views.py 25 KB
Newer Older
1
2
# standard library imports
from __future__ import absolute_import, print_function
3
import random
4
from distutils.util import strtobool
5
6
from operator import attrgetter
from itertools import chain
7
# core django imports
Daniel W Bond's avatar
Daniel W Bond committed
8
from django.shortcuts import get_object_or_404
9
from django.http import HttpResponseForbidden, HttpResponseRedirect
10
11
from django.views.generic import (CreateView, ListView, DetailView, UpdateView,
                                  FormView, DeleteView)
12
from django.core.urlresolvers import reverse
13
14
from django.contrib import messages
from django.utils.safestring import mark_safe
15
from django.forms.widgets import HiddenInput
16
# third party imports
17
from braces.views import LoginRequiredMixin, FormValidMessageMixin
18
from cas.views import login as cas_login
19
from ratelimit.decorators import ratelimit
20
# imports from your apps
Daniel W Bond's avatar
Daniel W Bond committed
21
22
from .models import Student, Major, Confirmation
from housing.models import Building, Floor, Room
23
24
from .forms import (StudentUpdateForm, WelcomeNameForm, WelcomePrivacyForm,
                    WelcomeSocialForm)
25

Daniel W Bond's avatar
Daniel W Bond committed
26

27
28
settings_redirect = """You've already finished the welcome walkthrough.
                       Your user settings can now be changed here on this page."""
29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#########

bug_reporting = """Welcome back to SRCT Roomlist. This project is the
                   <a href="https://srct.gmu.edu/projects/">collaborative work
                   of students like you</a>. If you see anything amiss, or have ideas for
                   features or a better user experience, please send an email to
                   roomlist@lists.srct.gmu.edu, tweet
                   <a href="https://twitter.com/MasonSRCT/">@MasonSRCT</a>, or, for the
                   more technically experienced, review our
                   <a href="https://git.gmu.edu/srct/roomlist/issues">issues page</a>."""

privacy_reminder = """Welcome back to SRCT Roomlist. A friendly reminder you can change
                      your privacy settings at any time on your settings page by
                      clicking the cog in the upper right of your screen."""

disclaimer = """Welcome back to SRCT Roomlist. Just to be perfectly clear, this project
                is provided as a service by the
                <a href="https://gmu.collegiatelink.net/organization/srct">registered
                student organization</a>
                <a href="https://srct.gmu.edu/">Student-Run Computing and Technology</a>.
                We are not a part of <a href="http://housing.gmu.edu/">Mason Housing</a>:
                all information is voluntarily provided by participating students."""

whatsopen_plug = """Welcome back to SRCT Roomlist. Wondering what's open at this hour?
                    Check out another one of our
                    <a href="https://srct.gmu.edu/projects/">student-built and hosted</a>
                    projects: <a href="https://whatsopen.gmu.edu/">whatsopen.gmu.edu</a>."""

open_source = """Welcome back to SRCT Roomlist. For the curious at heart,
                 <a href="http://www.gnu.org/philosophy/free-sw.en.html">you can always
                 review</a> this project's
                 <a href="https://git.gmu.edu/srct/roomlist/tree/master">source code</a>.
                 Come <a href="https://srct.gmu.edu/">to a meeting</a> and learn how to
                 contribute!"""

return_messages = [bug_reporting, privacy_reminder, disclaimer, whatsopen_plug, open_source]

67
68
69
70

def custom_cas_login(request, *args, **kwargs):
    response = cas_login(request, *args, **kwargs)
    # returns HttpResponseRedirect
71

72
73
    if request.user.is_authenticated():

