def add_book(request): """ Tests: - GETTest - SecurityTest """ # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) if request.method == "POST": form = BookForm(request.POST) if form.is_valid(): student_id = form.cleaned_data['seller'] price = form.cleaned_data['price'] barcode = form.cleaned_data['barcode'] try: metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: initial = { 'barcode' : barcode, 'seller' : student_id, 'price' : price, 'edition' : '1', } form = NewBookForm(initial=initial) var_dict = {'form' : form} template = 'books/add_new_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller = User.objects.get(id=student_id) except User.DoesNotExist: seller = import_user(student_id) if seller == None: message = "Invalid Student ID: %s" % student_id return tidy_error(request, message) book = Book(price=price, status="F", metabook=metabook, seller=seller) book.save() Log(book=book, who=request.user, action='A').save() var_dict = { 'title' : metabook.title, 'book_id' : book.id } template = 'books/update_book/added.html' return rtr(template, var_dict, context_instance=RC(request)) # the form isn't valid. send the user back. var_dict = {'form' : form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request)) else: # the user is hitting the page for the first time form = BookForm() var_dict = {'form' : form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request))
def add_book(request): """ Tests: - GETTest - SecurityTest """ # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) if request.method == "POST": form = BookForm(request.POST) if form.is_valid(): student_id = form.cleaned_data['seller'] price = form.cleaned_data['price'] barcode = form.cleaned_data['barcode'] try: metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: initial = { 'barcode': barcode, 'seller': student_id, 'price': price, 'edition': '1', } form = NewBookForm(initial=initial) var_dict = {'form': form} template = 'books/add_new_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller = User.objects.get(id=student_id) except User.DoesNotExist: seller = import_user(student_id) if seller == None: message = "Invalid Student ID: %s" % student_id return tidy_error(request, message) book = Book(price=price, status="F", metabook=metabook, seller=seller) book.save() Log(book=book, who=request.user, action='A').save() var_dict = {'title': metabook.title, 'book_id': book.id} template = 'books/update_book/added.html' return rtr(template, var_dict, context_instance=RC(request)) # the form isn't valid. send the user back. var_dict = {'form': form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request)) else: # the user is hitting the page for the first time form = BookForm() var_dict = {'form': form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request): """ Applies changes to a book made on the edit page If the barcode doesn't exist, it makes the user create a MetaBook object as well Tests: - GETTest - SecurityTest - NotAllowedTest """ if not request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) form = BookForm(request.POST) if form.is_valid(): id_to_edit = request.POST.get('idToEdit') try: book = Book.objects.get(id=id_to_edit) except Book.DoesNotExist: message = 'Book with ref# "%s" does not exist' % id_to_edit return tidy_error(request, message) try: barcode = form.cleaned_data['barcode'] book.metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: # barcode doesn't exist in db, we have to create a metabook. initial = { 'barcode': barcode, 'seller' : form.cleaned_data['seller'], 'price' : form.cleaned_data['price'], 'book_id' : book.id, 'edition' : '1', } form = NewBookForm(initial=initial) var_dict = {'form' : form} template = 'books/attach_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller_id = form.cleaned_data['seller'] book.seller = User.objects.get(id=seller_id) except User.DoesNotExist: user = import_user(seller_id) if user == None: message = "Invalid Student ID: %s" % id_to_edit return tidy_error(request, message) book.seller = user book.price = form.cleaned_data['price'] book.save() Log(who=request.user, action='E', book=book).save() var_dict = {'book' : book} template = 'books/update_book/edited.html' return rtr(template, var_dict, context_instance=RC(request)) elif request.POST.get('idToEdit'): # form isn't valid, but we have an id to work with. send user back id_to_edit = request.POST.get('idToEdit') var_dict = { 'form' : form, 'too_many' : False, 'id' : id_to_edit, 'logs' : Log.objects.filter(book=id_to_edit), } template = 'books/update_book/edit.html' return rtr(template, var_dict, context_instance=RC(request))
def update_book(request): """ This view is used to update book data Tests: - GETTest - EmailTest - HoldGlitchTest - NotAllowedTest """ if not request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) bunch = Book.objects.none() action = request.POST.get("Action", '') # We need at least 1 thing to edit, otherwise bad things can happen # Since the keys have to be unique, the template appends a number to each idToEdit if not request.POST.has_key('idToEdit'): var_dict = { 'message': "Didn't get any books to process", } t = loader.get_template('400.html') c = RC(request, var_dict) return HttpResponseBadRequest(t.render(c)) # For each form key of idToEdit add its value to our list of items to process for value in request.POST.getlist('idToEdit'): bunch = bunch | Book.objects.filter(pk=int(value)) if action == "Delete": bunch = bunch.exclude(status='D') for book in bunch: Log(action='D', book=book, who=request.user).save() var_dict = {'num_deleted': bunch.count()} bunch.update(status='D') template = 'books/update_book/deleted.html' return rtr(template, var_dict, context_instance=RC(request)) elif action[:1] == "To Be Deleted"[:1]: # apparently some browsers have issues passing spaces # can't do this for Deleted, Seller Paid, and Sold Books bunch = bunch.exclude(status__in='DPS') send_tbd_emails(bunch) for book in bunch: Log(action='T', book=book, who=request.user).save() var_dict = { 'num_doomed': bunch.count(), 'num_owners': len(set(map(lambda x: x.seller, bunch))), } bunch.update(status='T') template = 'books/update_book/to_be_deleted.html' return rtr(template, var_dict, context_instance=RC(request)) elif action == "Sold": # Allow only if For Sale or On Hold bunch = bunch.filter(status__in='FO') for book in bunch: Log(action='S', book=book, who=request.user).save() send_sold_emails(list(bunch)) var_dict = { 'sold': bunch.count(), 'num_owners': len(set(map(lambda x: x.seller, bunch))), } bunch.update(status='S', sell_date=datetime.today()) template = 'books/update_book/sold.html' return rtr(template, var_dict, context_instance=RC(request)) elif action[:5] == "Seller Paid"[:5]: # apparently some browsers have issues passing spaces # only staff can do this if not request.user.is_staff: bunch = Book.objects.none() # A Seller can be paid only after the book was sold else: bunch = bunch.filter(status='S') for book in bunch: Log(action='P', book=book, who=request.user).save() var_dict = {'paid': bunch.count()} bunch.update(status='P') template = 'books/update_book/seller_paid.html' return rtr(template, var_dict, context_instance=RC(request)) elif action == "Missing": # Must be For Sale, On Hold or To Be Deleted for it to go Missing bunch = bunch.filter(status__in='FOT') for book in bunch: Log(action='M', book=book, who=request.user).save() send_missing_emails(bunch) var_dict = { 'num_owners': len(set(map(lambda x: x.seller, bunch))), 'num_missing': bunch.count(), } bunch.update(status='M') template = 'books/update_book/missing.html' return rtr(template, var_dict, context_instance=RC(request)) elif action[:4] == "Place on Hold"[:4]: # apparently some browsers have issues passing spaces extended = bunch.filter(status='O', holder=request.user) new_hold = bunch.filter(status='F') failed = bunch.exclude(status__in='OF', holder=request.user) for book in new_hold: Log(action='O', book=book, who=request.user).save() for book in extended: Log(action='X', book=book, who=request.user).save() held = extended | new_hold var_dict = { 'failed': failed, 'extended': extended, 'new_hold': new_hold, 'num_held': held.count(), 'total_price': sum(map(lambda x: x.price, held)), } extended.update(hold_date=datetime.today()) new_hold.update(status='O', hold_date=datetime.today(), holder=request.user) template = 'books/update_book/place_hold.html' return rtr(template, var_dict, context_instance=RC(request)) elif action[:5] == "Remove Holds"[:5]: bunch = bunch.filter(status='O') if not request.user.is_staff: bunch = bunch.filter(holder=request.user) for book in bunch: Log(action='R', book=book, who=request.user).save() var_dict = {'removed': bunch.count()} bunch.update(status='F', hold_date=None, holder=None) template = 'books/update_book/remove_holds.html' return rtr(template, var_dict, context_instance=RC(request)) elif action == "Edit": if bunch.count() > 1: too_many = True else: too_many = False item = bunch[0] initial = { 'seller': item.seller.id, 'price': item.price, 'barcode': item.metabook.barcode, } form = BookForm(initial=initial) logs = Log.objects.filter(book=item) var_dict = { 'form': form, 'too_many': too_many, 'id': item.id, 'logs': logs, } template = 'books/update_book/edit.html' return rtr(template, var_dict, context_instance=RC(request)) elif action == "Undelete": # only staff can do this if not request.user.is_staff: bunch = Book.objects.none() # Filter out any books that aren't deleted bunch = bunch.filter(status='D') # For each book revert to what its previous status was before being deleted for book in bunch: book.status = book.previous_status() book.save() Log(action='U', book=book, who=request.user).save() var_dict = {'num_undeleted': bunch.count()} template = 'books/update_book/undeleted.html' return rtr(template, var_dict, context_instance=RC(request)) else: var_dict = {'action': action} template = 'books/update_book/error.html' return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request): """ Applies changes to a book made on the edit page If the barcode doesn't exist, it makes the user create a MetaBook object as well Tests: - GETTest - SecurityTest - NotAllowedTest """ if not request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) form = BookForm(request.POST) if form.is_valid(): id_to_edit = request.POST.get('idToEdit') try: book = Book.objects.get(id=id_to_edit) except Book.DoesNotExist: message = 'Book with ref# "%s" does not exist' % id_to_edit return tidy_error(request, message) try: barcode = form.cleaned_data['barcode'] book.metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: # barcode doesn't exist in db, we have to create a metabook. initial = { 'barcode': barcode, 'seller': form.cleaned_data['seller'], 'price': form.cleaned_data['price'], 'book_id': book.id, 'edition': '1', } form = NewBookForm(initial=initial) var_dict = {'form': form} template = 'books/attach_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller_id = form.cleaned_data['seller'] book.seller = User.objects.get(id=seller_id) except User.DoesNotExist: user = import_user(seller_id) if user == None: message = "Invalid Student ID: %s" % id_to_edit return tidy_error(request, message) book.seller = user book.price = form.cleaned_data['price'] book.save() Log(who=request.user, action='E', book=book).save() var_dict = {'book': book} template = 'books/update_book/edited.html' return rtr(template, var_dict, context_instance=RC(request)) elif request.POST.get('idToEdit'): # form isn't valid, but we have an id to work with. send user back id_to_edit = request.POST.get('idToEdit') var_dict = { 'form': form, 'too_many': False, 'id': id_to_edit, 'logs': Log.objects.filter(book=id_to_edit), } template = 'books/update_book/edit.html' return rtr(template, var_dict, context_instance=RC(request))