            var_dict = {'title': metabook.title, 'book_id': book.id}
            template = 'books/update_book/added.html'
            return rtr(template, var_dict, context_instance=RC(request))
        # the form isn't valid. send the user back.
        var_dict = {'form': form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
    else:
        # the user is hitting the page for the first time
        form = BookForm()
        var_dict = {'form': form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
Esempio n. 3
0
def update_book_edit(request):
    """
    Applies changes to a book made on the edit page
    If the barcode doesn't exist,
    it makes the user create a MetaBook object as well
    
    Tests:
        - GETTest
        - SecurityTest
        - NotAllowedTest
    """
    if not request.method == "POST":
        t = loader.get_template('405.html')
        c = RC(request)
        return HttpResponseNotAllowed(t.render(c), ['POST'])
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    form = BookForm(request.POST)
    if form.is_valid():
        id_to_edit = request.POST.get('idToEdit')
        try:
            book = Book.objects.get(id=id_to_edit)
        except Book.DoesNotExist:
            message = 'Book with ref# "%s" does not exist' % id_to_edit
            return tidy_error(request, message)
        try:
            barcode = form.cleaned_data['barcode']
            book.metabook = MetaBook.objects.get(barcode=barcode)
        except MetaBook.DoesNotExist:
            # barcode doesn't exist in db, we have to create a metabook.
            initial = {
                'barcode': barcode,
                'seller' : form.cleaned_data['seller'],
                'price' : form.cleaned_data['price'],
                'book_id' : book.id,
                'edition' : '1',
            }
            form = NewBookForm(initial=initial)
            var_dict = {'form' : form}
            template = 'books/attach_book.html'
            return rtr(template, var_dict, context_instance=RC(request))
        try:
            seller_id = form.cleaned_data['seller']
            book.seller = User.objects.get(id=seller_id)
        except User.DoesNotExist:
            user = import_user(seller_id)
            if user == None:
                message = "Invalid Student ID: %s" % id_to_edit
                return tidy_error(request, message)
            book.seller = user
        book.price = form.cleaned_data['price']
        book.save()
        Log(who=request.user, action='E', book=book).save()
        var_dict = {'book' : book}
        template = 'books/update_book/edited.html'
        return rtr(template, var_dict, context_instance=RC(request))
            
    elif request.POST.get('idToEdit'):
        # form isn't valid, but we have an id to work with. send user back
        id_to_edit = request.POST.get('idToEdit')
        var_dict = {
            'form' : form,
            'too_many' : False,
            'id' : id_to_edit,
            'logs' : Log.objects.filter(book=id_to_edit),
        }
        template = 'books/update_book/edit.html'
        return rtr(template, var_dict, context_instance=RC(request))
Esempio n. 4
0
def update_book(request):
    """
    This view is used to update book data
    
    Tests:
        - GETTest
        - EmailTest
        - HoldGlitchTest
        - NotAllowedTest
    """
    if not request.method == "POST":
        t = loader.get_template('405.html')
        c = RC(request)
        return HttpResponseNotAllowed(t.render(c), ['POST'])
    bunch = Book.objects.none()
    action = request.POST.get("Action", '')

    # We need at least 1 thing to edit, otherwise bad things can happen
    # Since the keys have to be unique, the template appends a number to each idToEdit
    if not request.POST.has_key('idToEdit'):
        var_dict = {
            'message': "Didn't get any books to process",
        }
        t = loader.get_template('400.html')
        c = RC(request, var_dict)
        return HttpResponseBadRequest(t.render(c))
    # For each form key of idToEdit add its value to our list of items to process
    for value in request.POST.getlist('idToEdit'):
        bunch = bunch | Book.objects.filter(pk=int(value))

    if action == "Delete":
        bunch = bunch.exclude(status='D')
        for book in bunch:
            Log(action='D', book=book, who=request.user).save()
        var_dict = {'num_deleted': bunch.count()}
        bunch.update(status='D')
        template = 'books/update_book/deleted.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action[:1] == "To Be Deleted"[:1]:
        # apparently some browsers have issues passing spaces
        # can't do this for Deleted, Seller Paid, and Sold Books
        bunch = bunch.exclude(status__in='DPS')
        send_tbd_emails(bunch)
        for book in bunch:
            Log(action='T', book=book, who=request.user).save()
        var_dict = {
            'num_doomed': bunch.count(),
            'num_owners': len(set(map(lambda x: x.seller, bunch))),
        }
        bunch.update(status='T')
        template = 'books/update_book/to_be_deleted.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action == "Sold":
        # Allow only if For Sale or On Hold
        bunch = bunch.filter(status__in='FO')
        for book in bunch:
            Log(action='S', book=book, who=request.user).save()
        send_sold_emails(list(bunch))
        var_dict = {
            'sold': bunch.count(),
            'num_owners': len(set(map(lambda x: x.seller, bunch))),
        }
        bunch.update(status='S', sell_date=datetime.today())
        template = 'books/update_book/sold.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action[:5] == "Seller Paid"[:5]:
        # apparently some browsers have issues passing spaces
        # only staff can do this
        if not request.user.is_staff:
            bunch = Book.objects.none()
            # A Seller can be paid only after the book was sold
        else:
            bunch = bunch.filter(status='S')