74
75
76
77
78
79
80
81
82
83
84
85
86
87
        if not request.user.student.totally_done():

            if not request.user.student.completedName:
                return HttpResponseRedirect(reverse('welcomeName',
                                            kwargs={'slug':request.user.username}))
            elif not request.user.student.completedPrivacy:
                return HttpResponseRedirect(reverse('welcomePrivacy',
                                            kwargs={'slug':request.user.username}))
            elif not request.user.student.completedMajor:
                return HttpResponseRedirect(reverse('welcomeMajor',
                                            kwargs={'slug':request.user.username}))
            elif not request.user.completedSocial:
                return HttpResponseRedirect(reverse('welcomeSocial',
                                            kwargs={'slug':request.user.username}))
88
89
90
        else:
            welcome_back = random.choice(return_messages)
            messages.add_message(request, messages.INFO, mark_safe(welcome_back))
91
92
93
94

    return response


95
96
def on_the_same_floor(student, confirmer):
    if student == confirmer:
97
        # Student is confirmer
98
99
100
101
102
        return False
    student_floor = student.get_floor()
    confirmer_floor = confirmer.get_floor()
    # room hasn't been set yet
    if (student_floor is None) or (confirmer_floor is None):
103
        # one Student is None
104
105
        return False
    elif not(student_floor == confirmer_floor):
106
        # not the same floor
107
108
109
110
111
        return False
    else:
        return True


112
113
114
115
116
117
def pk_or_none(me, obj):
    if obj is None:
        return None
    else:
        return obj.pk

118

119
120
121
# details about the student
class DetailStudent(LoginRequiredMixin, DetailView):
    model = Student
122
123
124
125
    context_object_name = 'student'
    template_name = 'detailStudent.html'

    login_url = 'login'
Daniel W Bond's avatar
Daniel W Bond committed
126
127
128
129

    def get_context_data(self, **kwargs):
        context = super(DetailStudent, self).get_context_data(**kwargs)

130
        requesting_student = Student.objects.get(user=self.request.user)
Daniel W Bond's avatar
Daniel W Bond committed
131

132
133
134
135
136
        same_floor = on_the_same_floor(self.get_object(), requesting_student)

        flags = Confirmation.objects.filter(confirmer=requesting_student,
                                            student=self.get_object()).count()

Daniel W Bond's avatar
Daniel W Bond committed
137
138
139
140
141
        if flags:
            try:
                my_flag = Confirmation.objects.get(confirmer=requesting_student,
                                                   student=self.get_object())
            except Exception as e:
142
143
                print("Students are not supposed to be able to make more than one flag per student.")
                print(e)
144

Daniel W Bond's avatar
Daniel W Bond committed
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
        def onFloor():
            floor_status = False
            if requesting_student.get_floor() == self.get_object().get_floor():
                floor_status = True
            return floor_status

        def inBuilding():
            floor_status = False
            if requesting_student.get_building() == self.get_object().get_building():
                floor_status = True
            return floor_status

        def shares():
            student_shares = False
            # if the student's privacy is floor and the requesting user is on their floor
            if(self.get_object().privacy == 'floor') and onFloor():
                student_shares = True
Daniel W Bond's avatar
Daniel W Bond committed
162
163
            # if the student's privacy is building and the requesting users is
            # on their floor or in their building
Daniel W Bond's avatar
Daniel W Bond committed
164
165
166
167
168
169
            elif(self.get_object().privacy == 'building') and inBuilding():
                student_shares = True
            # if the student's privacy is set to 'student'
            elif(self.get_object().privacy == 'students'):
                student_shares = True
            return student_shares
Daniel W Bond's avatar
Daniel W Bond committed
170

Daniel W Bond's avatar
Daniel W Bond committed
171
        context['shares'] = shares()
172
173
        context['same_floor'] = same_floor
        context['has_flagged'] = bool(flags)
Daniel W Bond's avatar
Daniel W Bond committed
174
175
        if flags:
            context['my_flag'] = my_flag
Daniel W Bond's avatar
Daniel W Bond committed
176
177
        return context

Daniel W Bond's avatar
Daniel W Bond committed
178

179
class DetailCurrentStudent(LoginRequiredMixin, DetailView):
180
181
182
183
184
    model = Student
    context_object_name = 'student'
    template_name = 'detailStudent.html'

    login_url = 'login'
185
186
187
188

    def get_object(self):
        return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])

