Eventplanner

- cleaned up urls
- permissions
This commit is contained in:
Martin Bauer
2013-06-30 16:55:00 +02:00
parent 01a7f5c16f
commit e2d98d9962
13 changed files with 271 additions and 101 deletions

View File

@@ -16,15 +16,19 @@ from rest_framework import status
from django.forms.models import ModelForm
from django.conf.urls import patterns, url
from django.contrib.auth.decorators import login_required
from django.utils.decorators import method_decorator
# ---------------------------------------- API ---------------------------------------------------------
@api_view( ['GET', 'PUT'] )
def event_participation_detail( request, username = None, eventId = None ):
# TODO Permissions!
def event_api( request, username = None, eventId = None ):
try:
participationQs = EventParticipation.objects.filter( event__date__gte = datetime.date.today() )
if username:
@@ -33,7 +37,7 @@ def event_participation_detail( request, username = None, eventId = None ):
participationQs = participationQs.filter( event__pk = eventId )
except EventParticipation.DoesNotExist:
return HttpResponse( status=404)
return HttpResponse( status=404 )
if request.method == 'GET':
@@ -43,23 +47,29 @@ def event_participation_detail( request, username = None, eventId = None ):
elif request.method == 'PUT':
serializer = ParticipationSerializer ( participationQs, data = request.DATA, many=True )
if serializer.is_valid():
for serializedObject in serializer.object:
if serializedObject.musician.user != request.user:
if not request.user.has_perm('change_others_participation') :
return Response( status = status.HTTP_403_FORBIDDEN )
serializer.save()
return Response( serializer.data )
else:
return Response( status = status.HTTP_400_BAD_REQUEST )
# ------------------------------------ Normal Views ----------------------------------------------------
def eventplanning_view( request ):
@login_required
def main_view( request ):
if request.user.has_perm( 'eventplanner.change_others_participation'):
return events_grid( request )
else:
return eventplanning( request )
@login_required
def eventplanning( request ):
"""
View for a specific user, to edit his events
"""
@@ -70,14 +80,14 @@ def eventplanning_view( request ):
musician = get_object_or_404( Musician, user=request.user )
for e in all_future_events:
e.participation = EventParticipation.objects.get( event = e, musician = musician )
e.participation = EventParticipation.get_or_create( event = e, musician = musician )
context = { 'events' : all_future_events }
return render ( request, 'eventplanner/eventplanning_view.html', context )
@login_required
def events_grid( request ):
musicians = Musician.objects.all()
@@ -87,17 +97,7 @@ def events_grid( request ):
all_future_events = list ( Event.objects.filter( date__gte = datetime.date.today() ) )
for e in all_future_events:
e.participation = [ EventParticipation.objects.get( event = e, musician = m ) for m in musicians ]
# Sort the participations in a dict
#for p in participationQs:
# username = p.musician.user.username
# eventId = p.event.pk
# if not eventId in grid:
# grid[eventId] = {}
#
# grid[eventId][username] = p
e.participation = [ EventParticipation.get_or_create( event = e, musician = m ) for m in musicians ]
context = { 'events': all_future_events,
'musicianNames' : musicianNames }
@@ -107,6 +107,9 @@ def events_grid( request ):
# ------------------------------------ Detail Views ----------------------------------------------------
from django.views.generic.edit import UpdateView
@@ -120,9 +123,28 @@ class EventUpdate( UpdateView ):
model = Event
template_name_suffix = "_update_form"
success_url = '/events/grid'
@method_decorator(login_required)
def dispatch(self, request, *args, **kwargs):
return super(EventUpdate, self).dispatch(request, *args, **kwargs)
# ------------------------------------ URLS ----------------------------------------------------
urls = patterns('',
url(r'^$', main_view ),
url(r'^grid$', events_grid ),
url(r'^planning$', eventplanning ),
url(r'^(?P<pk>\d+)$', EventUpdate.as_view() ),
url(r'^api/', event_api, name="event_api" ),
url(r'^api/(\w+)/$', event_api, name="event_api_per_user" ),
url(r'^api/(\w+)/(\d+)$', event_api, name="event_api_per_user_event"),
)