def get_api_keys(request, app_id): app = get_object_or_404(Application, pk=app_id) if app.applicant != request.user or not request.is_ajax(): raise PermissionDenied if request.method == "POST": error_list = [] key_id = request.POST.get("key_id", 0) key_vcode = request.POST.get("vcode", "") if not key_id or not key_vcode: error_list.append("You must provide both Key ID and vCode!") else: try: key_id = int(key_id) except ValueError: error_list.append("The Key ID is invalid (not an integer)!") api_key = MemberAPIKey(keyid=key_id, vcode=key_vcode, user=request.user) api_key.validate() if not api_key.validation_error: return HttpResponse() else: error_list.append(api_key.validation_error) api_key.delete() if error_list: error_text = "" for x in error_list: error_text += "%s<br />" % x return HttpResponse(error_text, status=400) else: return TemplateResponse(request, "api_widget.html", {"application": app})