Commit 10ce3e25 authored by Daniel W Bond's avatar Daniel W Bond
Browse files

updatestudent now supports renaming on single page, added 403'ing so users...

updatestudent now supports renaming on single page, added 403'ing so users can't edit other's welcomes
parent 735a4115
{% extends 'layouts/base.html' %}
{% block title %} SRCT RoomList | New Student Setup {% endblock %}
{% block title %} SRCT RoomList | Student | Update {% endblock %}
{% block reminder %}
{% endblock %}
......@@ -10,7 +10,7 @@
<div class="page-header" id="banner">
<div class="row">
<div class="col-md-12 text-center">
<h1><strong>SRCT</strong>ROOMLIST</a></strong> Student Setup</h1>
<h1><strong>SRCT</strong>ROOMLIST</a></strong> Student Update</h1>
</div>
</div>
</div>
......@@ -20,12 +20,12 @@
<div class="panel panel-default">
<div class="panel-heading">
<h1 class="panel-title text-center"><strong>Welcome, {{ student.user.first_name }}!</strong></h1>
<h1 class="panel-title text-center"><strong>Welcome, {{ request.user.first_name }}!</strong></h1>
</div>
<div class="panel-body">
<form action="" method="post">{% csrf_token %}
{{ form.as_p }}
{{ my_form.as_p }}
<input type="submit" value="Save" class="btn btn-primary"/>
</form>
</div>
......
......@@ -6,8 +6,8 @@ from django.core.urlresolvers import reverse
# third party imports
from braces.views import LoginRequiredMixin
# imports from your apps
from .models import Student, Major
from .forms import WelcomeNameForm
from .models import Student, Major, Room
from .forms import StudentUpdateForm, WelcomeNameForm
# details about the student
......@@ -86,17 +86,12 @@ class DetailCurrentStudentSettings(LoginRequiredMixin, DetailView):
return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])
# update a student (students are *created* on first login via CAS)
class UpdateStudent(LoginRequiredMixin, UpdateView):
model = Student
fields = ['room', 'privacy', 'major', 'gender', ]
context_object_name = 'student'
# update a student, but FormView to allow name update on same page
class UpdateStudent(LoginRequiredMixin, FormView):
template_name = 'updateStudent.html'
form_class = StudentUpdateForm
login_url = 'login'
# change to formview to support changing name
def get(self, request, *args, **kwargs):
current_url = self.request.get_full_path()
......@@ -105,12 +100,54 @@ class UpdateStudent(LoginRequiredMixin, UpdateView):
print url_uname, self.request.user.username
if not(url_uname == self.request.user.username):
print "I'm sorry, what now?"
return HttpResponseForbidden()
else:
return super(UpdateStudent, self).get(request, *args, **kwargs)
# use the same forms with different templates, views, and urls
def get_context_data(self, **kwargs):
context = super(UpdateStudent, self).get_context_data(**kwargs)
me = Student.objects.get(user=self.request.user)
print me.room
print me.major
def pk_or_none(me, obj):
if obj is None:
return None
else:
return obj.pk
form = StudentUpdateForm(initial={'first_name': me.user.first_name,
'last_name': me.user.last_name,
'gender': me.gender,
'room': pk_or_none(me, me.room),
'privacy': me.privacy,
'major': pk_or_none(me, me.major),})
context['my_form'] = form
return context
def form_valid(self, form):
me = Student.objects.get(user=self.request.user)
print form.data['room']
print form.data['major']
me.user.first_name = form.data['first_name']
me.user.last_name = form.data['last_name']
me.gender = form.data.getlist('gender')
me.room = Room.objects.get(pk=form.data['room'])
me.privacy = form.data['privacy']
me.major = Major.objects.get(pk=form.data['major'])
me.user.save()
me.save()
return super(UpdateStudent, self).form_valid(form)
def get_success_url(self):
return reverse('detail_student',
kwargs={'slug':self.request.user.username})
# welcome pages
class WelcomeName(LoginRequiredMixin, FormView):
......@@ -118,6 +155,18 @@ class WelcomeName(LoginRequiredMixin, FormView):
form_class = WelcomeNameForm
login_url = 'login'
def get(self, request, *args, **kwargs):
current_url = self.request.get_full_path()
url_uname = current_url.split('/')[3]
print url_uname, self.request.user.username
if not(url_uname == self.request.user.username):
return HttpResponseForbidden()
else:
return super(WelcomeName, self).get(request, *args, **kwargs)
def get_context_data(self, **kwargs):
context = super(WelcomeName, self).get_context_data(**kwargs)
......@@ -129,15 +178,12 @@ class WelcomeName(LoginRequiredMixin, FormView):
context['my_form'] = form
return context
def form_valid(self, form):
me = Student.objects.get(user=self.request.user)
me.user.first_name = form.data['first_name']
me.user.last_name = form.data['last_name']
#for identity in form.data['gender']
me.gender = form.data.getlist('gender')
me.completedName = True
......@@ -160,6 +206,18 @@ class WelcomePrivacy(LoginRequiredMixin, UpdateView):
login_url = 'login'
def get(self, request, *args, **kwargs):
current_url = self.request.get_full_path()
url_uname = current_url.split('/')[3]
print url_uname, self.request.user.username
if not(url_uname == self.request.user.username):
return HttpResponseForbidden()
else:
return super(WelcomePrivacy, self).get(request, *args, **kwargs)
def form_valid(self, form):
self.obj = self.get_object()
......@@ -181,6 +239,18 @@ class WelcomeMajor(LoginRequiredMixin, UpdateView):
login_url = 'login'
def get(self, request, *args, **kwargs):
current_url = self.request.get_full_path()
url_uname = current_url.split('/')[3]
print url_uname, self.request.user.username
if not(url_uname == self.request.user.username):
return HttpResponseForbidden()
else:
return super(WelcomeMajor, self).get(request, *args, **kwargs)
def form_valid(self, form):
self.obj = self.get_object()
......@@ -204,6 +274,18 @@ class WelcomeSocial(LoginRequiredMixin, DetailView):
# push to the message queue
def get(self, request, *args, **kwargs):
current_url = self.request.get_full_path()
url_uname = current_url.split('/')[3]
print url_uname, self.request.user.username
if not(url_uname == self.request.user.username):
return HttpResponseForbidden()
else:
return super(WelcomeSocial, self).get(request, *args, **kwargs)
def form_valid(self, form):
self.obj = self.get_object()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment