views.py 24 KB
Newer Older
1 2
# standard library imports
from __future__ import absolute_import, print_function
3
import random
4
# core django imports
Daniel W Bond's avatar
Daniel W Bond committed
5
from django.shortcuts import get_object_or_404
6
from django.http import HttpResponseForbidden
7 8
from django.views.generic import (CreateView, ListView, DetailView, UpdateView,
                                  FormView, DeleteView)
9
from django.core.urlresolvers import reverse
10 11
from django.contrib import messages
from django.utils.safestring import mark_safe
12
from django.forms.widgets import HiddenInput
13
# third party imports
14
from braces.views import LoginRequiredMixin, FormValidMessageMixin
15
from cas.views import login as cas_login
16
from ratelimit.decorators import ratelimit
17
# imports from your apps
Daniel W Bond's avatar
Daniel W Bond committed
18 19
from .models import Student, Major, Confirmation
from housing.models import Building, Floor, Room
20 21
from .forms import (StudentUpdateForm, WelcomeNameForm, WelcomePrivacyForm,
                    WelcomeSocialForm)
22

Daniel W Bond's avatar
Daniel W Bond committed
23

24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
not_started = """Welcome to SRCT Roomlist! <a href="%s">Click here</a> to walk through
                 your profile setup."""

# 1 or 2
started = """Welcome back to SRCT Roomlist! It looks like you're not quite finished with
             setting up your profile. <a href="%s">Click here</a> to return to your
             welcome walkthrough."""

# 3
almost = """Welcome back to SRCT Roomlist! It looks like you're almost finished
            with setting up your profile. <a href="%s">Click here</a> to return
            to the last page of your welcome walkthrough."""

# walkthrough finished but Room is None
no_room = """It looks like you haven't set your room yet. Head to <a href="%s"> your
             settings page</a> to get that taken care of."""

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
#########

bug_reporting = """Welcome back to SRCT Roomlist. This project is the
                   <a href="https://srct.gmu.edu/projects/">collaborative work
                   of students like you</a>. If you see anything amiss, or have ideas for
                   features or a better user experience, please send an email to
                   roomlist@lists.srct.gmu.edu, tweet
                   <a href="https://twitter.com/MasonSRCT/">@MasonSRCT</a>, or, for the
                   more technically experienced, review our
                   <a href="https://git.gmu.edu/srct/roomlist/issues">issues page</a>."""

privacy_reminder = """Welcome back to SRCT Roomlist. A friendly reminder you can change
                      your privacy settings at any time on your settings page by
                      clicking the cog in the upper right of your screen."""

disclaimer = """Welcome back to SRCT Roomlist. Just to be perfectly clear, this project
                is provided as a service by the
                <a href="https://gmu.collegiatelink.net/organization/srct">registered
                student organization</a>
                <a href="https://srct.gmu.edu/">Student-Run Computing and Technology</a>.
                We are not a part of <a href="http://housing.gmu.edu/">Mason Housing</a>:
                all information is voluntarily provided by participating students."""

whatsopen_plug = """Welcome back to SRCT Roomlist. Wondering what's open at this hour?
                    Check out another one of our
                    <a href="https://srct.gmu.edu/projects/">student-built and hosted</a>
                    projects: <a href="https://whatsopen.gmu.edu/">whatsopen.gmu.edu</a>."""

open_source = """Welcome back to SRCT Roomlist. For the curious at heart,
                 <a href="http://www.gnu.org/philosophy/free-sw.en.html">you can always
                 review</a> this project's
                 <a href="https://git.gmu.edu/srct/roomlist/tree/master">source code</a>.
                 Come <a href="https://srct.gmu.edu/">to a meeting</a> and learn how to
                 contribute!"""

return_messages = [bug_reporting, privacy_reminder, disclaimer, whatsopen_plug, open_source]

78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107

def custom_cas_login(request, *args, **kwargs):
    response = cas_login(request, *args, **kwargs)
    # returns HttpResponseRedirect
    if request.user.is_authenticated():

        if request.user.student.completedName is False:
            rendered_url = reverse('welcomeName', args=[request.user.username])
            add_url = not_started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.completedPrivacy is False:
            rendered_url = reverse('welcomePrivacy', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.completedMajor is False:
            rendered_url = reverse('welcomeMajor', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.completedName is False:
            rendered_url = reverse('welcomeSocial', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))

