Filled with Data / Addressbook corrections

eventplanner/views.py

@@ -1,12 +1,10 @@
 
 from django.shortcuts import render, redirect
 from django.http import HttpResponse
-from django.contrib.auth.decorators import login_required
 from django.forms.models import ModelForm
 from django.forms import TextInput
 
 from models import Event, EventParticipation
-from django.contrib.auth.models import User
 
 
 from serializers import ParticipationSerializer
@@ -32,42 +30,46 @@ def event_api( request, username = None, eventId = None ):
         if username:
             participationQs = EventParticipation.objects.filter( user__username = username ) 
         if eventId:
-            participationQs = participationQs.filter( event__pk = eventId )
-        
+            participationQs = participationQs.filter( event__pk = eventId )    
     except EventParticipation.DoesNotExist:
         return HttpResponse( status=404 )
-       
+    
+
     if request.method == 'GET':
         serializer = ParticipationSerializer( participationQs )
         return Response( serializer.data )
     
     elif request.method == 'PUT':
+        print "Request data" + str ( request.DATA )
         serializer = ParticipationSerializer ( participationQs, data = request.DATA, many=True )
         if  serializer.is_valid():
             for serializedObject in serializer.object:
+                if not EventParticipation.isMember( request.user ):
+                    return Response( status = status.HTTP_403_FORBIDDEN )
                 if serializedObject.user != request.user:
-                    if not request.user.has_perm('change_others_participation') :
+                    if not EventParticipation.isAdmin( request.user ):
                         return Response( status = status.HTTP_403_FORBIDDEN )
             
+            print serializer.data
             serializer.save()
             return Response( serializer.data )
         else:
+            print "In Bad request" + str(serializer.errors)
             return Response( status = status.HTTP_400_BAD_REQUEST )
 
 
 
 # ------------------------------------ Normal Views ----------------------------------------------------
 
-def main_view( request ):
-    if request.user.has_perm( 'eventplanner.change_others_participation'):
-        return events_grid( request )
-    else:
-        return eventplanning( request )
-    
 def eventplanning( request ):
     """
         View for a specific user, to edit his events
     """
+    # non-members see the grid - but cannot edit anything 
+    if not EventParticipation.isMember( request.user ):
+        print "Not a member"
+        return events_grid(request)
+    
     # All events in the future sorted by date
     all_future_events = list ( Event.objects.filter( date__gte = datetime.date.today() ) )
     
@@ -80,13 +82,12 @@ def eventplanning( request ):
     
 
 def events_grid( request ):
-    
-    usernames = [ u.username for u in User.objects.all()  ]
+    usernames = [ u.username for u in EventParticipation.members()  ]
     
     all_future_events = list ( Event.objects.filter( date__gte = datetime.date.today() ) )
 
     for e in all_future_events:
-        e.participation = [ EventParticipation.get_or_create( event = e, user = u ) for u in User.objects.all()  ]
+        e.participation = [ EventParticipation.get_or_create( event = e, user = u ) for u in EventParticipation.members() ]
     
     context = { 'events':     all_future_events, 
                 'usernames' : usernames         }