updatestudent now supports renaming on single page, added 403'ing so users...

updatestudent now supports renaming on single page, added 403'ing so users can't edit other's welcomes

roomlist/accounts/templates/updateStudent.html

 {% extends 'layouts/base.html' %}
 
-{% block title %} SRCT RoomList | New Student Setup {% endblock %}
+{% block title %} SRCT RoomList | Student | Update {% endblock %}
 
 {% block reminder %}
 {% endblock %}
@@ -10,7 +10,7 @@
 <div class="page-header" id="banner">
   <div class="row">
     <div class="col-md-12 text-center">
-      <h1><strong>SRCT</strong>ROOMLIST</a></strong> Student Setup</h1>
+      <h1><strong>SRCT</strong>ROOMLIST</a></strong> Student Update</h1>
     </div>
   </div>
 </div>
@@ -20,12 +20,12 @@
 
     <div class="panel panel-default">
       <div class="panel-heading">
-        <h1 class="panel-title text-center"><strong>Welcome, {{ student.user.first_name }}!</strong></h1>   
+        <h1 class="panel-title text-center"><strong>Welcome, {{ request.user.first_name }}!</strong></h1>
       </div>
 
       <div class="panel-body">
         <form action="" method="post">{% csrf_token %}
-          {{ form.as_p }}
+          {{ my_form.as_p }}
           <input type="submit" value="Save" class="btn btn-primary"/>
         </form>
       </div>

roomlist/accounts/views.py

@@ -6,8 +6,8 @@ from django.core.urlresolvers import reverse
 # third party imports
 from braces.views import LoginRequiredMixin
 # imports from your apps
-from .models import Student, Major
-from .forms import WelcomeNameForm
+from .models import Student, Major, Room
+from .forms import StudentUpdateForm, WelcomeNameForm
 
 
 # details about the student
@@ -86,17 +86,12 @@ class DetailCurrentStudentSettings(LoginRequiredMixin, DetailView):
         return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])
 
 
-# update a student (students are *created* on first login via CAS)
-class UpdateStudent(LoginRequiredMixin, UpdateView):
-    model = Student
-    fields = ['room', 'privacy', 'major', 'gender', ]
-    context_object_name = 'student'
+# update a student, but FormView to allow name update on same page
+class UpdateStudent(LoginRequiredMixin, FormView):
     template_name = 'updateStudent.html'
-
+    form_class = StudentUpdateForm
     login_url = 'login'
 
-    # change to formview to support changing name
-
     def get(self, request, *args, **kwargs):
 
         current_url = self.request.get_full_path()
@@ -105,12 +100,54 @@ class UpdateStudent(LoginRequiredMixin, UpdateView):
         print url_uname, self.request.user.username
 
         if not(url_uname == self.request.user.username):
-            print "I'm sorry, what now?"
             return HttpResponseForbidden()
         else:
             return super(UpdateStudent, self).get(request, *args, **kwargs)
 
-# use the same forms with different templates, views, and urls
+    def get_context_data(self, **kwargs):
+        context = super(UpdateStudent, self).get_context_data(**kwargs)
+
+        me = Student.objects.get(user=self.request.user)
+
+        print me.room
+        print me.major
+
+        def pk_or_none(me, obj):
+            if obj is None:
+                return None
+            else:
+                return obj.pk
+
+        form = StudentUpdateForm(initial={'first_name': me.user.first_name,
+                                        'last_name': me.user.last_name,
+                                        'gender': me.gender,
+                                        'room': pk_or_none(me, me.room),
+                                        'privacy': me.privacy,
+                                        'major': pk_or_none(me, me.major),})
+        context['my_form'] = form
+        return context
+
+    def form_valid(self, form):
+        me = Student.objects.get(user=self.request.user)
+
+        print form.data['room']
+        print form.data['major']
+
+        me.user.first_name = form.data['first_name']
+        me.user.last_name = form.data['last_name']
+        me.gender = form.data.getlist('gender')
+        me.room = Room.objects.get(pk=form.data['room'])
+        me.privacy = form.data['privacy']
+        me.major = Major.objects.get(pk=form.data['major'])
+
+        me.user.save()
+        me.save()
+
+        return super(UpdateStudent, self).form_valid(form)
+
+    def get_success_url(self):
+        return reverse('detail_student',
+                       kwargs={'slug':self.request.user.username})
 
 # welcome pages
 class WelcomeName(LoginRequiredMixin, FormView):
@@ -118,6 +155,18 @@ class WelcomeName(LoginRequiredMixin, FormView):
     form_class = WelcomeNameForm
     login_url = 'login'
 
+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomeName, self).get(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         context = super(WelcomeName, self).get_context_data(**kwargs)
 
@@ -129,15 +178,12 @@ class WelcomeName(LoginRequiredMixin, FormView):
         context['my_form'] = form
         return context
         
-
     def form_valid(self, form):
         me = Student.objects.get(user=self.request.user)
 
         me.user.first_name = form.data['first_name']
         me.user.last_name = form.data['last_name']
 
-        #for identity in form.data['gender']
-            
         me.gender = form.data.getlist('gender')
 
         me.completedName = True
@@ -160,6 +206,18 @@ class WelcomePrivacy(LoginRequiredMixin, UpdateView):
 
     login_url = 'login'
 
+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomePrivacy, self).get(request, *args, **kwargs)
+
     def form_valid(self, form):
         self.obj = self.get_object()
 
@@ -181,6 +239,18 @@ class WelcomeMajor(LoginRequiredMixin, UpdateView):
 
     login_url = 'login'
 
+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomeMajor, self).get(request, *args, **kwargs)
+
     def form_valid(self, form):
 
         self.obj = self.get_object()
@@ -204,6 +274,18 @@ class WelcomeSocial(LoginRequiredMixin, DetailView):
 
     # push to the message queue
 
+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomeSocial, self).get(request, *args, **kwargs)
+
     def form_valid(self, form):
         self.obj = self.get_object()