def metabook(request, metabook_id): """ Tests: - GETTest - SecurityTest """ if request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request, {}) return HttpResponseForbidden(t.render(c)) try: metabook = MetaBook.objects.get(id=metabook_id) except MetaBook.DoesNotExist: message = "Invalid MetaBook Ref #: %s" % metabook_id return tidy_error(request, message) var_dict = { 'metabook' : metabook, 'books' : Book.objects.filter(metabook=metabook).order_by('list_date'), } return rtr('books/reports/metabook.html', var_dict, context_instance=RC(request))
def metabook(request, metabook_id): """ Tests: - GETTest - SecurityTest """ if request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request, {}) return HttpResponseForbidden(t.render(c)) try: metabook = MetaBook.objects.get(id=metabook_id) except MetaBook.DoesNotExist: message = "Invalid MetaBook Ref #: %s" % metabook_id return tidy_error(request, message) var_dict = { 'metabook': metabook, 'books': Book.objects.filter(metabook=metabook).order_by('list_date'), } return rtr('books/reports/metabook.html', var_dict, context_instance=RC(request))
def user(request, user_id): """ Tests: - GETTest - SecurityTest """ if request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request, {}) return HttpResponseForbidden(t.render(c)) try: user_obj = User.objects.get(id=user_id) except User.DoesNotExist: user_obj = import_user(user_id) if user_obj == None: message = "Invalid Student ID: %s" % user_id return tidy_error(request, message) logs_of_books_for_sale = Log.objects.filter(book__seller=user_obj).filter(action='A') var_dict = { 'user_obj' : user_obj, 'logs' : Log.objects.filter(who=user_obj).order_by('when'), 'logs_of_books_for_sale' : logs_of_books_for_sale, } return rtr('books/reports/user.html', var_dict, context_instance=RC(request))
def add_new_book(request): """ Tests: - GETTest - AddNewBookTest - SecurityTest - NotAllowedTest """ if not request.method == 'POST': t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) if request.POST.get("Action", '') == 'Add': form = NewBookForm(request.POST) if form.is_valid(): # This came from the add_book view, and we need to # create a book and a metabook barcode = form.cleaned_data['barcode'] price = form.cleaned_data['price'] sid = form.cleaned_data['seller'] author = form.cleaned_data['author'] title = form.cleaned_data['title'] ed = form.cleaned_data['edition'] dept = form.cleaned_data['department'] course_num = form.cleaned_data['course_number'] metabook = MetaBook(barcode=barcode, author=author, title=title, edition=ed) metabook.save() goc = Course.objects.get_or_create course, created = goc(department=dept, number=course_num) metabook.courses.add(course) metabook.save() try: seller = User.objects.get(pk=sid) except User.DoesNotExist: seller = import_user(sid) if seller == None: message = "Invalid Student ID: %s" % sid return tidy_error(request, message) book = Book(seller=seller, price=Decimal(price), metabook=metabook) book.status = 'F' book.save() Log(book=book, who=request.user, action='A').save() var_dict = { 'title' : metabook.title, 'author' : metabook.author, 'seller_name' : seller.get_full_name(), 'book_id' : book.id, } template = 'books/update_book/added.html' return rtr(template, var_dict, context_instance=RC(request)) var_dict = {'form' : form} template = 'books/add_new_book.html' return rtr(template, var_dict, context_instance=RC(request))
def user(request, user_id): """ Tests: - GETTest - SecurityTest """ if request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request, {}) return HttpResponseForbidden(t.render(c)) try: user_obj = User.objects.get(id=user_id) except User.DoesNotExist: user_obj = import_user(user_id) if user_obj == None: message = "Invalid Student ID: %s" % user_id return tidy_error(request, message) logs_of_books_for_sale = Log.objects.filter(book__seller=user_obj).filter( action='A') var_dict = { 'user_obj': user_obj, 'logs': Log.objects.filter(who=user_obj).order_by('when'), 'logs_of_books_for_sale': logs_of_books_for_sale, } return rtr('books/reports/user.html', var_dict, context_instance=RC(request))