Daniel W Bond's avatar
Daniel W Bond committed
189

190
191
192
# changeable student settings
class DetailStudentSettings(LoginRequiredMixin, DetailView):
    model = Student
193
194
195
196
    context_object_name = 'student'
    template_name = 'studentSettings.html'

    login_url = 'login'
197

Daniel W Bond's avatar
Daniel W Bond committed
198

199
class DetailCurrentStudentSettings(LoginRequiredMixin, DetailView):
200
    model = Student
201
202
203
204
    context_object_name = 'student'
    template_name = 'studentSettings.html'

    login_url = 'login'
205
206
207

    def get_object(self):
        return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])
Daniel W Bond's avatar
Daniel W Bond committed
208

209
# update a student, but FormView to allow name update on same page
210
class UpdateStudent(LoginRequiredMixin, FormValidMessageMixin, FormView):
211
    template_name = 'updateStudent.html'
212
    form_class = StudentUpdateForm
213
214
    login_url = 'login'

215
216
    form_valid_message = "Your profile was successfully updated!"

217
218
219
220
221
222
223
224
225
226
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(UpdateStudent, self).get(request, *args, **kwargs)

227
228
229
230
231
232
    def get_context_data(self, **kwargs):
        context = super(UpdateStudent, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = StudentUpdateForm(initial={'first_name': me.user.first_name,
233
234
                                          'last_name': me.user.last_name,
                                          'gender': me.gender,
235
                                          'show_gender': me.show_gender,
236
237
238
                                          'room': pk_or_none(me, me.room),
                                          'privacy': me.privacy,
                                          'major': pk_or_none(me, me.major),
239
240
                                          'graduating_year': me.graduating_year,
                                          'on_campus': me.on_campus, })
241

242
        if me.recent_changes() > 2:
243
            form.fields['room'].widget = HiddenInput()
244
245
            form.fields['privacy'].widget = HiddenInput()
            form.fields['on_campus'].widget = HiddenInput()
246
247
        else:
            form.fields['room'].widget.user = self.request.user
248

249
250
251
252
253
        # bootstrap
        form.fields['first_name'].widget.attrs['class'] = 'form-control'
        form.fields['last_name'].widget.attrs['class'] = 'form-control'
        form.fields['graduating_year'].widget.attrs['class'] = 'form-control'

254
        context['my_form'] = form
Daniel W Bond's avatar
Daniel W Bond committed
255

256
257
        return context

Daniel W Bond's avatar
Daniel W Bond committed
258
259
260
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
261
262
        #for key, value in request.POST.iteritems():
            #print(key, value)
Daniel W Bond's avatar
Daniel W Bond committed
263
264
        return super(UpdateStudent, self).post(request, *args, **kwargs)

265
266
267
    def form_valid(self, form):
        me = Student.objects.get(user=self.request.user)

268
        #print("In form valid method!")
Daniel W Bond's avatar
Daniel W Bond committed
269

270
271
        #for key, value in form.data.iteritems():
            #print(key, value)
Daniel W Bond's avatar
Daniel W Bond committed
272

273
        current_room = me.room
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

        # if you somehow got around the hidden widget, you're still outta luck
        if me.recent_changes() > 2:
            form_room = current_room
        else:
            try:
                form_room = Room.objects.get(pk=form.data['room'])
            except:
                form_room = None

        # casts to an integer, 0 or 1
        on_campus = strtobool(form.data.get('on_campus', 'True'))

        # no room if you move off campus
        if not on_campus:
289
290
            form_room = None

291
        # note this is after the 'on campus' check
292
293
        if current_room != form_room:
            me.times_changed_room += 1
294
            Confirmation.objects.filter(student=me).delete()
295

296
        me.on_campus = on_campus
297
298
299
300
301
302
303
        me.room = form_room

        try:
            me.major = Major.objects.get(pk=form.data['major'])
        except:
            me.major = None

304
305
306
        me.user.first_name = form.data['first_name']
        me.user.last_name = form.data['last_name']
        me.gender = form.data.getlist('gender')
307
        me.show_gender = strtobool(form.data.get('show_gender', 'False'))
308
        me.privacy = form.data['privacy']
309
310
        me.graduating_year = form.data['graduating_year']

311
312
313
314
315
316
        me.user.save()
        me.save()

        return super(UpdateStudent, self).form_valid(form)

    def get_success_url(self):
317
318
319
320
321

        if self.request.user.student.recent_changes() == 2:

            messages.add_message(self.request, messages.WARNING, 'To safeguard everyone\'s privacy, you have just one remaining room change for the semester before you\'ll need to send us an email at roomlist@lists.srct.gmu.edu.')

