From deabfa8dd17a80aa60190f2630944fa7b9dd5716 Mon Sep 17 00:00:00 2001 From: kououken Date: Tue, 19 Feb 2019 12:45:39 -0800 Subject: [PATCH 1/2] Reports can now be 'submitted', and you cannot modify submitted reports. --- back/backend/views.py | 15 ++++++++++++++- back/db.sqlite3 | Bin 105472 -> 105472 bytes 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/back/backend/views.py b/back/backend/views.py index b01e348..8b5c08a 100644 --- a/back/backend/views.py +++ b/back/backend/views.py @@ -198,10 +198,20 @@ def report_detail(request, report_pk): # and marks it as "submitted", after which changes may # not be made. elif request.method == 'PUT': + rep = Report.objects.get(id=report_pk) + if rep.submitted == True: + return JsonResponse({"message": "Cannot submit a report that has already been submitted."}, status=400) + rep.submitted = True; + rep.save() + # Send email here + ################# return JsonResponse({"message": "Report submitted."}) # DELETE: Deletes a report from the user's account. elif request.method == 'DELETE': + r = Report.objects.get(id=report_pk) + if r.submitted == True: + return JsonResponse({"message": "Cannot delete a report that has been submitted."}, status=400) # get corresponding sections section_set = Section.objects.filter(report_id=report_pk) for i in section_set: @@ -213,7 +223,6 @@ def report_detail(request, report_pk): path_name = str(j.data_file) os.remove(path_name) # delete the full report and catch the title - r = Report.objects.get(id=report_pk) title = r.title r.delete() return JsonResponse({"message": "Deleted report: {0}.".format(title)}) @@ -241,6 +250,10 @@ def section(request, report_pk, section_pk): if not user_owns_section(user=request.user, section=section_pk): return JsonResponse({"message": "Current user does not own the specified section."}, status=401) + # Check that the report isn't submitted + if Section.objects.get(id=section_pk).report_id.submitted: + return JsonResponse({"message": "Cannot update a report that has been submitted."}, status=400) + for key in request.data: # get the matching field object update = Field.objects.get(section_id=section_pk, field_name=key) diff --git a/back/db.sqlite3 b/back/db.sqlite3 index fe6298f019a4540a7bb612ba62fddf96bc0987a8..d3fa2278ce91b3a2bb1f2be0c6d40086c9436469 100644 GIT binary patch delta 1434 zcma)+e{2(F7{~8@pKE*FitC0f`^|unZNQrA-Syg=sM*FG4YrfE#H^tU{kgSUw{;t= zTY_08#6L**b?9b9ApwVpi)ap7Vj>tM{y<_DBSsTtxL_6x{y_}>F%sfaaAt`Zy!YNu zo_pWtzVF@he)EoB(2rlxA1)`?j#RXeYai`m^NClB=D%B8s8kDlqm;WX3hxjFQ7spz zAB~FkMnSajHk%@f+P9*x1-!ICHKbiET}2BtUph-nIv~X0eMpa1K6YD&IU&_Beu|}C zG^AO%b0m)iBk|_o(RwGQ$kTe5XYlHT`|u~+g*&hS^IFNitDwWtj_umQYh|1PW*9SU zW7L|%Yf87le>AQ6Z~{E|mQNl)y5)Z4R=E$^Y)c|H+j^0*)Pv-u1agBEN7hK)$SSc5 zSt7=eMPd|b5+g{x_CN(zj}d`I%`mkHrTED@xWd3s@IB1JRk*U$w6f!0LItK)70bwy zVjHrkSVEeLMI?%y0M3XJfy)eB*7DxF2*jv;_5L#~$HE<)U;>)y!