Mercurial > public > sg101
view gpp/gcalendar/views.py @ 507:8631d32e6b16
Some users are still having problems with the pop-up login. I think they are actually getting 403s because of the CSRF protection. So I have modified the base template to always have a javascript variable called csrf_token available when they aren't logged in. The ajax_login.js script was then modified to send this value with the ajax post. Fingers crossed.
author | Brian Neal <bgneal@gmail.com> |
---|---|
date | Sun, 04 Dec 2011 03:05:21 +0000 |
parents | f7fbb404241f |
children |
line wrap: on
line source
""" Views for the gcalendar application. """ from django.contrib.auth.decorators import login_required from django.core.urlresolvers import reverse from django.http import HttpResponse from django.http import HttpResponseBadRequest from django.http import HttpResponseForbidden from django.http import HttpResponseRedirect from django.http import Http404 from django.shortcuts import render_to_response from django.shortcuts import get_object_or_404 from django.template import RequestContext from gcalendar.forms import EventEntryForm from gcalendar.models import Event def index(request): user = request.user if user.is_authenticated(): profile = user.get_profile() tz = profile.time_zone else: tz = 'US/Pacific' return render_to_response('gcalendar/index.html', { 'tz': tz, }, context_instance = RequestContext(request)) @login_required def add_event(request): if request.method == 'POST': form = EventEntryForm(request.POST) if form.is_valid(): event = form.save(commit=False) event.user = request.user event.repeat = 'none' event.save() return HttpResponseRedirect(reverse('gcalendar-add_thanks')) else: form = EventEntryForm() return render_to_response('gcalendar/event.html', { 'title': 'Add Calendar Event', 'form': form, }, context_instance = RequestContext(request)) @login_required def add_thanks(request): return render_to_response('gcalendar/thanks_add.html', { }, context_instance = RequestContext(request)) @login_required def edit_events(request): events = Event.objects.filter(user=request.user, status=Event.ON_CAL).order_by('start_date') return render_to_response('gcalendar/edit.html', { 'events': events, }, context_instance = RequestContext(request)) @login_required def edit_event(request, event_id): event = get_object_or_404(Event, pk=event_id) if event.user != request.user: raise Http404 if request.method == 'POST': form = EventEntryForm(request.POST, instance=event) if form.is_valid(): event = form.save(commit=False) event.user = request.user event.repeat = 'none' event.status = Event.EDIT_REQ event.save() return HttpResponseRedirect(reverse('gcalendar-edit_thanks')) else: form = EventEntryForm(instance=event) return render_to_response('gcalendar/event.html', { 'title': 'Change Calendar Event', 'form': form, }, context_instance = RequestContext(request)) @login_required def edit_thanks(request): return render_to_response('gcalendar/thanks_edit.html', { }, context_instance = RequestContext(request)) def delete_event(request): """This view marks an event for deletion. It is called via AJAX.""" if request.user.is_authenticated(): id = request.POST.get('id', None) if id is None or not id.isdigit(): return HttpResponseBadRequest() try: event = Event.objects.get(pk=id) except Event.DoesNotExist: return HttpResponseBadRequest() if request.user != event.user: return HttpResponseForbidden() event.status = Event.DEL_REQ event.save() return HttpResponse(id) return HttpResponseForbidden() # vim: ts=4 sw=4