Eventplanner

- cleaned up urls - permissions
2013-06-30 16:55:00 +02:00
parent 01a7f5c16f
commit e2d98d9962
13 changed files with 271 additions and 101 deletions
--- a/eventplanner/views.py
+++ b/eventplanner/views.py
@@ -16,15 +16,19 @@ from rest_framework import status
 from django.forms.models import ModelForm


+from django.conf.urls import patterns, url
+from django.contrib.auth.decorators import login_required
+from django.utils.decorators import method_decorator
+
+
+
+

 # ---------------------------------------- API ---------------------------------------------------------


-
-
@api_view( ['GET', 'PUT'] )
-def event_participation_detail( request, username = None, eventId = None ):
-    # TODO Permissions!
+def event_api( request, username = None, eventId = None ):
    try:
        participationQs =  EventParticipation.objects.filter( event__date__gte = datetime.date.today() )
        if username:
@@ -33,7 +37,7 @@ def event_participation_detail( request, username = None, eventId = None ):
            participationQs = participationQs.filter( event__pk = eventId )
        
    except EventParticipation.DoesNotExist:
-        return HttpResponse( status=404)
+        return HttpResponse( status=404 )
       
    
    if request.method == 'GET':
@@ -43,23 +47,29 @@ def event_participation_detail( request, username = None, eventId = None ):
    elif request.method == 'PUT':
        serializer = ParticipationSerializer ( participationQs, data = request.DATA, many=True )
        if  serializer.is_valid():
+            for serializedObject in serializer.object:
+                if serializedObject.musician.user != request.user:
+                    if not request.user.has_perm('change_others_participation') :
+                        return Response( status = status.HTTP_403_FORBIDDEN )
+            
            serializer.save()
            return Response( serializer.data )
        else:
            return Response( status = status.HTTP_400_BAD_REQUEST )
-        
-    
-
-



 # ------------------------------------ Normal Views ----------------------------------------------------

-
-
-
-def eventplanning_view( request ):
+@login_required
+def main_view( request ):
+    if request.user.has_perm( 'eventplanner.change_others_participation'):
+        return events_grid( request )
+    else:
+        return eventplanning( request )
+    
+@login_required
+def eventplanning( request ):
    """
        View for a specific user, to edit his events
    """
@@ -70,14 +80,14 @@ def eventplanning_view( request ):
    musician = get_object_or_404( Musician, user=request.user )
    
    for e in all_future_events:
-        e.participation = EventParticipation.objects.get( event = e, musician = musician )
+        e.participation = EventParticipation.get_or_create( event = e, musician = musician )
        
    context = { 'events' : all_future_events }
    return render ( request, 'eventplanner/eventplanning_view.html', context )

    

-
+@login_required
 def events_grid( request ):
    
    musicians     = Musician.objects.all()
@@ -87,17 +97,7 @@ def events_grid( request ):
    all_future_events = list ( Event.objects.filter( date__gte = datetime.date.today() ) )

    for e in all_future_events:
-        e.participation = [ EventParticipation.objects.get( event = e, musician = m ) for m in musicians ]
-    
-    # Sort the participations in a dict
-    #for p in participationQs:
-    #    username = p.musician.user.username
-    #    eventId  = p.event.pk
-    #    if not eventId in grid:
-    #        grid[eventId] = {}
-    #         
-    #    grid[eventId][username] = p
-
+        e.participation = [ EventParticipation.get_or_create( event = e, musician = m ) for m in musicians ]
    
    context = { 'events':         all_future_events, 
                'musicianNames' : musicianNames     }
@@ -107,6 +107,9 @@ def events_grid( request ):



+# ------------------------------------ Detail Views ----------------------------------------------------
+
+
 from django.views.generic.edit import UpdateView


@@ -120,9 +123,28 @@ class EventUpdate( UpdateView ):
    model = Event    
    template_name_suffix = "_update_form"
    success_url = '/events/grid'
+ 
+    @method_decorator(login_required)
+    def dispatch(self, request, *args, **kwargs):
+        return super(EventUpdate, self).dispatch(request, *args, **kwargs)





+# ------------------------------------ URLS   ----------------------------------------------------
+
+
+urls = patterns('',
+    url(r'^$',                main_view ),
+    url(r'^grid$',            events_grid ),
+    url(r'^planning$',        eventplanning ),    
+    url(r'^(?P<pk>\d+)$',     EventUpdate.as_view() ),
+    url(r'^api/',             event_api, name="event_api" ),
+    url(r'^api/(\w+)/$',      event_api, name="event_api_per_user" ),
+    url(r'^api/(\w+)/(\d+)$', event_api, name="event_api_per_user_event"),
+)
+
+
+