views.py 24.2 KB
Newer Older
1 2
# standard library imports
from __future__ import absolute_import, print_function
3
import random
4
# core django imports
Daniel W Bond's avatar
Daniel W Bond committed
5
from django.shortcuts import get_object_or_404
6
from django.http import HttpResponseForbidden
7 8
from django.views.generic import (CreateView, ListView, DetailView, UpdateView,
                                  FormView, DeleteView)
9
from django.core.urlresolvers import reverse
10 11
from django.contrib import messages
from django.utils.safestring import mark_safe
12
from django.forms.widgets import HiddenInput
13
# third party imports
14
from braces.views import LoginRequiredMixin, FormValidMessageMixin
15
from cas.views import login as cas_login
16
from ratelimit.decorators import ratelimit
17
# imports from your apps
Daniel W Bond's avatar
Daniel W Bond committed
18 19
from .models import Student, Major, Confirmation
from housing.models import Building, Floor, Room
20 21
from .forms import (StudentUpdateForm, WelcomeNameForm, WelcomePrivacyForm,
                    WelcomeSocialForm)
22

Daniel W Bond's avatar
Daniel W Bond committed
23

24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
not_started = """Welcome to SRCT Roomlist! <a href="%s">Click here</a> to walk through
                 your profile setup."""

# 1 or 2
started = """Welcome back to SRCT Roomlist! It looks like you're not quite finished with
             setting up your profile. <a href="%s">Click here</a> to return to your
             welcome walkthrough."""

# 3
almost = """Welcome back to SRCT Roomlist! It looks like you're almost finished
            with setting up your profile. <a href="%s">Click here</a> to return
            to the last page of your welcome walkthrough."""

# walkthrough finished but Room is None
no_room = """It looks like you haven't set your room yet. Head to <a href="%s"> your
             settings page</a> to get that taken care of."""

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
#########

bug_reporting = """Welcome back to SRCT Roomlist. This project is the
                   <a href="https://srct.gmu.edu/projects/">collaborative work
                   of students like you</a>. If you see anything amiss, or have ideas for
                   features or a better user experience, please send an email to
                   roomlist@lists.srct.gmu.edu, tweet
                   <a href="https://twitter.com/MasonSRCT/">@MasonSRCT</a>, or, for the
                   more technically experienced, review our
                   <a href="https://git.gmu.edu/srct/roomlist/issues">issues page</a>."""

privacy_reminder = """Welcome back to SRCT Roomlist. A friendly reminder you can change
                      your privacy settings at any time on your settings page by
                      clicking the cog in the upper right of your screen."""

disclaimer = """Welcome back to SRCT Roomlist. Just to be perfectly clear, this project
                is provided as a service by the
                <a href="https://gmu.collegiatelink.net/organization/srct">registered
                student organization</a>
                <a href="https://srct.gmu.edu/">Student-Run Computing and Technology</a>.
                We are not a part of <a href="http://housing.gmu.edu/">Mason Housing</a>:
                all information is voluntarily provided by participating students."""

whatsopen_plug = """Welcome back to SRCT Roomlist. Wondering what's open at this hour?
                    Check out another one of our
                    <a href="https://srct.gmu.edu/projects/">student-built and hosted</a>
                    projects: <a href="https://whatsopen.gmu.edu/">whatsopen.gmu.edu</a>."""

open_source = """Welcome back to SRCT Roomlist. For the curious at heart,
                 <a href="http://www.gnu.org/philosophy/free-sw.en.html">you can always
                 review</a> this project's
                 <a href="https://git.gmu.edu/srct/roomlist/tree/master">source code</a>.
                 Come <a href="https://srct.gmu.edu/">to a meeting</a> and learn how to
                 contribute!"""

return_messages = [bug_reporting, privacy_reminder, disclaimer, whatsopen_plug, open_source]

78 79 80 81

def custom_cas_login(request, *args, **kwargs):
    response = cas_login(request, *args, **kwargs)
    # returns HttpResponseRedirect
82