322
323
        return reverse('detail_student',
                       kwargs={'slug':self.request.user.username})
324

325

326
327
# welcome pages
class WelcomeName(LoginRequiredMixin, FormView):
328
    template_name = 'welcome_name.html'
329
330
331
    form_class = WelcomeNameForm
    login_url = 'login'

332
333
334
335
336
337
338
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
339
340
341
342
        elif self.request.user.student.totally_done():
            messages.add_message(request, messages.INFO, settings_redirect)
            return reverse('updateStudent',
                           kwargs={'slug':self.request.user.username})
343
344
345
        else:
            return super(WelcomeName, self).get(request, *args, **kwargs)

346
347


Daniel W Bond's avatar
Daniel W Bond committed
348
349
350
351
352
353
354
    def get_context_data(self, **kwargs):
        context = super(WelcomeName, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = WelcomeNameForm(initial={'first_name': me.user.first_name,
                                        'last_name': me.user.last_name,
355
356
                                        'gender': me.gender,
                                        'show_gender': me.show_gender, })
357
358
359
360

        form.fields['first_name'].widget.attrs['class'] = 'form-control'
        form.fields['last_name'].widget.attrs['class'] = 'form-control'

Daniel W Bond's avatar
Daniel W Bond committed
361
362
        context['my_form'] = form
        return context
363

364
365
366
367
368
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeName, self).post(request, *args, **kwargs)

369
    def form_valid(self, form):
Daniel W Bond's avatar
Daniel W Bond committed
370
        me = Student.objects.get(user=self.request.user)
371

Daniel W Bond's avatar
Daniel W Bond committed
372
373
374
375
        me.user.first_name = form.data['first_name']
        me.user.last_name = form.data['last_name']

        me.gender = form.data.getlist('gender')
376
        me.show_gender = strtobool(form.data.get('show_gender', 'False'))
Daniel W Bond's avatar
Daniel W Bond committed
377
378
379
380
381

        me.completedName = True

        me.user.save()
        me.save()
382
383
384

        return super(WelcomeName, self).form_valid(form)

385
386
387
388
    def get_success_url(self):
        return reverse('welcomePrivacy',
                       kwargs={'slug':self.request.user.username})

389
390
391

class WelcomePrivacy(LoginRequiredMixin, UpdateView):
    model = Student
Daniel W Bond's avatar
Daniel W Bond committed
392
    form_class = WelcomePrivacyForm
393
    context_object_name = 'student'
394
    template_name = 'welcome_privacy.html'
395
396
397

    login_url = 'login'

398
399
400
401
402
403
404
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
405
406
407
408
        elif self.request.user.student.totally_done():
            messages.add_message(request, messages.INFO, settings_redirect)
            return reverse('updateStudent',
                           kwargs={'slug':self.request.user.username})
409
410
411
        else:
            return super(WelcomePrivacy, self).get(request, *args, **kwargs)

412
413
414
415
416
417
418
419
420
    def get_context_data(self, **kwargs):
        context = super(WelcomePrivacy, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = WelcomePrivacyForm()

        form.fields['room'].widget.user = self.request.user

421
422
        form.fields['on_campus'].initial = self.request.user.student.on_campus

423
424
425
426
427
428
429
430
431
        context['my_form'] = form

        return context

    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomePrivacy, self).post(request, *args, **kwargs)

Daniel W Bond's avatar
Daniel W Bond committed
432
433
    def form_valid(self, form):
        me = self.get_object()
434

Daniel W Bond's avatar
Daniel W Bond committed
435
        current_room = me.room
436

437
438
439
440
441
442
443
444
445
446
447
448
449
450
        # if you somehow got around the hidden widget, you're still outta luck
        if me.recent_changes() > 2:
            form_room = current_room
        else:
            try:
                form_room = Room.objects.get(pk=form.data['room'])
            except:
                form_room = None

