Exemplo n.º 1
0
def add_book(request):
    """
    Tests:
        - GETTest
        - SecurityTest
    """
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    if request.method == "POST":
        form = BookForm(request.POST)
        if form.is_valid():
            student_id = form.cleaned_data['seller']
            price = form.cleaned_data['price']
            barcode = form.cleaned_data['barcode']
            try:
                metabook = MetaBook.objects.get(barcode=barcode)
            except MetaBook.DoesNotExist: 
                initial = {
                    'barcode' : barcode,
                    'seller' : student_id,
                    'price' : price,
                    'edition' : '1',
                }
                form = NewBookForm(initial=initial)
                var_dict = {'form' : form}
                template = 'books/add_new_book.html'
                return rtr(template, var_dict, context_instance=RC(request))
            try:
                seller = User.objects.get(id=student_id)
            except User.DoesNotExist:
                seller = import_user(student_id)
                if seller == None:
                    message = "Invalid Student ID: %s" % student_id
                    return tidy_error(request, message)
            book = Book(price=price, status="F", metabook=metabook, seller=seller)
            book.save()
            Log(book=book, who=request.user, action='A').save()
            var_dict = {
                'title' : metabook.title,
                'book_id' : book.id
            }
            template = 'books/update_book/added.html'
            return rtr(template, var_dict, context_instance=RC(request))
        # the form isn't valid. send the user back.
        var_dict = {'form' : form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
    else:
        # the user is hitting the page for the first time
        form = BookForm()
        var_dict = {'form' : form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
Exemplo n.º 2
0
def add_book(request):
    """
    Tests:
        - GETTest
        - SecurityTest
    """
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    if request.method == "POST":
        form = BookForm(request.POST)
        if form.is_valid():
            student_id = form.cleaned_data['seller']
            price = form.cleaned_data['price']
            barcode = form.cleaned_data['barcode']
            try:
                metabook = MetaBook.objects.get(barcode=barcode)
            except MetaBook.DoesNotExist:
                initial = {
                    'barcode': barcode,
                    'seller': student_id,
                    'price': price,
                    'edition': '1',
                }
                form = NewBookForm(initial=initial)
                var_dict = {'form': form}
                template = 'books/add_new_book.html'
                return rtr(template, var_dict, context_instance=RC(request))
            try:
                seller = User.objects.get(id=student_id)
            except User.DoesNotExist:
                seller = import_user(student_id)
                if seller == None:
                    message = "Invalid Student ID: %s" % student_id
                    return tidy_error(request, message)
            book = Book(price=price,
                        status="F",
                        metabook=metabook,
                        seller=seller)
            book.save()
            Log(book=book, who=request.user, action='A').save()
            var_dict = {'title': metabook.title, 'book_id': book.id}
            template = 'books/update_book/added.html'
            return rtr(template, var_dict, context_instance=RC(request))
        # the form isn't valid. send the user back.
        var_dict = {'form': form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
    else:
        # the user is hitting the page for the first time
        form = BookForm()
        var_dict = {'form': form}
        template = 'books/add_book.html'
        return rtr(template, var_dict, context_instance=RC(request))
Exemplo n.º 3
0
def update_book_edit(request):
    """
    Applies changes to a book made on the edit page
    If the barcode doesn't exist,
    it makes the user create a MetaBook object as well
    