83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
    if request.user.is_authenticated():

        if request.user.student.completedName is False:
            rendered_url = reverse('welcomeName', args=[request.user.username])
            add_url = not_started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.completedPrivacy is False:
            rendered_url = reverse('welcomePrivacy', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.completedMajor is False:
            rendered_url = reverse('welcomeMajor', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.completedName is False:
            rendered_url = reverse('welcomeSocial', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.room is None:
            rendered_url = reverse('updateStudent', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))
109 110 111
        else:
            welcome_back = random.choice(return_messages)
            messages.add_message(request, messages.INFO, mark_safe(welcome_back))
112 113 114 115

    return response


116 117
def on_the_same_floor(student, confirmer):
    if student == confirmer:
118
        # Student is confirmer
119 120 121 122 123
        return False
    student_floor = student.get_floor()
    confirmer_floor = confirmer.get_floor()
    # room hasn't been set yet
    if (student_floor is None) or (confirmer_floor is None):
124
        # one Student is None
125 126
        return False
    elif not(student_floor == confirmer_floor):
127
        # not the same floor
128 129 130 131 132
        return False
    else:
        return True


133 134 135 136 137 138
def pk_or_none(me, obj):
    if obj is None:
        return None
    else:
        return obj.pk

139

140 141 142
# details about the student
class DetailStudent(LoginRequiredMixin, DetailView):
    model = Student
143 144 145 146
    context_object_name = 'student'
    template_name = 'detailStudent.html'

    login_url = 'login'
Daniel W Bond's avatar
Daniel W Bond committed
147 148 149 150

    def get_context_data(self, **kwargs):
        context = super(DetailStudent, self).get_context_data(**kwargs)

151
        requesting_student = Student.objects.get(user=self.request.user)
Daniel W Bond's avatar
Daniel W Bond committed
152

153 154 155 156 157
        same_floor = on_the_same_floor(self.get_object(), requesting_student)

        flags = Confirmation.objects.filter(confirmer=requesting_student,
                                            student=self.get_object()).count()

Daniel W Bond's avatar
Daniel W Bond committed
158 159 160 161 162
        if flags:
            try:
                my_flag = Confirmation.objects.get(confirmer=requesting_student,
                                                   student=self.get_object())
            except Exception as e:
163 164
                print("Students are not supposed to be able to make more than one flag per student.")
                print(e)
165

Daniel W Bond's avatar
Daniel W Bond committed
166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182
        def onFloor():
            floor_status = False
            if requesting_student.get_floor() == self.get_object().get_floor():
                floor_status = True
            return floor_status

        def inBuilding():
            floor_status = False
            if requesting_student.get_building() == self.get_object().get_building():
                floor_status = True
            return floor_status

        def shares():
            student_shares = False
            # if the student's privacy is floor and the requesting user is on their floor
            if(self.get_object().privacy == 'floor') and onFloor():
                student_shares = True
Daniel W Bond's avatar
Daniel W Bond committed
183 184
            # if the student's privacy is building and the requesting users is
            # on their floor or in their building
Daniel W Bond's avatar
Daniel W Bond committed
185 186 187 188 189 190
            elif(self.get_object().privacy == 'building') and inBuilding():
                student_shares = True
            # if the student's privacy is set to 'student'
            elif(self.get_object().privacy == 'students'):
                student_shares = True
            return student_shares
Daniel W Bond's avatar
Daniel W Bond committed
191

Daniel W Bond's avatar
Daniel W Bond committed
192
        context['shares'] = shares()
193 194
        context['same_floor'] = same_floor
        context['has_flagged'] = bool(flags)
Daniel W Bond's avatar
Daniel W Bond committed
195 196
        if flags:
            context['my_flag'] = my_flag
Daniel W Bond's avatar
Daniel W Bond committed
197 198
        return context

Daniel W Bond's avatar
Daniel W Bond committed
199

200
class DetailCurrentStudent(LoginRequiredMixin, DetailView):
201 202 203 204 205
    model = Student
    context_object_name = 'student'
    template_name = 'detailStudent.html'

    login_url = 'login'
206 207 208 209

    def get_object(self):
        return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])

Daniel W Bond's avatar
Daniel W Bond committed
210

211 212 213
# changeable student settings
class DetailStudentSettings(LoginRequiredMixin, DetailView):
    model = Student
214 215 216 217
    context_object_name = 'student'
    template_name = 'studentSettings.html'

    login_url = 'login'
218

Daniel W Bond's avatar
Daniel W Bond committed
219

220
class DetailCurrentStudentSettings(LoginRequiredMixin, DetailView):
221
    model = Student
222 223 224 225
    context_object_name = 'student'
    template_name = 'studentSettings.html'

    login_url = 'login'
226 227 228

    def get_object(self):
        return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])
Daniel W Bond's avatar
Daniel W Bond committed
229

230

231
# update a student, but FormView to allow name update on same page
232
class UpdateStudent(LoginRequiredMixin, FormValidMessageMixin, FormView):
233
    template_name = 'updateStudent.html'
234
    form_class = StudentUpdateForm
235 236
    login_url = 'login'

237 238
    form_valid_message = "Your profile was successfully updated!"