        for book in bunch:
            Log(action='P', book=book, who=request.user).save()
        var_dict = {'paid': bunch.count()}
        bunch.update(status='P')
        template = 'books/update_book/seller_paid.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action == "Missing":
        # Must be For Sale, On Hold or To Be Deleted for it to go Missing
        bunch = bunch.filter(status__in='FOT')
        for book in bunch:
            Log(action='M', book=book, who=request.user).save()
        send_missing_emails(bunch)
        var_dict = {
            'num_owners': len(set(map(lambda x: x.seller, bunch))),
            'num_missing': bunch.count(),
        }
        bunch.update(status='M')
        template = 'books/update_book/missing.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action[:4] == "Place on Hold"[:4]:
        # apparently some browsers have issues passing spaces
        extended = bunch.filter(status='O', holder=request.user)
        new_hold = bunch.filter(status='F')
        failed = bunch.exclude(status__in='OF', holder=request.user)
        for book in new_hold:
            Log(action='O', book=book, who=request.user).save()
        for book in extended:
            Log(action='X', book=book, who=request.user).save()
        held = extended | new_hold
        var_dict = {
            'failed': failed,
            'extended': extended,
            'new_hold': new_hold,
            'num_held': held.count(),
            'total_price': sum(map(lambda x: x.price, held)),
        }
        extended.update(hold_date=datetime.today())
        new_hold.update(status='O',
                        hold_date=datetime.today(),
                        holder=request.user)
        template = 'books/update_book/place_hold.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action[:5] == "Remove Holds"[:5]:
        bunch = bunch.filter(status='O')
        if not request.user.is_staff: bunch = bunch.filter(holder=request.user)
        for book in bunch:
            Log(action='R', book=book, who=request.user).save()
        var_dict = {'removed': bunch.count()}
        bunch.update(status='F', hold_date=None, holder=None)
        template = 'books/update_book/remove_holds.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action == "Edit":
        if bunch.count() > 1: too_many = True
        else: too_many = False
        item = bunch[0]
        initial = {
            'seller': item.seller.id,
            'price': item.price,
            'barcode': item.metabook.barcode,
        }
        form = BookForm(initial=initial)
        logs = Log.objects.filter(book=item)
        var_dict = {
            'form': form,
            'too_many': too_many,
            'id': item.id,
            'logs': logs,
        }
        template = 'books/update_book/edit.html'
        return rtr(template, var_dict, context_instance=RC(request))
    elif action == "Undelete":
        # only staff can do this
        if not request.user.is_staff:
            bunch = Book.objects.none()

        # Filter out any books that aren't deleted
        bunch = bunch.filter(status='D')

        # For each book revert to what its previous status was before being deleted
        for book in bunch:
            book.status = book.previous_status()
            book.save()
            Log(action='U', book=book, who=request.user).save()
        var_dict = {'num_undeleted': bunch.count()}
        template = 'books/update_book/undeleted.html'
        return rtr(template, var_dict, context_instance=RC(request))

    else:
        var_dict = {'action': action}
        template = 'books/update_book/error.html'
        return rtr(template, var_dict, context_instance=RC(request))
Esempio n. 5
0
def update_book_edit(request):
    """
    Applies changes to a book made on the edit page
    If the barcode doesn't exist,
    it makes the user create a MetaBook object as well
    
    Tests:
        - GETTest
        - SecurityTest
        - NotAllowedTest
    """
    if not request.method == "POST":
        t = loader.get_template('405.html')
        c = RC(request)
        return HttpResponseNotAllowed(t.render(c), ['POST'])
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    form = BookForm(request.POST)
    if form.is_valid():
        id_to_edit = request.POST.get('idToEdit')
        try:
            book = Book.objects.get(id=id_to_edit)
        except Book.DoesNotExist:
            message = 'Book with ref# "%s" does not exist' % id_to_edit
            return tidy_error(request, message)
        try:
            barcode = form.cleaned_data['barcode']
            book.metabook = MetaBook.objects.get(barcode=barcode)
        except MetaBook.DoesNotExist:
            # barcode doesn't exist in db, we have to create a metabook.
            initial = {
                'barcode': barcode,
                'seller': form.cleaned_data['seller'],
                'price': form.cleaned_data['price'],
                'book_id': book.id,
                'edition': '1',
            }
            form = NewBookForm(initial=initial)
            var_dict = {'form': form}
            template = 'books/attach_book.html'
            return rtr(template, var_dict, context_instance=RC(request))
        try:
            seller_id = form.cleaned_data['seller']
            book.seller = User.objects.get(id=seller_id)
        except User.DoesNotExist:
            user = import_user(seller_id)
            if user == None:
                message = "Invalid Student ID: %s" % id_to_edit
                return tidy_error(request, message)
            book.seller = user
        book.price = form.cleaned_data['price']
        book.save()
        Log(who=request.user, action='E', book=book).save()
        var_dict = {'book': book}
        template = 'books/update_book/edited.html'
        return rtr(template, var_dict, context_instance=RC(request))

    elif request.POST.get('idToEdit'):
        # form isn't valid, but we have an id to work with. send user back
        id_to_edit = request.POST.get('idToEdit')
        var_dict = {
            'form': form,
            'too_many': False,
            'id': id_to_edit,
            'logs': Log.objects.filter(book=id_to_edit),
        }
        template = 'books/update_book/edit.html'
        return rtr(template, var_dict, context_instance=RC(request))