    Tests:
        - GETTest
        - SecurityTest
        - NotAllowedTest
    """
    if not request.method == "POST":
        t = loader.get_template('405.html')
        c = RC(request)
        return HttpResponseNotAllowed(t.render(c), ['POST'])
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    form = BookForm(request.POST)
    if form.is_valid():
        id_to_edit = request.POST.get('idToEdit')
        try:
            book = Book.objects.get(id=id_to_edit)
        except Book.DoesNotExist:
            message = 'Book with ref# "%s" does not exist' % id_to_edit
            return tidy_error(request, message)
        try:
            barcode = form.cleaned_data['barcode']
            book.metabook = MetaBook.objects.get(barcode=barcode)
        except MetaBook.DoesNotExist:
            # barcode doesn't exist in db, we have to create a metabook.
            initial = {
                'barcode': barcode,
                'seller' : form.cleaned_data['seller'],
                'price' : form.cleaned_data['price'],
                'book_id' : book.id,
                'edition' : '1',
            }
            form = NewBookForm(initial=initial)
            var_dict = {'form' : form}
            template = 'books/attach_book.html'
            return rtr(template, var_dict, context_instance=RC(request))
        try:
            seller_id = form.cleaned_data['seller']
            book.seller = User.objects.get(id=seller_id)
        except User.DoesNotExist:
            user = import_user(seller_id)
            if user == None:
                message = "Invalid Student ID: %s" % id_to_edit
                return tidy_error(request, message)
            book.seller = user
        book.price = form.cleaned_data['price']
        book.save()
        Log(who=request.user, action='E', book=book).save()
        var_dict = {'book' : book}
        template = 'books/update_book/edited.html'
        return rtr(template, var_dict, context_instance=RC(request))
            
    elif request.POST.get('idToEdit'):
        # form isn't valid, but we have an id to work with. send user back
        id_to_edit = request.POST.get('idToEdit')
        var_dict = {
            'form' : form,
            'too_many' : False,
            'id' : id_to_edit,
            'logs' : Log.objects.filter(book=id_to_edit),
        }
        template = 'books/update_book/edit.html'
        return rtr(template, var_dict, context_instance=RC(request))
Exemplo n.º 4
0
def update_book_edit(request):
    """
    Applies changes to a book made on the edit page
    If the barcode doesn't exist,
    it makes the user create a MetaBook object as well
    
    Tests:
        - GETTest
        - SecurityTest
        - NotAllowedTest
    """
    if not request.method == "POST":
        t = loader.get_template('405.html')
        c = RC(request)
        return HttpResponseNotAllowed(t.render(c), ['POST'])
    # User must be staff or admin to get to this page
    if not request.user.is_staff:
        t = loader.get_template('403.html')
        c = RC(request)
        return HttpResponseForbidden(t.render(c))
    form = BookForm(request.POST)
    if form.is_valid():
        id_to_edit = request.POST.get('idToEdit')
        try:
            book = Book.objects.get(id=id_to_edit)
        except Book.DoesNotExist:
            message = 'Book with ref# "%s" does not exist' % id_to_edit
            return tidy_error(request, message)
        try:
            barcode = form.cleaned_data['barcode']
            book.metabook = MetaBook.objects.get(barcode=barcode)
        except MetaBook.DoesNotExist:
            # barcode doesn't exist in db, we have to create a metabook.
            initial = {
                'barcode': barcode,
                'seller': form.cleaned_data['seller'],
                'price': form.cleaned_data['price'],
                'book_id': book.id,
                'edition': '1',
            }
            form = NewBookForm(initial=initial)
            var_dict = {'form': form}
            template = 'books/attach_book.html'
            return rtr(template, var_dict, context_instance=RC(request))
        try:
            seller_id = form.cleaned_data['seller']
            book.seller = User.objects.get(id=seller_id)
        except User.DoesNotExist:
            user = import_user(seller_id)
            if user == None:
                message = "Invalid Student ID: %s" % id_to_edit
                return tidy_error(request, message)
            book.seller = user
        book.price = form.cleaned_data['price']
        book.save()
        Log(who=request.user, action='E', book=book).save()
        var_dict = {'book': book}
        template = 'books/update_book/edited.html'
        return rtr(template, var_dict, context_instance=RC(request))

    elif request.POST.get('idToEdit'):
        # form isn't valid, but we have an id to work with. send user back
        id_to_edit = request.POST.get('idToEdit')
        var_dict = {
            'form': form,
            'too_many': False,
            'id': id_to_edit,
            'logs': Log.objects.filter(book=id_to_edit),
        }
        template = 'books/update_book/edit.html'
        return rtr(template, var_dict, context_instance=RC(request))