239 240 241 242 243 244 245 246 247 248
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(UpdateStudent, self).get(request, *args, **kwargs)

249 250 251 252 253 254
    def get_context_data(self, **kwargs):
        context = super(UpdateStudent, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = StudentUpdateForm(initial={'first_name': me.user.first_name,
255 256
                                          'last_name': me.user.last_name,
                                          'gender': me.gender,
257
                                          'show_gender': me.show_gender,
258 259 260 261
                                          'room': pk_or_none(me, me.room),
                                          'privacy': me.privacy,
                                          'major': pk_or_none(me, me.major),
                                          'graduating_year' : me.graduating_year,})
262

263
        if me.recent_changes() > 2:
264
            form.fields['room'].widget = HiddenInput()
265 266
        else:
            form.fields['room'].widget.user = self.request.user
267

268
        context['my_form'] = form
Daniel W Bond's avatar
Daniel W Bond committed
269

270 271
        return context

Daniel W Bond's avatar
Daniel W Bond committed
272 273 274
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
275 276
        #for key, value in request.POST.iteritems():
            #print(key, value)
Daniel W Bond's avatar
Daniel W Bond committed
277 278
        return super(UpdateStudent, self).post(request, *args, **kwargs)

279 280 281
    def form_valid(self, form):
        me = Student.objects.get(user=self.request.user)

282
        #print("In form valid method!")
Daniel W Bond's avatar
Daniel W Bond committed
283

284 285
        #for key, value in form.data.iteritems():
            #print(key, value)
Daniel W Bond's avatar
Daniel W Bond committed
286

287 288 289 290 291 292 293 294
        current_room = me.room
        try:
            form_room = Room.objects.get(pk=form.data['room'])
        except:
            form_room = None

        if current_room != form_room:
            me.times_changed_room += 1
295
            Confirmation.objects.filter(student=me).delete()
296

297 298 299 300 301 302 303
        me.room = form_room

        try:
            me.major = Major.objects.get(pk=form.data['major'])
        except:
            me.major = None

304 305 306
        me.user.first_name = form.data['first_name']
        me.user.last_name = form.data['last_name']
        me.gender = form.data.getlist('gender')
307
        me.show_gender = form.data.get('show_gender', False)
308
        me.privacy = form.data['privacy']
309 310
        me.graduating_year = form.data['graduating_year']

311 312 313 314 315 316
        me.user.save()
        me.save()

        return super(UpdateStudent, self).form_valid(form)

    def get_success_url(self):
317 318 319 320 321

        if self.request.user.student.recent_changes() == 2:

            messages.add_message(self.request, messages.WARNING, 'To safeguard everyone\'s privacy, you have just one remaining room change for the semester before you\'ll need to send us an email at roomlist@lists.srct.gmu.edu.')

322 323
        return reverse('detail_student',
                       kwargs={'slug':self.request.user.username})
324

325

326 327
# welcome pages
class WelcomeName(LoginRequiredMixin, FormView):
328
    template_name = 'welcome_name.html'
329 330 331
    form_class = WelcomeNameForm
    login_url = 'login'

332 333 334 335 336 337 338 339 340 341
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomeName, self).get(request, *args, **kwargs)

Daniel W Bond's avatar
Daniel W Bond committed
342 343 344 345 346 347 348
    def get_context_data(self, **kwargs):
        context = super(WelcomeName, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = WelcomeNameForm(initial={'first_name': me.user.first_name,
                                        'last_name': me.user.last_name,
349 350
                                        'gender': me.gender,
                                        'show_gender': me.show_gender, })
Daniel W Bond's avatar
Daniel W Bond committed
351 352
        context['my_form'] = form
        return context
353

354 355 356 357 358
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeName, self).post(request, *args, **kwargs)

359
    def form_valid(self, form):
Daniel W Bond's avatar
Daniel W Bond committed
360
        me = Student.objects.get(user=self.request.user)
361

Daniel W Bond's avatar
Daniel W Bond committed
362 363 364 365
        me.user.first_name = form.data['first_name']
        me.user.last_name = form.data['last_name']

        me.gender = form.data.getlist('gender')
366
        me.show_gender = form.data.get('show_gender', False)
Daniel W Bond's avatar
Daniel W Bond committed
367 368 369 370 371

        me.completedName = True

        me.user.save()
        me.save()
372 373 374

        return super(WelcomeName, self).form_valid(form)