        elif request.user.student.room is None:
            rendered_url = reverse('updateStudent', args=[request.user.username])
            add_url = started % rendered_url
            messages.add_message(request, messages.INFO, mark_safe(add_url))
108 109 110
        else:
            welcome_back = random.choice(return_messages)
            messages.add_message(request, messages.INFO, mark_safe(welcome_back))
111 112 113 114

    return response


115 116
def on_the_same_floor(student, confirmer):
    if student == confirmer:
117
        # Student is confirmer
118 119 120 121 122
        return False
    student_floor = student.get_floor()
    confirmer_floor = confirmer.get_floor()
    # room hasn't been set yet
    if (student_floor is None) or (confirmer_floor is None):
123
        # one Student is None
124 125
        return False
    elif not(student_floor == confirmer_floor):
126
        # not the same floor
127 128 129 130 131
        return False
    else:
        return True


132 133 134 135 136 137
def pk_or_none(me, obj):
    if obj is None:
        return None
    else:
        return obj.pk

138

139 140 141
# details about the student
class DetailStudent(LoginRequiredMixin, DetailView):
    model = Student
142 143 144 145
    context_object_name = 'student'
    template_name = 'detailStudent.html'

    login_url = 'login'
Daniel W Bond's avatar
Daniel W Bond committed
146 147 148 149 150 151 152 153

    def get_context_data(self, **kwargs):
        context = super(DetailStudent, self).get_context_data(**kwargs)

        # requesting_student = Student.objects.get(user=self.request.user)
        requesting_student_filter = Student.objects.filter(user=self.request.user)
        requesting_student = requesting_student_filter[0]

154 155 156 157 158
        same_floor = on_the_same_floor(self.get_object(), requesting_student)

        flags = Confirmation.objects.filter(confirmer=requesting_student,
                                            student=self.get_object()).count()

Daniel W Bond's avatar
Daniel W Bond committed
159 160 161 162 163
        if flags:
            try:
                my_flag = Confirmation.objects.get(confirmer=requesting_student,
                                                   student=self.get_object())
            except Exception as e:
164 165
                print("Students are not supposed to be able to make more than one flag per student.")
                print(e)
166

Daniel W Bond's avatar
Daniel W Bond committed
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183
        def onFloor():
            floor_status = False
            if requesting_student.get_floor() == self.get_object().get_floor():
                floor_status = True
            return floor_status

        def inBuilding():
            floor_status = False
            if requesting_student.get_building() == self.get_object().get_building():
                floor_status = True
            return floor_status

        def shares():
            student_shares = False
            # if the student's privacy is floor and the requesting user is on their floor
            if(self.get_object().privacy == 'floor') and onFloor():
                student_shares = True
Daniel W Bond's avatar
Daniel W Bond committed
184 185
            # if the student's privacy is building and the requesting users is
            # on their floor or in their building
Daniel W Bond's avatar
Daniel W Bond committed
186 187 188 189 190 191
            elif(self.get_object().privacy == 'building') and inBuilding():
                student_shares = True
            # if the student's privacy is set to 'student'
            elif(self.get_object().privacy == 'students'):
                student_shares = True
            return student_shares
Daniel W Bond's avatar
Daniel W Bond committed
192

Daniel W Bond's avatar
Daniel W Bond committed
193
        context['shares'] = shares()
194 195
        context['same_floor'] = same_floor
        context['has_flagged'] = bool(flags)
Daniel W Bond's avatar
Daniel W Bond committed
196 197
        if flags:
            context['my_flag'] = my_flag
Daniel W Bond's avatar
Daniel W Bond committed
198 199
        return context

Daniel W Bond's avatar
Daniel W Bond committed
200

201
class DetailCurrentStudent(LoginRequiredMixin, DetailView):
202 203 204 205 206
    model = Student
    context_object_name = 'student'
    template_name = 'detailStudent.html'

    login_url = 'login'
207 208 209 210

    def get_object(self):
        return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])

Daniel W Bond's avatar
Daniel W Bond committed
211

212 213 214
# changeable student settings
class DetailStudentSettings(LoginRequiredMixin, DetailView):
    model = Student
215 216 217 218
    context_object_name = 'student'
    template_name = 'studentSettings.html'

    login_url = 'login'
219

Daniel W Bond's avatar
Daniel W Bond committed
220

221
class DetailCurrentStudentSettings(LoginRequiredMixin, DetailView):
222
    model = Student
223 224 225 226
    context_object_name = 'student'
    template_name = 'studentSettings.html'

    login_url = 'login'
227 228 229

    def get_object(self):
        return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])
Daniel W Bond's avatar
Daniel W Bond committed
230

231

232
# update a student, but FormView to allow name update on same page
233
class UpdateStudent(LoginRequiredMixin, FormValidMessageMixin, FormView):
234
    template_name = 'updateStudent.html'
235
    form_class = StudentUpdateForm
236 237
    login_url = 'login'

238 239
    form_valid_message = "Your profile was successfully updated!"