&_h}z);Rd*f_){ zHV>Ik6AVqzLy&}ZxcXN5BV_40`T&k%abKirBD3CE11=(_9MN>bp4yX&k61@X96~Ct z3=Z>Sd{Bv5mB@%Wmo$_N^@qk{$w+K09*^0RBcb7NRPN~yhWCu7degny51D#h<-=8H z7?_9C@EOFQ4%)y7`{@k*jee~aRve`2%*EBsRnSBP-l{b4VgqkmW+OpVB*FaeX;Eq9 zWs71J9K5|CH?4MFFVku-{anFO=wl!YeW)G+wQo+}B87t@?~oNfDu*JnJ^it1Of7YmFY$Z7}Zba z>WImrBu z!9Pv4aw+Y=X)nRm=vsy|R!%5{aO$oT5%tsKn_2YNZuQV~XD(Q&-kp9uXQVOCxUSuZ zS>zp_YvzpWgB(6wdfWcS0AclnW*C~m-+vgm0x49D?iB{g<=Ct{@G>y8Go`mb=*0kT}9BFTJr8^Q` zykA{?HbtE3k+T(Q{|C>nT&l@3n`e9WlaocO{8*VF_S^}RJ74Ot`?J+k&^5L~lW0<`sA!gZ=ia%ycLmY9(FVH<3-xEk1b6q|H13*B zOh~fk#UQ8;DK^bKB+!CFZ56sLZKq`O;udU>w7&S)KWLj$Y*R%AL48OdI1?%KL8!x= zk9)r}^PO|%oRMkY$h2>)0ae~_+<_`z9`aP9BzLPnUcZ7i6B5;pC=G`+OVbEt4aO&u z)uYso>LjE`2np-_hCyPG#0{*f80Y(oWyH35g1lk)j#scpSk=f!Tvsn6e&oa?s`J9U zB323(;R!s1doa&e&0YsSf4W{>D;#TJw*m|B2p+&c@F)BVKf*Qm9%i5d)9@9Pm^$_v zZykFFn1}7EcD;a*;Yj353_Lz~q+oc!t0ouVRiPGundhkS`VVKJQC?bQEhAkVq){a#R?#mfA{GYj|%WmR*>N}U)+XJt@yO61yEJMW={aWrvz|L!8z!L zwfJjM!JGIODB~p`}5J&b#-)Qp5|T@!5W8rY7Wxs4W0 z|4;kF)H1^_NjK~Gp`Ne*=C?)_L0N$^6oh&PSYgh$!`5BHvfZ$wWi2;j8MaC6G|if( zOU+DLa=K+iwDi9jXqKEMu{A4XQyQ_204vYMh4L*0Zovhi`~m2jp&h-bGTsF3es*bY z!}x7a4T42QjM-yRbVNw~1zy?O0AHB*^#;9yl?TK+AZL*W&;1Pn`FC8v#@?xe2nFQ` z`IS*c4BshyACIEn(G_$?xvz{eT|LT2&-cQ_Vh{5B6py07Wf5c=Ca!g&twA{!k`&94 z^5x(NdZzEXf=ln6Dk7_9&;KDz&-;R#!P2?>*l OIl|hdm76EgAMg~ZXeOrs From c899263f0c42ca7c22376902351562dd4afda756 Mon Sep 17 00:00:00 2001 From: kououken Date: Tue, 19 Feb 2019 15:33:01 -0800 Subject: [PATCH 2/2] Changed error status to 409, which makes more sense. --- back/backend/views.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/back/backend/views.py b/back/backend/views.py index 8b5c08a..1216bee 100644 --- a/back/backend/views.py +++ b/back/backend/views.py @@ -200,7 +200,7 @@ def report_detail(request, report_pk): elif request.method == 'PUT': rep = Report.objects.get(id=report_pk) if rep.submitted == True: - return JsonResponse({"message": "Cannot submit a report that has already been submitted."}, status=400) + return JsonResponse({"message": "Cannot submit a report that has already been submitted."}, status=409) rep.submitted = True; rep.save() # Send email here @@ -211,7 +211,7 @@ def report_detail(request, report_pk): elif request.method == 'DELETE': r = Report.objects.get(id=report_pk) if r.submitted == True: - return JsonResponse({"message": "Cannot delete a report that has been submitted."}, status=400) + return JsonResponse({"message": "Cannot delete a report that has been submitted."}, status=409) # get corresponding sections section_set = Section.objects.filter(report_id=report_pk) for i in section_set: @@ -252,7 +252,7 @@ def section(request, report_pk, section_pk): # Check that the report isn't submitted if Section.objects.get(id=section_pk).report_id.submitted: - return JsonResponse({"message": "Cannot update a report that has been submitted."}, status=400) + return JsonResponse({"message": "Cannot update a report that has been submitted."}, status=409) for key in request.data: # get the matching field object