Exemplo n.º 1
0
def edit_update(request, project_id = None, update_id = None):
    '''
    Renders a form to edit an existing update. Very similar to post_update. Must
    consider wrapping up the two in a single generic view.
    '''
    # Check whether the project exists and if so store it in `project`
    if project_id is None or update_id is None:
        raise Http404
    try:
        project = Project.objects.get(pk = int(project_id))
    except Project.DoesNotExist:
        raise Http404

    # Check whether the update exists and if so store it in `update`
    try:
        update = Update.objects.get(pk = int(update_id))
    except Update.DoesNotExist:
        raise Http404
    if update.project != project:
        raise Http404 # Permission denied

    # Check whether the current user has the necessary permissions
    user = request.user
    if not project.has_edit_permission(user):
        raise Http404 # Permission denied


    # Create a fresh form, pre-filled with the existing data
    if ( update.internal ):
        form = InternalUpdateForm(instance = update)
    else:
        form = ExternalUpdateForm(instance = update)
    
    # If the form has been submitted
    if request.method == 'POST':
        # Fill the form with post data
        if ( update.internal ):
            form = InternalUpdateForm(request.POST, request.FILES, instance = update)
        else:
            form = ExternalUpdateForm(request.POST, request.FILES, instance = update)
        if form.is_valid():
            if project != form.cleaned_data['project']:
                # What the hell? How did the project change even though it was a hidden field? Someone's tampering! Permission denied!
                raise Http404
            # Save the form if it is valid
            form.save()
            # Redirect to the project details page
            return HttpResponseRedirect(project.get_absolute_url())
    
    # Otherwise render the form
    context = {
        'project' : project,
        'form' : form,
    }
    return render_to_response('projects/update_form.html', context, context_instance = RequestContext(request))
Exemplo n.º 2
0
def post_update(request, project_id = None, internal = False):
    '''
    Create a new update. Consists of a description and evidence in the form of
    a file.
    Only a project representative can do this.
    '''
    
    # Check whether the project exists and if so store it in `project`
    if project_id is None:
        raise Http404
    try:
        project = Project.objects.get(pk = int(project_id))
    except Project.DoesNotExist:
        raise Http404
    
    # Check whether the current user has the necessary permissions
    user = request.user
    if not project.has_edit_permission(user):
        raise Http404 # Permission denied
    
    # Create a fresh form, pre-filled with the (hidden) project parameter
    if ( internal ):
        form = InternalUpdateForm(initial = { 'internal' : True , 'project' : project,})
    else:
        form = ExternalUpdateForm(initial = { 'internal' : False, 'project' : project,} )
    print form 
    # If the form has been submitted
    if request.method == 'POST':
        # Fill the form with post data
        if ( internal ):
            form = InternalUpdateForm(request.POST, request.FILES)
        else:
            form = ExternalUpdateForm(request.POST, request.FILES)
        if form.is_valid():
            if project != form.cleaned_data['project']:
                # What the hell? How did the project change even though it was a hidden field? Someone's tampering! Permission denied!
                raise Http404
            # Save the form if it is valid
            form.save()
            # Redirect to the project details page
            return HttpResponseRedirect(project.get_absolute_url())
    
    # Otherwise, render the new form
    context = {
        'project' : project,
        'form' : form,
    } 
    return render_to_response('projects/update_form.html', context, context_instance = RequestContext(request))