240 241 242 243 244 245 246 247 248 249
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(UpdateStudent, self).get(request, *args, **kwargs)

250 251 252 253 254 255
    def get_context_data(self, **kwargs):
        context = super(UpdateStudent, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = StudentUpdateForm(initial={'first_name': me.user.first_name,
256 257
                                          'last_name': me.user.last_name,
                                          'gender': me.gender,
258
                                          'show_gender': me.show_gender,
259 260 261 262
                                          'room': pk_or_none(me, me.room),
                                          'privacy': me.privacy,
                                          'major': pk_or_none(me, me.major),
                                          'graduating_year' : me.graduating_year,})
263 264 265

        if me.recent_changes() >= 2:
            form.fields['room'].widget = HiddenInput()
266 267
        else:
            form.fields['room'].widget.user = self.request.user
268

269
        context['my_form'] = form
Daniel W Bond's avatar
Daniel W Bond committed
270

271 272
        return context

Daniel W Bond's avatar
Daniel W Bond committed
273 274 275 276 277 278 279
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        for key, value in request.POST.iteritems():
            print(key, value)
        return super(UpdateStudent, self).post(request, *args, **kwargs)

280 281 282
    def form_valid(self, form):
        me = Student.objects.get(user=self.request.user)

Daniel W Bond's avatar
Daniel W Bond committed
283 284 285 286 287
        print("In form valid method!")

        for key, value in form.data.iteritems():
            print(key, value)

288 289 290 291 292 293 294 295
        current_room = me.room
        try:
            form_room = Room.objects.get(pk=form.data['room'])
        except:
            form_room = None

        if current_room != form_room:
            me.times_changed_room += 1
296
            Confirmation.objects.filter(student=me).delete()
297

298 299 300 301 302 303 304
        me.room = form_room

        try:
            me.major = Major.objects.get(pk=form.data['major'])
        except:
            me.major = None

305 306 307
        me.user.first_name = form.data['first_name']
        me.user.last_name = form.data['last_name']
        me.gender = form.data.getlist('gender')
308
        me.show_gender = form.data.get('show_gender', False)
309
        me.privacy = form.data['privacy']
310 311
        me.graduating_year = form.data['graduating_year']

312 313 314 315 316 317 318 319
        me.user.save()
        me.save()

        return super(UpdateStudent, self).form_valid(form)

    def get_success_url(self):
        return reverse('detail_student',
                       kwargs={'slug':self.request.user.username})
320

321

322 323
# welcome pages
class WelcomeName(LoginRequiredMixin, FormView):
324
    template_name = 'welcome_name.html'
325 326 327
    form_class = WelcomeNameForm
    login_url = 'login'

328 329 330 331 332 333 334 335 336 337
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomeName, self).get(request, *args, **kwargs)

Daniel W Bond's avatar
Daniel W Bond committed
338 339 340 341 342 343 344
    def get_context_data(self, **kwargs):
        context = super(WelcomeName, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = WelcomeNameForm(initial={'first_name': me.user.first_name,
                                        'last_name': me.user.last_name,
345 346
                                        'gender': me.gender,
                                        'show_gender': me.show_gender, })
Daniel W Bond's avatar
Daniel W Bond committed
347 348
        context['my_form'] = form
        return context
349

350 351 352 353 354
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeName, self).post(request, *args, **kwargs)

355
    def form_valid(self, form):
Daniel W Bond's avatar
Daniel W Bond committed
356
        me = Student.objects.get(user=self.request.user)
357

Daniel W Bond's avatar
Daniel W Bond committed
358 359 360 361
        me.user.first_name = form.data['first_name']
        me.user.last_name = form.data['last_name']

        me.gender = form.data.getlist('gender')
362
        me.show_gender = form.data.get('show_gender', False)
Daniel W Bond's avatar
Daniel W Bond committed
363 364 365 366 367

        me.completedName = True

        me.user.save()
        me.save()
368 369 370

        return super(WelcomeName, self).form_valid(form)

371 372 373 374
    def get_success_url(self):
        return reverse('welcomePrivacy',
                       kwargs={'slug':self.request.user.username})

375 376 377

class WelcomePrivacy(LoginRequiredMixin, UpdateView):
    model = Student
Daniel W Bond's avatar
Daniel W Bond committed
378
    form_class = WelcomePrivacyForm
379
    context_object_name = 'student'
380
    template_name = 'welcome_privacy.html'
381 382 383

    login_url = 'login'

