Convert task_delete and task_done views from GET to POST

This commit is contained in:
Scot Hacker 2019-02-10 11:06:36 -08:00
parent 891148e496
commit 01cab7a82f
8 changed files with 109 additions and 52 deletions

View file

@ -16,20 +16,27 @@ def delete_task(request, task_id: int) -> HttpResponse:
Redirect to the list from which the task came.
"""
task = get_object_or_404(Task, pk=task_id)
if request.method == "POST":
task = get_object_or_404(Task, pk=task_id)
# Permissions
if not (
(task.created_by == request.user)
or (task.assigned_to == request.user)
or (task.task_list.group in request.user.groups.all())
):
redir_url = reverse(
"todo:list_detail",
kwargs={"list_id": task.task_list.id, "list_slug": task.task_list.slug},
)
# Permissions
if not (
(task.created_by == request.user)
or (request.user.is_superuser)
or (task.assigned_to == request.user)
or (task.task_list.group in request.user.groups.all())
):
raise PermissionDenied
task.delete()
messages.success(request, "Task '{}' has been deleted".format(task.title))
return redirect(redir_url)
else:
raise PermissionDenied
tlist = task.task_list
task.delete()
messages.success(request, "Task '{}' has been deleted".format(task.title))
return redirect(
reverse("todo:list_detail", kwargs={"list_id": tlist.id, "list_slug": tlist.slug})
)

View file

@ -20,7 +20,7 @@ def list_lists(request) -> HttpResponse:
searchform = SearchForm(auto_id=False)
# Make sure user belongs to at least one group.
if request.user.groups.all().count() == 0:
if not request.user.groups.all().exists():
messages.warning(
request,
"You do not yet belong to any groups. Ask your administrator to add you to one.",

View file

@ -17,23 +17,27 @@ def toggle_done(request, task_id: int) -> HttpResponse:
Redirect to the list from which the task came.
"""
task = get_object_or_404(Task, pk=task_id)
if request.method == "POST":
task = get_object_or_404(Task, pk=task_id)
# Permissions
if not (
(request.user.is_superuser)
or (task.created_by == request.user)
or (task.assigned_to == request.user)
or (task.task_list.group in request.user.groups.all())
):
raise PermissionDenied
toggle_task_completed(task.id)
messages.success(request, "Task status changed for '{}'".format(task.title))
return redirect(
reverse(
redir_url = reverse(
"todo:list_detail",
kwargs={"list_id": task.task_list.id, "list_slug": task.task_list.slug},
)
)
# Permissions
if not (
(task.created_by == request.user)
or (request.user.is_superuser)
or (task.assigned_to == request.user)
or (task.task_list.group in request.user.groups.all())
):
raise PermissionDenied
toggle_task_completed(task.id)
messages.success(request, "Task status changed for '{}'".format(task.title))
return redirect(redir_url)
else:
raise PermissionDenied