X-Git-Url: http://git.cascardo.eti.br/?p=cascardo%2Fema.git;a=blobdiff_plain;f=eventos%2Fviews.py;h=97a13c9efc81f7e63182ae23f3ed552faf583921;hp=a4709525aec09651fdbb767eb57c05420ef8e442;hb=b26b2975b4205dbd79029ed3206a9268e433f4bb;hpb=904c8cbfbcaf18c21e19f58d81adff6b8b271e9f
diff --git a/eventos/views.py b/eventos/views.py
index a470952..97a13c9 100644
--- a/eventos/views.py
+++ b/eventos/views.py
@@ -23,6 +23,9 @@ from django.shortcuts import render_to_response, get_object_or_404
from django.template import RequestContext, Context, loader
from eventos.models import Palestrante, Trabalho
+forbidden = \
+ HttpResponseForbidden('
You are not allowed to do this action.')
+
def login(request):
"""This is a function that will be used as a front-end to the
django's login system. It receives username and password fields
@@ -60,13 +63,12 @@ def lecturer_details(request, lid):
"""Shows a simple form containing all editable fields of a
lecturer and gives the lecturer the possibility to save them =)
"""
+ if not hasattr(request.user, 'palestrante_set'):
+ return forbidden
+
entity = request.user.palestrante_set.get()
- # avoiding problems if some other user tries to edit the lecturer
- # info.
if entity.id != int(lid):
- return HttpResponseForbidden('You are not '
- 'allowed to edit '
- 'this info.')
+ return forbidden
FormKlass = form_for_instance(entity)
del FormKlass.base_fields['usuario']
@@ -83,9 +85,15 @@ def lecturer_talks(request, lid):
"""Lists all talks of a lecturer (based on lecturer id -- lid
parameter).
"""
- lecturer = get_object_or_404(Palestrante, pk=lid)
- talks = Trabalho.objects.filter(palestrante=lecturer)
- c = {'lecturer': lecturer, 'talks': talks}
+ if not hasattr(request.user, 'palestrante_set'):
+ return forbidden
+
+ entity = request.user.palestrante_set.get()
+ if entity.id != int(lid):
+ return forbidden
+
+ talks = Trabalho.objects.filter(palestrante=entity)
+ c = {'lecturer': entity, 'talks': talks}
return render_to_response('eventos/talk-list.html', Context(c),
context_instance=RequestContext(request))
@@ -105,32 +113,42 @@ def talk_details(request, tid):
def talk_delete(request, tid):
"""Drops a talk but only if the logged in user is its owner.
"""
- entity = get_object_or_404(Trabalho, pk=tid)
- palestrante = request.user.palestrante_set.get()
- owner = Trabalho.objects.filter(pk=tid, palestrante=palestrante)
+ if not hasattr(request.user, 'palestrante_set'):
+ return forbidden
+
+ entity = request.user.palestrante_set.get()
+ if entity.id != int(lid):
+ return forbidden
+
+ owner = Trabalho.objects.filter(pk=tid, palestrante=entity)
if not owner:
- return HttpResponseForbidden('You are not '
- 'allowed to edit '
- 'this info.')
+ return forbidden
+
entity.delete()
- return HttpResponseRedirect('/lecturer/%d/talks/' % palestrante.id)
+ return HttpResponseRedirect('/lecturer/%d/talks/' % entity.id)
def talk_add(request):
"""Shows a form to the lecturer send a talk
"""
- palestrante = request.user.palestrante_set.get()
+ if not hasattr(request.user, 'palestrante_set'):
+ return forbidden
+
+ entity = request.user.palestrante_set.get()
+ if entity.id != int(lid):
+ return forbidden
+
FormKlass = form_for_model(Trabalho)
form = FormKlass(request.POST or None)
- other = Palestrante.objects.exclude(pk=palestrante.id)
+ other = Palestrante.objects.exclude(pk=entity.id)
form.fields['palestrante'].label = u'Outros Palestrantes'
form.fields['palestrante'].required = False
form.fields['palestrante']._set_queryset(other)
if request.POST and form.is_valid():
instance = form.save()
- instance.palestrante.add(palestrante)
- return HttpResponseRedirect('/lecturer/%d/talks/' % palestrante.id)
+ instance.palestrante.add(entity)
+ return HttpResponseRedirect('/lecturer/%d/talks/' % entity.id)
c = {'form': form}
return render_to_response('eventos/talk-add.html', Context(c),