384 385 386 387 388 389 390 391 392 393
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomePrivacy, self).get(request, *args, **kwargs)

394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411
    def get_context_data(self, **kwargs):
        context = super(WelcomePrivacy, self).get_context_data(**kwargs)

        me = Student.objects.get(user=self.request.user)

        form = WelcomePrivacyForm()

        form.fields['room'].widget.user = self.request.user

        context['my_form'] = form

        return context

    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomePrivacy, self).post(request, *args, **kwargs)

Daniel W Bond's avatar
Daniel W Bond committed
412 413
    def form_valid(self, form):
        me = self.get_object()
414

Daniel W Bond's avatar
Daniel W Bond committed
415
        current_room = me.room
416

Daniel W Bond's avatar
Daniel W Bond committed
417 418 419 420
        try:
            form_room = Room.objects.get(pk=form.data['room'])
        except:
            form_room = None
421

Daniel W Bond's avatar
Daniel W Bond committed
422 423
        if current_room != form_room:
            form.instance.times_changed_room += 1
424
            Confirmation.objects.filter(student=me).delete()
425

Daniel W Bond's avatar
Daniel W Bond committed
426
        form.instance.completedPrivacy = True
427 428 429

        return super(WelcomePrivacy, self).form_valid(form)

430 431 432 433
    def get_success_url(self):
        return reverse('welcomeMajor',
                       kwargs={'slug':self.request.user.username})

434 435 436

class WelcomeMajor(LoginRequiredMixin, UpdateView):
    model = Student
437
    fields = ['major', 'graduating_year', ]
438
    context_object_name = 'student'
439
    template_name = 'welcome_major.html'
440 441 442

    login_url = 'login'

443 444 445 446 447 448 449 450 451 452
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomeMajor, self).get(request, *args, **kwargs)

453 454 455 456 457
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeMajor, self).post(request, *args, **kwargs)

458 459
    def form_valid(self, form):

Daniel W Bond's avatar
Daniel W Bond committed
460
        form.instance.completedMajor = True
461 462 463

        return super(WelcomeMajor, self).form_valid(form)

464 465 466 467
    def get_success_url(self):
        return reverse('welcomeSocial',
                       kwargs={'slug':self.request.user.username})

468

469 470
# this is a work-in-progress catastrophuck
class WelcomeSocial(LoginRequiredMixin, FormValidMessageMixin, UpdateView):
471
    model = Student
Daniel W Bond's avatar
Daniel W Bond committed
472
    form_class = WelcomeSocialForm
473
    context_object_name = 'student'
474
    template_name = 'welcome_social.html'
475 476
    login_url = 'login'

477
    form_valid_message = "You successfully finished the welcome walkthrough!"
478

479 480 481 482 483 484 485 486 487 488
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        if not(url_uname == self.request.user.username):
            return HttpResponseForbidden()
        else:
            return super(WelcomeSocial, self).get(request, *args, **kwargs)

489 490 491 492 493
    @ratelimit(key='user', rate='5/m', method='POST', block=True)
    @ratelimit(key='user', rate='10/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(WelcomeSocial, self).post(request, *args, **kwargs)

494 495
    def form_valid(self, form):

Daniel W Bond's avatar
Daniel W Bond committed
496
        form.instance.completedSocial = True
497 498 499

        return super(WelcomeSocial, self).form_valid(form)

500 501 502 503
    def get_success_url(self):
        return reverse('detail_student',
                       kwargs={'slug':self.request.user.username})

504 505

# majors pages
Daniel W Bond's avatar
Daniel W Bond committed
506 507 508 509 510 511
class ListMajors(LoginRequiredMixin, ListView):
    model = Major
    queryset = Major.objects.all().order_by('name')
    context_object_name = 'majors'
    template_name = 'list_majors.html'