def add_book(request): """ Tests: - GETTest - SecurityTest """ # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) if request.method == "POST": form = BookForm(request.POST) if form.is_valid(): student_id = form.cleaned_data['seller'] price = form.cleaned_data['price'] barcode = form.cleaned_data['barcode'] try: metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: initial = { 'barcode' : barcode, 'seller' : student_id, 'price' : price, 'edition' : '1', } form = NewBookForm(initial=initial) var_dict = {'form' : form} template = 'books/add_new_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller = User.objects.get(id=student_id) except User.DoesNotExist: seller = import_user(student_id) if seller == None: message = "Invalid Student ID: %s" % student_id return tidy_error(request, message) book = Book(price=price, status="F", metabook=metabook, seller=seller) book.save() Log(book=book, who=request.user, action='A').save() var_dict = { 'title' : metabook.title, 'book_id' : book.id } template = 'books/update_book/added.html' return rtr(template, var_dict, context_instance=RC(request)) # the form isn't valid. send the user back. var_dict = {'form' : form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request)) else: # the user is hitting the page for the first time form = BookForm() var_dict = {'form' : form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request))
def add_book(request): """ Tests: - GETTest - SecurityTest """ # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) if request.method == "POST": form = BookForm(request.POST) if form.is_valid(): student_id = form.cleaned_data['seller'] price = form.cleaned_data['price'] barcode = form.cleaned_data['barcode'] try: metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: initial = { 'barcode': barcode, 'seller': student_id, 'price': price, 'edition': '1', } form = NewBookForm(initial=initial) var_dict = {'form': form} template = 'books/add_new_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller = User.objects.get(id=student_id) except User.DoesNotExist: seller = import_user(student_id) if seller == None: message = "Invalid Student ID: %s" % student_id return tidy_error(request, message) book = Book(price=price, status="F", metabook=metabook, seller=seller) book.save() Log(book=book, who=request.user, action='A').save() var_dict = {'title': metabook.title, 'book_id': book.id} template = 'books/update_book/added.html' return rtr(template, var_dict, context_instance=RC(request)) # the form isn't valid. send the user back. var_dict = {'form': form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request)) else: # the user is hitting the page for the first time form = BookForm() var_dict = {'form': form} template = 'books/add_book.html' return rtr(template, var_dict, context_instance=RC(request))
def save_setting(request): """ Applies changes to an AppSetting on the edit page Tests: """ if not request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) form = SettingForm(request.POST) if form.is_valid(): id_to_edit = request.POST.get('IdToEdit') try: setting = AppSetting.objects.get(id=id_to_edit) except AppSetting.DoesNotExist: message = 'Application Setting with ref# "%s" does not exist' % id_to_edit return tidy_error(request, message) setting.name = form.cleaned_data['name'] setting.value = form.cleaned_data['value'] setting.description = form.cleaned_data['description'] setting.save() var_dict = {'appsetting': setting} template = 'appsettings/update/edited.html' return rtr(template, var_dict, context_instance=RC(request)) elif request.POST.get('IdToEdit'): # form isn't valid, but we have an id to work with. send user back id_to_edit = request.POST.get('IdToEdit') var_dict = { 'form': form, # 'too_many' : False, 'id': id_to_edit, # 'logs' : Log.objects.filter(setting=id_to_edit), } template = 'appsettings/update/edit.html' return rtr(template, var_dict, context_instance=RC(request))
def save_setting(request): """ Applies changes to an AppSetting on the edit page Tests: """ if not request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) form = SettingForm(request.POST) if form.is_valid(): id_to_edit = request.POST.get('IdToEdit') try: setting = AppSetting.objects.get(id=id_to_edit) except AppSetting.DoesNotExist: message = 'Application Setting with ref# "%s" does not exist' % id_to_edit return tidy_error(request, message) setting.name = form.cleaned_data['name'] setting.value = form.cleaned_data['value'] setting.description = form.cleaned_data['description'] setting.save() var_dict = { 'appsetting' : setting } template = 'appsettings/update/edited.html' return rtr(template, var_dict, context_instance=RC(request)) elif request.POST.get('IdToEdit'): # form isn't valid, but we have an id to work with. send user back id_to_edit = request.POST.get('IdToEdit') var_dict = { 'form' : form, # 'too_many' : False, 'id' : id_to_edit, # 'logs' : Log.objects.filter(setting=id_to_edit), } template = 'appsettings/update/edit.html' return rtr(template, var_dict, context_instance=RC(request))