375 376 377 378
    def get_success_url(self):
        return reverse('welcomePrivacy',
                       kwargs={'slug':self.request.user.username})

379 380 381

class WelcomePrivacy(LoginRequiredMixin, UpdateView):
    model = Student
Daniel W Bond's avatar
Daniel W Bond committed
382
    form_class = WelcomePrivacyForm
383
    context_object_name = 'student'
384
    template_name = 'welcome_privacy.html'
385 386 387

    login_url = 'login'

388 389 390 391 392 393 394 395 396 397
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomePrivacy, self).get(request, *args, **kwargs)

398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415
    def get_context_data(self, **kwargs):
        context = super(WelcomePrivacy, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = WelcomePrivacyForm()

        form.fields['room'].widget.user = self.request.user

        context['my_form'] = form

        return context

    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomePrivacy, self).post(request, *args, **kwargs)

Daniel W Bond's avatar
Daniel W Bond committed
416 417
    def form_valid(self, form):
        me = self.get_object()
418

Daniel W Bond's avatar
Daniel W Bond committed
419
        current_room = me.room
420

Daniel W Bond's avatar
Daniel W Bond committed
421 422 423 424
        try:
            form_room = Room.objects.get(pk=form.data['room'])
        except:
            form_room = None
425

Daniel W Bond's avatar
Daniel W Bond committed
426 427
        if current_room != form_room:
            form.instance.times_changed_room += 1
428
            Confirmation.objects.filter(student=me).delete()
429

Daniel W Bond's avatar
Daniel W Bond committed
430
        form.instance.completedPrivacy = True
431 432 433

        return super(WelcomePrivacy, self).form_valid(form)

434 435 436 437
    def get_success_url(self):
        return reverse('welcomeMajor',
                       kwargs={'slug':self.request.user.username})

438 439 440

class WelcomeMajor(LoginRequiredMixin, UpdateView):
    model = Student
441
    fields = ['major', 'graduating_year', ]
442
    context_object_name = 'student'
443
    template_name = 'welcome_major.html'
444 445 446

    login_url = 'login'

447 448 449 450 451 452 453 454 455 456
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomeMajor, self).get(request, *args, **kwargs)

457 458 459 460 461
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeMajor, self).post(request, *args, **kwargs)

462 463
    def form_valid(self, form):

Daniel W Bond's avatar
Daniel W Bond committed
464
        form.instance.completedMajor = True
465 466 467

        return super(WelcomeMajor, self).form_valid(form)

468 469 470 471
    def get_success_url(self):
        return reverse('welcomeSocial',
                       kwargs={'slug':self.request.user.username})

472

473
class WelcomeSocial(LoginRequiredMixin, UpdateView):
474
    model = Student
Daniel W Bond's avatar
Daniel W Bond committed
475
    form_class = WelcomeSocialForm
476
    context_object_name = 'student'
477
    template_name = 'welcome_social.html'
478 479
    login_url = 'login'

480 481 482 483 484 485 486 487 488 489
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomeSocial, self).get(request, *args, **kwargs)

490 491 492 493 494
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeSocial, self).post(request, *args, **kwargs)

495 496
    def form_valid(self, form):

Daniel W Bond's avatar
Daniel W Bond committed
497
        form.instance.completedSocial = True
498 499 500

        return super(WelcomeSocial, self).form_valid(form)

501
    def get_success_url(self):
502 503 504 505 506

        if self.request.user.student.totally_done():
            messages.add_message(self.request, messages.SUCCESS,
                                 "You successfully finished the welcome walkthrough!")

507 508 509
        return reverse('detail_student',
                       kwargs={'slug':self.request.user.username})

510 511

# majors pages
Daniel W Bond's avatar
Daniel W Bond committed
512 513 514 515 516 517
class ListMajors(LoginRequiredMixin, ListView):
    model = Major
    queryset = Major.objects.all().order_by('name')
    context_object_name = 'majors'
    template_name = 'list_majors.html'

