def discussion_callback(request): # TODO: Add csrf_token support to protect from cross-site exploits # assuming GET means get comments; POST means add a new one if request.method == u'GET': get_data = request.GET if get_data.has_key('last_update'): comments = "" comment_array = [] last_update = get_data['last_update'] if get_data.has_key('piece_id'): piece_id = get_data['piece_id'] # only return the queryset of objects for this piece newer than # the last id (sent from AJAX callback). This assumes a sequential # addition of comments, incrementing the id every time comments = DCComment.objects.filter( piece = DCPiece.objects.get(piece_id=piece_id), id__gt = last_update ) else: # if no piece_id was included, return everything comments = DCComment.objects.filter(id__gt = last_update) for comment in comments.values(): display_time = comment['time'].strftime("%d/%m/%y %H:%M") current_piece = DCPiece.objects.get(id=comment['piece_id']) comment_array.append({ 'id' : u"{}".format(comment['id']), 'text' : u"{}".format(comment['text']), 'display_time' : u"{}".format(display_time), 'author' : u"{}".format( User.objects.get(id=comment['author_id'])), 'piece_id' : u"{}".format(current_piece.piece_id) }) return JsonResponse(comment_array) else: return HttpResponseServerError("Missing critical GET attributes") # If accessed using a POST, assume we are adding a new discussion elif request.method == u'POST': post_data = request.POST if post_data.has_key('piece_id') and post_data.has_key('text'): piece = DCPiece.objects.get(piece_id=post_data['piece_id']) comment = DCComment(author = request.user, piece = piece,text = post_data['text']) comment.save() return HttpResponse("OK!") else: return HttpResponseServerError("Missing critical POST attributes")
def post(self, request, *args, **kwargs): piece_id = request.DATA.get('piece_id', None) comment_text = request.DATA.get('text', None) piece_obj = get_object_or_404(DCPiece, piece_id=piece_id) if comment_text not in EMPTY_COMMENTS: current_user = User.objects.get(pk=request.user.id) comment = DCComment() comment.piece = piece_obj comment.author = current_user comment.text = comment_text comment.save() serialized = DCCommentSerializer(comment).data return Response(serialized, status=status.HTTP_201_CREATED) else: return Response(status=status.HTTP_204_NO_CONTENT)