512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586
    login_url = 'login'


class DetailMajor(LoginRequiredMixin, DetailView):
    model = Major
    context_object_name = 'major'
    template_name = 'detail_major.html'

    login_url = 'login'

    def get_context_data(self, **kwargs):
        context = super(DetailMajor, self).get_context_data(**kwargs)
        me = Student.objects.get(user=self.request.user)

        students = Student.objects.filter(major=self.get_object()).order_by('room__floor__building__name', 'user__last_name', 'user__first_name')

        def onFloor(me, student):
            floor_status = False
            if me.get_floor() == student.get_floor():
                floor_status = True
            return floor_status

        def inBuilding(me, student):
            floor_status = False
            if me.get_building() == student.get_building():
                floor_status = True
            return floor_status

        aq_location_visible = []
        ra_location_visible = []
        sh_location_visible = []
        location_hidden = []

        aq_students = students.filter(room__floor__building__neighbourhood='aq')

        for student in aq_students:
            if student.privacy == u'students':
                aq_location_visible.append(student)
            elif (student.privacy == u'building') and inBuilding(me, student):
                aq_location_visible.append(student)
            elif (student.privacy == u'floor') and onFloor(me, student):
                aq_location_visible.append(student)
            else:
                location_hidden.append(student)

        ra_students = students.filter(room__floor__building__neighbourhood='ra')

        for student in ra_students:
            if student.privacy == u'students':
                ra_location_visible.append(student)
            elif (student.privacy == u'building') and inBuilding(me, student):
                ra_location_visible.append(student)
            elif (student.privacy == u'floor') and onFloor(me, student):
                ra_location_visible.append(student)
            else:
                location_hidden.append(student)

        sh_students = students.filter(room__floor__building__neighbourhood='sh')

        for student in sh_students:
            if student.privacy == u'students':
                sh_location_visible.append(student)
            elif (student.privacy == u'building') and inBuilding(me, student):
                sh_location_visible.append(student)
            elif (student.privacy == u'floor') and onFloor(me, student):
                sh_location_visible.append(student)
            else:
                location_hidden.append(student)

        context['aq_location_visible'] = aq_location_visible
        context['ra_location_visible'] = ra_location_visible
        context['sh_location_visible'] = sh_location_visible
        context['location_hidden'] = location_hidden

        return context
587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635


class CreateConfirmation(LoginRequiredMixin, CreateView):
    model = Confirmation
    fields = []
    template_name = 'create_confirmation.html'

    login_url = 'login'

    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
        # [u'', u'accounts', u'student', u'gmason', u'flag', u'']
        url_uname = current_url.split('/')[3]

        confirmer = Student.objects.get(user=self.request.user)
        student = Student.objects.get(slug=url_uname)

        flags = Confirmation.objects.filter(confirmer=confirmer,
                                            student=student).count()

        # you can't flag yourself
        if confirmer == student:
            return HttpResponseForbidden()

        # check that the confirmer is on the floor of the student
        if not on_the_same_floor(student, confirmer):
            return HttpResponseForbidden()

        # check if the confirmer has already flagged the student
        if flags >= 1:
            return HttpResponseForbidden()

        return super(CreateConfirmation, self).get(request, *args, **kwargs)


    def get_context_data(self, **kwargs):
        context = super(CreateConfirmation, self).get_context_data(**kwargs)

        # duplicated code
        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        student = Student.objects.get(slug=url_uname)

        context['student'] = student

        return context

636 637 638 639 640
    @ratelimit(key='user', rate='10/m', method='POST', block=True)
    @ratelimit(key='user', rate='50/d', method='POST', block=True)
    def post(self, request, *args, **kwargs):
        return super(CreateConfirmation, self).post(request, *args, **kwargs)

641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662
    def form_valid(self, form):

        # duplicated code
        current_url = self.request.get_full_path()
        url_uname = current_url.split('/')[3]

        confirmer = Student.objects.get(user=self.request.user)
        student = Student.objects.get(slug=url_uname)

        form.instance.confirmer = confirmer
        form.instance.student = student

        return super(CreateConfirmation, self).form_valid(form)

    def get_success_url(self):
        # redirect to the flagged student page when saving
        return reverse('detail_student',
                       kwargs={'slug':self.object.student.slug})


class DeleteConfirmation(LoginRequiredMixin, DeleteView):
    model = Confirmation
Daniel W Bond's avatar
Daniel W Bond committed
663
    template_name = 'delete_confirmation.html'
664 665 666

    login_url = 'login'

Daniel W Bond's avatar
Daniel W Bond committed
667 668 669
    def get(self, request, *args, **kwargs):
        requester = Student.objects.get(user=self.request.user)
        confirmer = self.get_object().confirmer
670

Daniel W Bond's avatar
Daniel W Bond committed
671 672 673 674
        if not(requester == confirmer):
            return HttpResponseForbidden()
        else:
            return super(DeleteConfirmation, self).get(request, *args, **kwargs)
675 676 677

    def get_success_url(self):
        return reverse('detail_student',
Daniel W Bond's avatar
Daniel W Bond committed
678
                       kwargs={'slug':self.object.student.slug})