        # casts to an integer, 0 or 1
        on_campus = strtobool(form.data.get('on_campus', 'True'))

        # no room if you move off campus
        if not on_campus:
Daniel W Bond's avatar
Daniel W Bond committed
451
            form_room = None
452

Daniel W Bond's avatar
Daniel W Bond committed
453
454
        if current_room != form_room:
            form.instance.times_changed_room += 1
455
            Confirmation.objects.filter(student=me).delete()
456

Daniel W Bond's avatar
Daniel W Bond committed
457
        form.instance.completedPrivacy = True
458

459
460
461
        form.instance.on_campus = on_campus
        form.instance.room = form_room

462
463
        return super(WelcomePrivacy, self).form_valid(form)

464
465
466
467
    def get_success_url(self):
        return reverse('welcomeMajor',
                       kwargs={'slug':self.request.user.username})

468
469
470

class WelcomeMajor(LoginRequiredMixin, UpdateView):
    model = Student
471
    fields = ['major', 'graduating_year', ]
472
    context_object_name = 'student'
473
    template_name = 'welcome_major.html'
474
475
476

    login_url = 'login'

477
478
479
480
481
482
483
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
484
485
486
487
        elif self.request.user.student.totally_done():
            messages.add_message(request, messages.INFO, settings_redirect)
            return reverse('updateStudent',
                           kwargs={'slug':self.request.user.username})
488
489
490
        else:
            return super(WelcomeMajor, self).get(request, *args, **kwargs)

491
492
493
494
495
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeMajor, self).post(request, *args, **kwargs)

496
497
    def form_valid(self, form):

Daniel W Bond's avatar
Daniel W Bond committed
498
        form.instance.completedMajor = True
499
500
501

        return super(WelcomeMajor, self).form_valid(form)

502
503
504
505
    def get_success_url(self):
        return reverse('welcomeSocial',
                       kwargs={'slug':self.request.user.username})

506

507
class WelcomeSocial(LoginRequiredMixin, UpdateView):
508
    model = Student
Daniel W Bond's avatar
Daniel W Bond committed
509
    form_class = WelcomeSocialForm
510
    context_object_name = 'student'
511
    template_name = 'welcome_social.html'
512
513
    login_url = 'login'

514
515
516
517
518
519
520
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
521
522
523
524
        elif self.request.user.student.totally_done():
            messages.add_message(request, messages.INFO, settings_redirect)
            return reverse('updateStudent',
                           kwargs={'slug':self.request.user.username})
525
526
527
        else:
            return super(WelcomeSocial, self).get(request, *args, **kwargs)

528
529
530
531
532
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeSocial, self).post(request, *args, **kwargs)

533
534
    def form_valid(self, form):

Daniel W Bond's avatar
Daniel W Bond committed
535
        form.instance.completedSocial = True
536
537
538

        return super(WelcomeSocial, self).form_valid(form)

539
    def get_success_url(self):
540
541
542
543
544

        if self.request.user.student.totally_done():
            messages.add_message(self.request, messages.SUCCESS,
                                 "You successfully finished the welcome walkthrough!")

545
546
547
        return reverse('detail_student',
                       kwargs={'slug':self.request.user.username})

548
549

# majors pages
Daniel W Bond's avatar
Daniel W Bond committed
550
551
552
553
554
555
class ListMajors(LoginRequiredMixin, ListView):
    model = Major
    queryset = Major.objects.all().order_by('name')
    context_object_name = 'majors'
    template_name = 'list_majors.html'

556
557
558
559
560
561
562
563
564
565
566
567
    login_url = 'login'


class DetailMajor(LoginRequiredMixin, DetailView):
    model = Major
    context_object_name = 'major'
    template_name = 'detail_major.html'

    login_url = 'login'

    def get_context_data(self, **kwargs):
        context = super(DetailMajor, self).get_context_data(**kwargs)
568
        requesting_student = Student.objects.get(user=self.request.user)
569