518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592
    login_url = 'login'


class DetailMajor(LoginRequiredMixin, DetailView):
    model = Major
    context_object_name = 'major'
    template_name = 'detail_major.html'

    login_url = 'login'

    def get_context_data(self, **kwargs):
        context = super(DetailMajor, self).get_context_data(**kwargs)
        me = Student.objects.get(user=self.request.user)

        students = Student.objects.filter(major=self.get_object()).order_by('room__floor__building__name', 'user__last_name', 'user__first_name')

        def onFloor(me, student):
            floor_status = False
            if me.get_floor() == student.get_floor():
                floor_status = True
            return floor_status

        def inBuilding(me, student):
            floor_status = False
            if me.get_building() == student.get_building():
                floor_status = True
            return floor_status

        aq_location_visible = []
        ra_location_visible = []
        sh_location_visible = []
        location_hidden = []

        aq_students = students.filter(room__floor__building__neighbourhood='aq')

        for student in aq_students:
            if student.privacy == u'students':
                aq_location_visible.append(student)
            elif (student.privacy == u'building') and inBuilding(me, student):
                aq_location_visible.append(student)
            elif (student.privacy == u'floor') and onFloor(me, student):
                aq_location_visible.append(student)
            else:
                location_hidden.append(student)

        ra_students = students.filter(room__floor__building__neighbourhood='ra')

        for student in ra_students:
            if student.privacy == u'students':
                ra_location_visible.append(student)
            elif (student.privacy == u'building') and inBuilding(me, student):
                ra_location_visible.append(student)
            elif (student.privacy == u'floor') and onFloor(me, student):
                ra_location_visible.append(student)
            else:
                location_hidden.append(student)

        sh_students = students.filter(room__floor__building__neighbourhood='sh')

        for student in sh_students:
            if student.privacy == u'students':
                sh_location_visible.append(student)
            elif (student.privacy == u'building') and inBuilding(me, student):
                sh_location_visible.append(student)
            elif (student.privacy == u'floor') and onFloor(me, student):
                sh_location_visible.append(student)
            else:
                location_hidden.append(student)

        context['aq_location_visible'] = aq_location_visible
        context['ra_location_visible'] = ra_location_visible
        context['sh_location_visible'] = sh_location_visible
        context['location_hidden'] = location_hidden

        return context
593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641


class CreateConfirmation(LoginRequiredMixin, CreateView):
    model = Confirmation
    fields = []
    template_name = 'create_confirmation.html'

    login_url = 'login'

    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        # [u'', u'accounts', u'student', u'gmason', u'flag', u'']
        url_uname = current_url.split('/')[3]

        confirmer = Student.objects.get(user=self.request.user)
        student = Student.objects.get(slug=url_uname)

        flags = Confirmation.objects.filter(confirmer=confirmer,
                                            student=student).count()

        # you can't flag yourself
        if confirmer == student:
            return HttpResponseForbidden()

        # check that the confirmer is on the floor of the student
        if not on_the_same_floor(student, confirmer):
            return HttpResponseForbidden()

        # check if the confirmer has already flagged the student
        if flags >= 1:
            return HttpResponseForbidden()

        return super(CreateConfirmation, self).get(request, *args, **kwargs)


    def get_context_data(self, **kwargs):
        context = super(CreateConfirmation, self).get_context_data(**kwargs)

        # duplicated code
        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        student = Student.objects.get(slug=url_uname)

        context['student'] = student

        return context

642 643 644 645 646
    @ratelimit(key='user', rate='10/m', method='POST', block=True)
    @ratelimit(key='user', rate='50/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(CreateConfirmation, self).post(request, *args, **kwargs)

647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668
    def form_valid(self, form):

        # duplicated code
        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        confirmer = Student.objects.get(user=self.request.user)
        student = Student.objects.get(slug=url_uname)

        form.instance.confirmer = confirmer
        form.instance.student = student

        return super(CreateConfirmation, self).form_valid(form)

    def get_success_url(self):
        # redirect to the flagged student page when saving
        return reverse('detail_student',
                       kwargs={'slug':self.object.student.slug})


class DeleteConfirmation(LoginRequiredMixin, DeleteView):
    model = Confirmation
Daniel W Bond's avatar
Daniel W Bond committed
669
    template_name = 'delete_confirmation.html'
670 671 672

    login_url = 'login'

Daniel W Bond's avatar
Daniel W Bond committed
673 674 675
    def get(self, request, *args, **kwargs):
        requester = Student.objects.get(user=self.request.user)
        confirmer = self.get_object().confirmer
676

Daniel W Bond's avatar
Daniel W Bond committed
677 678 679 680
        if not(requester == confirmer):
            return HttpResponseForbidden()
        else:
            return super(DeleteConfirmation, self).get(request, *args, **kwargs)
681 682 683

    def get_success_url(self):
        return reverse('detail_student',
Daniel W Bond's avatar
Daniel W Bond committed
684
                       kwargs={'slug':self.object.student.slug})