def update_staff(request): """ Tests: GETTest """ if not request.method == 'POST': t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) student_id = request.POST.get("student_id", '') action = request.POST.get('Action') # Delete User if action == "Delete" and student_id: # Delete single try: user = User.objects.get(id = student_id) user.is_superuser = False user.is_staff = False user.save() var_dict = { 'num_deleted' : 1 } template = 'books/update_staff/deleted.html' return rtr(template, var_dict, context_instance=RC(request)) except User.DoesNotExist: return tidy_error(request, "Invalid Student ID: %s" % student_id) elif action == "Delete": # Delete multiple try: num_deleted = 0 for key, value in request.POST.items(): if "idToEdit" in key: user = User.objects.get(id = value) user.is_superuser = False user.is_staff = False user.save() num_deleted += 1 var_dict = { 'num_deleted' : num_deleted } template = 'books/update_staff/deleted.html' return rtr(template, var_dict, context_instance=RC(request)) except User.DoesNotExist: if num_deleted == 1: p = ' was' else: p = 's were' message = "Only %d user%s" % (num_deleted, p) + \ "deleted because %s is an invalid student ID" % value return tidy_error(request, message) elif action == "Save": try: user = User.objects.get(id = student_id) except User.DoesNotExist: twupass_backend = TWUPassBackend() user = twupass_backend.import_user(student_id) if user == None: return tidy_error(request, "Invalid Student ID: %s" % student_id) if request.POST.get("role", '') == 'admin': user.is_superuser = True user.is_staff = True elif request.POST.get("role", '') == 'staff': user.is_staff = True user.save() var_dict = { 'user_name' : user.get_full_name(), 'administrator': user.is_superuser } template = 'books/update_staff/saved.html' return rtr(template, var_dict, context_instance=RC(request))
def my_books(request): """ Displays books the user has on hold and is selling, sorts by search box, filters, calculates total prices Tests: GETTest """ #gets users books selling = Book.objects.filter(seller = request.user) holding = Book.objects.filter(holder = request.user) priceHold = 0 priceSell = 0 searched = False #calculate totals for book for book in holding: priceHold = book.price + priceHold for book in selling: priceSell = book.price + priceSell # Filter for the search box if request.GET.has_key("filter") and request.GET.has_key("field"): # only run the filter if the GET args are there selling = book_filter(request.GET["filter"] , request.GET["field"], selling) holding = book_filter(request.GET["filter"] , request.GET["field"], holding) searched = True # Sorts results by request elif request.GET.has_key("sort_by") and request.GET.has_key("dir"): holding = book_sort(request.GET["sort_by"], request.GET["dir"]) holding = holding.filter(holder = request.user) elif request.GET.has_key("sort_with") and request.GET.has_key("dir"): selling = book_sort(request.GET["sort_with"], request.GET["dir"]) selling = selling.filter(seller = request.user) var_dict = { 'sellP' : selling, 'holdP' : holding, 'priceH' : priceHold, 'priceS' : priceSell, 'field' : request.GET.get('field', 'any_field'), 'filter_text' : request.GET.get('filter', ''), 'search' : searched } template = 'books/my_books.html' return rtr(template, var_dict, context_instance=RC(request)) # Save New User if action == "Save": role = request.POST.get("role", '') try: user = User.objects.get(id = student_id) except User.DoesNotExist: user = import_user(student_id) if user == None: message = "Invalid Student ID: %s" % student_id return tidy_error(request, message) if request.POST.get("role", '') == "Administrator": user.is_superuser = True user.is_staff = True user.save() else: user.is_superuser = False user.is_staff = True user.save() var_dict = { 'user_name' : user.get_full_name(), 'administrator' : user.is_superuser, } template = 'books/update_staff/saved.html' return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request): """ Applies changes to a book made on the edit page If the barcode doesn't exist, it makes the user create a MetaBook object as well Tests: - GETTest - SecurityTest - NotAllowedTest """ if not request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) form = BookForm(request.POST) if form.is_valid(): id_to_edit = request.POST.get('idToEdit') try: book = Book.objects.get(id=id_to_edit) except Book.DoesNotExist: message = 'Book with ref# "%s" does not exist' % id_to_edit return tidy_error(request, message) try: barcode = form.cleaned_data['barcode'] book.metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: # barcode doesn't exist in db, we have to create a metabook. initial = { 'barcode': barcode, 'seller' : form.cleaned_data['seller'], 'price' : form.cleaned_data['price'], 'book_id' : book.id, 'edition' : '1', } form = NewBookForm(initial=initial) var_dict = {'form' : form} template = 'books/attach_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller_id = form.cleaned_data['seller'] book.seller = User.objects.get(id=seller_id) except User.DoesNotExist: user = import_user(seller_id) if user == None: message = "Invalid Student ID: %s" % id_to_edit return tidy_error(request, message) book.seller = user book.price = form.cleaned_data['price'] book.save() Log(who=request.user, action='E', book=book).save() var_dict = {'book' : book} template = 'books/update_book/edited.html' return rtr(template, var_dict, context_instance=RC(request)) elif request.POST.get('idToEdit'): # form isn't valid, but we have an id to work with. send user back id_to_edit = request.POST.get('idToEdit') var_dict = { 'form' : form, 'too_many' : False, 'id' : id_to_edit, 'logs' : Log.objects.filter(book=id_to_edit), } template = 'books/update_book/edit.html' return rtr(template, var_dict, context_instance=RC(request))
def add_new_book(request): """ Tests: - GETTest - AddNewBookTest - SecurityTest - NotAllowedTest """ if not request.method == 'POST': t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) if request.POST.get("Action", '') == 'Add': form = NewBookForm(request.POST) if form.is_valid(): # This came from the add_book view, and we need to # create a book and a metabook barcode = form.cleaned_data['barcode'] price = form.cleaned_data['price'] sid = form.cleaned_data['seller'] author = form.cleaned_data['author'] title = form.cleaned_data['title'] ed = form.cleaned_data['edition'] dept = form.cleaned_data['department'] course_num = form.cleaned_data['course_number'] metabook = MetaBook(barcode=barcode, author=author, title=title, edition=ed) metabook.save() goc = Course.objects.get_or_create course, created = goc(department=dept, number=course_num) metabook.courses.add(course) metabook.save() try: seller = User.objects.get(pk=sid) except User.DoesNotExist: seller = import_user(sid) if seller == None: message = "Invalid Student ID: %s" % sid return tidy_error(request, message) book = Book(seller=seller, price=Decimal(price), metabook=metabook) book.status = 'F' book.save() Log(book=book, who=request.user, action='A').save() var_dict = { 'title': metabook.title, 'author': metabook.author, 'seller_name': seller.get_full_name(), 'book_id': book.id, } template = 'books/update_book/added.html' return rtr(template, var_dict, context_instance=RC(request)) var_dict = {'form': form} template = 'books/add_new_book.html' return rtr(template, var_dict, context_instance=RC(request))
def my_books(request): """ Displays books the user has on hold and is selling, sorts by search box, filters, calculates total prices Tests: GETTest """ #gets users books selling = Book.objects.filter(seller=request.user) holding = Book.objects.filter(holder=request.user) priceHold = 0 priceSell = 0 searched = False #calculate totals for book for book in holding: priceHold = book.price + priceHold for book in selling: priceSell = book.price + priceSell # Filter for the search box if request.GET.has_key("filter") and request.GET.has_key("field"): # only run the filter if the GET args are there selling = book_filter(request.GET["filter"], request.GET["field"], selling) holding = book_filter(request.GET["filter"], request.GET["field"], holding) searched = True # Sorts results by request elif request.GET.has_key("sort_by") and request.GET.has_key("dir"): holding = book_sort(request.GET["sort_by"], request.GET["dir"]) holding = holding.filter(holder=request.user) elif request.GET.has_key("sort_with") and request.GET.has_key("dir"): selling = book_sort(request.GET["sort_with"], request.GET["dir"]) selling = selling.filter(seller=request.user) var_dict = { 'sellP': selling, 'holdP': holding, 'priceH': priceHold, 'priceS': priceSell, 'field': request.GET.get('field', 'any_field'), 'filter_text': request.GET.get('filter', ''), 'search': searched } template = 'books/my_books.html' return rtr(template, var_dict, context_instance=RC(request)) # Save New User if action == "Save": role = request.POST.get("role", '') try: user = User.objects.get(id=student_id) except User.DoesNotExist: user = import_user(student_id) if user == None: message = "Invalid Student ID: %s" % student_id return tidy_error(request, message) if request.POST.get("role", '') == "Administrator": user.is_superuser = True user.is_staff = True user.save() else: user.is_superuser = False user.is_staff = True user.save() var_dict = { 'user_name': user.get_full_name(), 'administrator': user.is_superuser, } template = 'books/update_staff/saved.html' return rtr(template, var_dict, context_instance=RC(request))
