def add_book(request):
"""
Tests:
- GETTest
- SecurityTest
"""
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.method == "POST":
form = BookForm(request.POST)
if form.is_valid():
student_id = form.cleaned_data['seller']
price = form.cleaned_data['price']
barcode = form.cleaned_data['barcode']
try:
metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
initial = {
'barcode' : barcode,
'seller' : student_id,
'price' : price,
'edition' : '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form' : form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller = User.objects.get(id=student_id)
except User.DoesNotExist:
seller = import_user(student_id)
if seller == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
book = Book(price=price, status="F", metabook=metabook, seller=seller)
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {
'title' : metabook.title,
'book_id' : book.id
}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
# the form isn't valid. send the user back.
var_dict = {'form' : form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
else:
# the user is hitting the page for the first time
form = BookForm()
var_dict = {'form' : form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def add_book(request):
"""
Tests:
- GETTest
- SecurityTest
"""
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
if request.method == "POST":
form = BookForm(request.POST)
if form.is_valid():
student_id = form.cleaned_data['seller']
price = form.cleaned_data['price']
barcode = form.cleaned_data['barcode']
try:
metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
initial = {
'barcode': barcode,
'seller': student_id,
'price': price,
'edition': '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form': form}
template = 'books/add_new_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller = User.objects.get(id=student_id)
except User.DoesNotExist:
seller = import_user(student_id)
if seller == None:
message = "Invalid Student ID: %s" % student_id
return tidy_error(request, message)
book = Book(price=price,
status="F",
metabook=metabook,
seller=seller)
book.save()
Log(book=book, who=request.user, action='A').save()
var_dict = {'title': metabook.title, 'book_id': book.id}
template = 'books/update_book/added.html'
return rtr(template, var_dict, context_instance=RC(request))
# the form isn't valid. send the user back.
var_dict = {'form': form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
else:
# the user is hitting the page for the first time
form = BookForm()
var_dict = {'form': form}
template = 'books/add_book.html'
return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request):
"""
Applies changes to a book made on the edit page
If the barcode doesn't exist,
it makes the user create a MetaBook object as well
Tests:
- GETTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
form = BookForm(request.POST)
if form.is_valid():
id_to_edit = request.POST.get('idToEdit')
try:
book = Book.objects.get(id=id_to_edit)
except Book.DoesNotExist:
message = 'Book with ref# "%s" does not exist' % id_to_edit
return tidy_error(request, message)
try:
barcode = form.cleaned_data['barcode']
book.metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
# barcode doesn't exist in db, we have to create a metabook.
initial = {
'barcode': barcode,
'seller' : form.cleaned_data['seller'],
'price' : form.cleaned_data['price'],
'book_id' : book.id,
'edition' : '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form' : form}
template = 'books/attach_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller_id = form.cleaned_data['seller']
book.seller = User.objects.get(id=seller_id)
except User.DoesNotExist:
user = import_user(seller_id)
if user == None:
message = "Invalid Student ID: %s" % id_to_edit
return tidy_error(request, message)
book.seller = user
book.price = form.cleaned_data['price']
book.save()
Log(who=request.user, action='E', book=book).save()
var_dict = {'book' : book}
template = 'books/update_book/edited.html'
return rtr(template, var_dict, context_instance=RC(request))
elif request.POST.get('idToEdit'):
# form isn't valid, but we have an id to work with. send user back
id_to_edit = request.POST.get('idToEdit')
var_dict = {
'form' : form,
'too_many' : False,
'id' : id_to_edit,
'logs' : Log.objects.filter(book=id_to_edit),
}
template = 'books/update_book/edit.html'
return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request):
"""
Applies changes to a book made on the edit page
If the barcode doesn't exist,
it makes the user create a MetaBook object as well
Tests:
- GETTest
- SecurityTest
- NotAllowedTest
"""
if not request.method == "POST":
t = loader.get_template('405.html')
c = RC(request)
return HttpResponseNotAllowed(t.render(c), ['POST'])
# User must be staff or admin to get to this page
if not request.user.is_staff:
t = loader.get_template('403.html')
c = RC(request)
return HttpResponseForbidden(t.render(c))
form = BookForm(request.POST)
if form.is_valid():
id_to_edit = request.POST.get('idToEdit')
try:
book = Book.objects.get(id=id_to_edit)
except Book.DoesNotExist:
message = 'Book with ref# "%s" does not exist' % id_to_edit
return tidy_error(request, message)
try:
barcode = form.cleaned_data['barcode']
book.metabook = MetaBook.objects.get(barcode=barcode)
except MetaBook.DoesNotExist:
# barcode doesn't exist in db, we have to create a metabook.
initial = {
'barcode': barcode,
'seller': form.cleaned_data['seller'],
'price': form.cleaned_data['price'],
'book_id': book.id,
'edition': '1',
}
form = NewBookForm(initial=initial)
var_dict = {'form': form}
template = 'books/attach_book.html'
return rtr(template, var_dict, context_instance=RC(request))
try:
seller_id = form.cleaned_data['seller']
book.seller = User.objects.get(id=seller_id)
except User.DoesNotExist:
user = import_user(seller_id)
if user == None:
message = "Invalid Student ID: %s" % id_to_edit
return tidy_error(request, message)
book.seller = user
book.price = form.cleaned_data['price']
book.save()
Log(who=request.user, action='E', book=book).save()
var_dict = {'book': book}
template = 'books/update_book/edited.html'
return rtr(template, var_dict, context_instance=RC(request))
elif request.POST.get('idToEdit'):
# form isn't valid, but we have an id to work with. send user back
id_to_edit = request.POST.get('idToEdit')
var_dict = {
'form': form,
'too_many': False,
'id': id_to_edit,
'logs': Log.objects.filter(book=id_to_edit),
}
template = 'books/update_book/edit.html'
return rtr(template, var_dict, context_instance=RC(request))