570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
	# retrieve every room that has a student with the major in question
	neighbourhoods = ("aq", "ra", "sh")
	visible_by_neighbourhood = {}
	for neighbourhood in neighbourhoods:
	    rooms = [
		room
		for room in Room.objects.filter(floor__building__neighbourhood=neighbourhood)
		if room.student_set.filter(major=self.get_object())
	    ]

	    # identify if the student(s) in that room are visible to the requesting student
	    # 'chain' is necessary if there are multiple students in one room with the same major
	    #
	    # we sort each of the lists of students by their username
	    # as elsewhere, this is imperfect if a student changes their display name
	    # this is necessary as a separate step because .visible returns a list type
	    # note we're using '.' instead of '__', because who likes syntactical consistency
	    visible_by_neighbourhood[neighbourhood] = sorted(list(chain(*[
		Student.objects.visible(requesting_student, room)
		for room in rooms
	    ])), key=attrgetter('user.username'))
591

592
        # print(visible_by_neighbourhood)
593

594
595
596
597
598
599
600
601
602
        # see what students are left over (aren't visible)
        hidden = set(Student.objects.filter(major=self.get_object()).order_by('user__username'))
        # print(hidden)
	for visible in visible_by_neighbourhood.values():
            # print('visible', visible)
	    hidden = hidden.difference(set(visible))
            # print(hidden)

	for neighbourhood, visible in visible_by_neighbourhood.iteritems():
603
	    context['%s_location_visible' % neighbourhood] = visible
604
        context['location_hidden'] = hidden
605
606

        return context
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655


class CreateConfirmation(LoginRequiredMixin, CreateView):
    model = Confirmation
    fields = []
    template_name = 'create_confirmation.html'

    login_url = 'login'

    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        # [u'', u'accounts', u'student', u'gmason', u'flag', u'']
        url_uname = current_url.split('/')[3]

        confirmer = Student.objects.get(user=self.request.user)
        student = Student.objects.get(slug=url_uname)

        flags = Confirmation.objects.filter(confirmer=confirmer,
                                            student=student).count()

        # you can't flag yourself
        if confirmer == student:
            return HttpResponseForbidden()

        # check that the confirmer is on the floor of the student
        if not on_the_same_floor(student, confirmer):
            return HttpResponseForbidden()

        # check if the confirmer has already flagged the student
        if flags >= 1:
            return HttpResponseForbidden()

        return super(CreateConfirmation, self).get(request, *args, **kwargs)


    def get_context_data(self, **kwargs):
        context = super(CreateConfirmation, self).get_context_data(**kwargs)

        # duplicated code
        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        student = Student.objects.get(slug=url_uname)

        context['student'] = student

        return context

656
657
658
659
660
    @ratelimit(key='user', rate='10/m', method='POST', block=True)
    @ratelimit(key='user', rate='50/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(CreateConfirmation, self).post(request, *args, **kwargs)

661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
    def form_valid(self, form):

        # duplicated code
        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        confirmer = Student.objects.get(user=self.request.user)
        student = Student.objects.get(slug=url_uname)

        form.instance.confirmer = confirmer
        form.instance.student = student

        return super(CreateConfirmation, self).form_valid(form)

    def get_success_url(self):
        # redirect to the flagged student page when saving
        return reverse('detail_student',
                       kwargs={'slug':self.object.student.slug})


class DeleteConfirmation(LoginRequiredMixin, DeleteView):
    model = Confirmation
Daniel W Bond's avatar
Daniel W Bond committed
683
    template_name = 'delete_confirmation.html'
684
685
686

    login_url = 'login'

Daniel W Bond's avatar
Daniel W Bond committed
687
688
689
    def get(self, request, *args, **kwargs):
        requester = Student.objects.get(user=self.request.user)
        confirmer = self.get_object().confirmer
690

Daniel W Bond's avatar
Daniel W Bond committed
691
692
693
694
        if not(requester == confirmer):
            return HttpResponseForbidden()
        else:
            return super(DeleteConfirmation, self).get(request, *args, **kwargs)
695
696
697

    def get_success_url(self):
        return reverse('detail_student',
Daniel W Bond's avatar
Daniel W Bond committed
698
                       kwargs={'slug':self.object.student.slug})