updatestudent now supports renaming on single page, added 403'ing so users...

updatestudent now supports renaming on single page, added 403'ing so users can't edit other's welcomes

updatestudent now supports renaming on single page, added 403'ing so users...
updatestudent now supports renaming on single page, added 403'ing so users can't edit other's welcomes
10ce3e25 · Daniel W Bond · 735a4115 · 10ce3e25 · 10ce3e25
Commit 10ce3e25 authored Sep 08, 2015 by Daniel W Bond
Hide whitespace changes
Inline Side-by-side

Showing with 101 additions and 19 deletions

roomlist/accounts/templates/updateStudent.html roomlist/accounts/templates/updateStudent.html +4 -4

roomlist/accounts/views.py roomlist/accounts/views.py +97 -15

No files found.
--- a/roomlist/accounts/templates/updateStudent.html
+++ b/roomlist/accounts/templates/updateStudent.html
 {% extends 'layouts/base.html' %}

-{% block title %} SRCT RoomList | New Student Setup {% endblock %}
+{% block title %} SRCT RoomList | Student | Update {% endblock %}

 {% block reminder %}
 {% endblock %}
@@ -10,7 +10,7 @@
 <div class="page-header" id="banner">
  <div class="row">
    <div class="col-md-12 text-center">
-      <h1><strong>SRCT</strong>ROOMLIST</a></strong> Student Setup</h1>
+      <h1><strong>SRCT</strong>ROOMLIST</a></strong> Student Update</h1>
    </div>
  </div>
 </div>
@@ -20,12 +20,12 @@

    <div class="panel panel-default">
      <div class="panel-heading">
-        <h1 class="panel-title text-center"><strong>Welcome, {{ student.user.first_name }}!</strong></h1>   
+        <h1 class="panel-title text-center"><strong>Welcome, {{ request.user.first_name }}!</strong></h1>
      </div>

      <div class="panel-body">
        <form action="" method="post">{% csrf_token %}
-          {{ form.as_p }}
+          {{ my_form.as_p }}
          <input type="submit" value="Save" class="btn btn-primary"/>
        </form>
      </div>

--- a/roomlist/accounts/views.py
+++ b/roomlist/accounts/views.py
@@ -6,8 +6,8 @@ from django.core.urlresolvers import reverse
 # third party imports
 from braces.views import LoginRequiredMixin
 # imports from your apps
-from .models import Student, Major
-from .forms import WelcomeNameForm
+from .models import Student, Major, Room
+from .forms import StudentUpdateForm, WelcomeNameForm


 # details about the student
@@ -86,17 +86,12 @@ class DetailCurrentStudentSettings(LoginRequiredMixin, DetailView):
        return get_object_or_404(Student, pk=self.request.session['_auth_user_id'])


-# update a student (students are *created* on first login via CAS)
-class UpdateStudent(LoginRequiredMixin, UpdateView):
-    model = Student
-    fields = ['room', 'privacy', 'major', 'gender', ]
-    context_object_name = 'student'
+# update a student, but FormView to allow name update on same page
+class UpdateStudent(LoginRequiredMixin, FormView):
    template_name = 'updateStudent.html'
-
+    form_class = StudentUpdateForm
    login_url = 'login'

-    # change to formview to support changing name
-
    def get(self, request, *args, **kwargs):

        current_url = self.request.get_full_path()
@@ -105,12 +100,54 @@ class UpdateStudent(LoginRequiredMixin, UpdateView):
        print url_uname, self.request.user.username

        if not(url_uname == self.request.user.username):
-            print "I'm sorry, what now?"
            return HttpResponseForbidden()
        else:
            return super(UpdateStudent, self).get(request, *args, **kwargs)

-# use the same forms with different templates, views, and urls
+    def get_context_data(self, **kwargs):
+        context = super(UpdateStudent, self).get_context_data(**kwargs)
+
+        me = Student.objects.get(user=self.request.user)
+
+        print me.room
+        print me.major
+
+        def pk_or_none(me, obj):
+            if obj is None:
+                return None
+            else:
+                return obj.pk
+
+        form = StudentUpdateForm(initial={'first_name': me.user.first_name,
+                                        'last_name': me.user.last_name,
+                                        'gender': me.gender,
+                                        'room': pk_or_none(me, me.room),
+                                        'privacy': me.privacy,
+                                        'major': pk_or_none(me, me.major),})
+        context['my_form'] = form
+        return context
+
+    def form_valid(self, form):
+        me = Student.objects.get(user=self.request.user)
+
+        print form.data['room']
+        print form.data['major']
+
+        me.user.first_name = form.data['first_name']
+        me.user.last_name = form.data['last_name']
+        me.gender = form.data.getlist('gender')
+        me.room = Room.objects.get(pk=form.data['room'])
+        me.privacy = form.data['privacy']
+        me.major = Major.objects.get(pk=form.data['major'])
+
+        me.user.save()
+        me.save()
+
+        return super(UpdateStudent, self).form_valid(form)
+
+    def get_success_url(self):
+        return reverse('detail_student',
+                       kwargs={'slug':self.request.user.username})

 # welcome pages
 class WelcomeName(LoginRequiredMixin, FormView):
@@ -118,6 +155,18 @@ class WelcomeName(LoginRequiredMixin, FormView):
    form_class = WelcomeNameForm
    login_url = 'login'

+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomeName, self).get(request, *args, **kwargs)
+
    def get_context_data(self, **kwargs):
        context = super(WelcomeName, self).get_context_data(**kwargs)

@@ -129,15 +178,12 @@ class WelcomeName(LoginRequiredMixin, FormView):
        context['my_form'] = form
        return context
        
-
    def form_valid(self, form):
        me = Student.objects.get(user=self.request.user)

        me.user.first_name = form.data['first_name']
        me.user.last_name = form.data['last_name']

-        #for identity in form.data['gender']
-            
        me.gender = form.data.getlist('gender')

        me.completedName = True
@@ -160,6 +206,18 @@ class WelcomePrivacy(LoginRequiredMixin, UpdateView):

    login_url = 'login'

+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomePrivacy, self).get(request, *args, **kwargs)
+
    def form_valid(self, form):
        self.obj = self.get_object()

@@ -181,6 +239,18 @@ class WelcomeMajor(LoginRequiredMixin, UpdateView):

    login_url = 'login'

+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomeMajor, self).get(request, *args, **kwargs)
+
    def form_valid(self, form):

        self.obj = self.get_object()
@@ -204,6 +274,18 @@ class WelcomeSocial(LoginRequiredMixin, DetailView):

    # push to the message queue

+    def get(self, request, *args, **kwargs):
+
+        current_url = self.request.get_full_path()
+        url_uname = current_url.split('/')[3]
+
+        print url_uname, self.request.user.username
+
+        if not(url_uname == self.request.user.username):
+            return HttpResponseForbidden()
+        else:
+            return super(WelcomeSocial, self).get(request, *args, **kwargs)
+
    def form_valid(self, form):
        self.obj = self.get_object()