def edit_player_info(request, player_id):
player = get_object_or_404(Player, pk=player_id)
user = request.user
if not user.is_superuser and (not user.player or user.player.pk != player.pk):
return HttpResponse('Unauthorized', status=401)
player_form = PlayerForm(instance=player)
if request.method == 'POST':
player_form = PlayerForm(request.POST, instance=player)
if player_form.is_valid():
player = player_form.save(commit=False)
player.leaguemembership_set.filter(league__signup_allowed=True, league__is_active=True).delete()
for league_id in request.POST.getlist('leagues'):
league = League.objects.get(pk=league_id)
player.register_for_league(league)
player.save()
return HttpResponseRedirect(reverse('basketball:player-info', args=[player.pk]))
context = {'player_form': player_form, 'player': player}
return render(request, 'basketball/edit_player.html', context)