def update_book_edit(request): """ Applies changes to a book made on the edit page If the barcode doesn't exist, it makes the user create a MetaBook object as well Tests: - GETTest - SecurityTest - NotAllowedTest """ if not request.method == "POST": t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) # User must be staff or admin to get to this page if not request.user.is_staff: t = loader.get_template('403.html') c = RC(request) return HttpResponseForbidden(t.render(c)) form = BookForm(request.POST) if form.is_valid(): id_to_edit = request.POST.get('idToEdit') try: book = Book.objects.get(id=id_to_edit) except Book.DoesNotExist: message = 'Book with ref# "%s" does not exist' % id_to_edit return tidy_error(request, message) try: barcode = form.cleaned_data['barcode'] book.metabook = MetaBook.objects.get(barcode=barcode) except MetaBook.DoesNotExist: # barcode doesn't exist in db, we have to create a metabook. initial = { 'barcode': barcode, 'seller': form.cleaned_data['seller'], 'price': form.cleaned_data['price'], 'book_id': book.id, 'edition': '1', } form = NewBookForm(initial=initial) var_dict = {'form': form} template = 'books/attach_book.html' return rtr(template, var_dict, context_instance=RC(request)) try: seller_id = form.cleaned_data['seller'] book.seller = User.objects.get(id=seller_id) except User.DoesNotExist: user = import_user(seller_id) if user == None: message = "Invalid Student ID: %s" % id_to_edit return tidy_error(request, message) book.seller = user book.price = form.cleaned_data['price'] book.save() Log(who=request.user, action='E', book=book).save() var_dict = {'book': book} template = 'books/update_book/edited.html' return rtr(template, var_dict, context_instance=RC(request)) elif request.POST.get('idToEdit'): # form isn't valid, but we have an id to work with. send user back id_to_edit = request.POST.get('idToEdit') var_dict = { 'form': form, 'too_many': False, 'id': id_to_edit, 'logs': Log.objects.filter(book=id_to_edit), } template = 'books/update_book/edit.html' return rtr(template, var_dict, context_instance=RC(request))
def update_staff(request): """ Tests: GETTest """ if not request.method == 'POST': t = loader.get_template('405.html') c = RC(request) return HttpResponseNotAllowed(t.render(c), ['POST']) student_id = request.POST.get("student_id", '') action = request.POST.get('Action') # Delete User if action == "Delete" and student_id: # Delete single try: user = User.objects.get(id=student_id) user.is_superuser = False user.is_staff = False user.save() var_dict = {'num_deleted': 1} template = 'books/update_staff/deleted.html' return rtr(template, var_dict, context_instance=RC(request)) except User.DoesNotExist: return tidy_error(request, "Invalid Student ID: %s" % student_id) elif action == "Delete": # Delete multiple try: num_deleted = 0 for key, value in request.POST.items(): if "idToEdit" in key: user = User.objects.get(id=value) user.is_superuser = False user.is_staff = False user.save() num_deleted += 1 var_dict = {'num_deleted': num_deleted} template = 'books/update_staff/deleted.html' return rtr(template, var_dict, context_instance=RC(request)) except User.DoesNotExist: if num_deleted == 1: p = ' was' else: p = 's were' message = "Only %d user%s" % (num_deleted, p) + \ "deleted because %s is an invalid student ID" % value return tidy_error(request, message) elif action == "Save": try: user = User.objects.get(id=student_id) except User.DoesNotExist: twupass_backend = TWUPassBackend() user = twupass_backend.import_user(student_id) if user == None: return tidy_error(request, "Invalid Student ID: %s" % student_id) user.email = request.POST.get("email", '') if request.POST.get("role", '') == 'admin': user.is_superuser = True user.is_staff = True elif request.POST.get("role", '') == 'staff': user.is_staff = True user.save() var_dict = { 'user_name': user.get_full_name(), 'administrator': user.is_superuser } template = 'books/update_staff/saved.html' return rtr(template, var_dict, context_instance=RC(request))