46 lines
1.3 KiB
Python
46 lines
1.3 KiB
Python
from django.http import HttpResponseForbidden
|
|
from django.shortcuts import redirect
|
|
from django.views.decorators.http import require_POST
|
|
|
|
from symposion.boxes.authorization import load_can_edit
|
|
from symposion.boxes.forms import BoxForm
|
|
from symposion.boxes.models import Box
|
|
|
|
|
|
# @@@ problem with this is that the box_edit.html and box_create.html won't have domain objects in
|
|
# context
|
|
def get_auth_vars(request):
|
|
auth_vars = {}
|
|
if request.method == "POST":
|
|
keys = [k for k in request.POST.keys() if k.startswith("boxes_auth_")]
|
|
for key in keys:
|
|
auth_vars[key.replace("boxes_auth_", "")] = request.POST.get(key)
|
|
auth_vars["user"] = request.user
|
|
return auth_vars
|
|
|
|
|
|
@require_POST
|
|
def box_edit(request, label):
|
|
|
|
if not load_can_edit()(request, **get_auth_vars(request)):
|
|
return HttpResponseForbidden()
|
|
|
|
next = request.GET.get("next")
|
|
|
|
try:
|
|
box = Box.objects.get(label=label)
|
|
except Box.DoesNotExist:
|
|
box = None
|
|
|
|
form = BoxForm(request.POST, instance=box, prefix=label)
|
|
|
|
if form.is_valid():
|
|
if box is None:
|
|
box = form.save(commit=False)
|
|
box.label = label
|
|
box.created_by = request.user
|
|
box.last_updated_by = request.user
|
|
box.save()
|
|
else:
|
|
form.save()
|
|
return redirect(next)
|