# HG changeset patch # User nishanth # Date 1267365701 -19800 # Node ID d0cb85ba462aeac569eac74bb65ea3984cce4046 # Parent 604808d27483b97f932c6934d0d2927cda6fdbdc no bogus post request can be made now in addmentor page. diff -r 604808d27483 -r d0cb85ba462a taskapp/forms/task.py --- a/taskapp/forms/task.py Sun Feb 28 18:31:10 2010 +0530 +++ b/taskapp/forms/task.py Sun Feb 28 19:31:41 2010 +0530 @@ -12,7 +12,7 @@ class myform(forms.Form): mentor = forms.ChoiceField(choices=choices, required=True) - form = myform(instance=instance) if instance else myform() + form = myform(instance) if instance else myform() return form class ClaimTaskForm(forms.ModelForm): @@ -20,12 +20,12 @@ model = Claim fields = ['message'] -def ChoiceForm(choices): +def ChoiceForm(choices, instance=None): """ return a form object with appropriate choices """ class myform(forms.Form): choice = forms.ChoiceField(choices=choices, required=True) - form = myform() + form = myform(instance) if instance else myform() return form def AddTaskForm(task_choices, is_plain=False): diff -r 604808d27483 -r d0cb85ba462a taskapp/views/task.py --- a/taskapp/views/task.py Sun Feb 28 18:31:10 2010 +0530 +++ b/taskapp/views/task.py Sun Feb 28 19:31:41 2010 +0530 @@ -1,6 +1,6 @@ from datetime import datetime -from django.http import HttpResponse +from django.http import HttpResponse, Http404 from django.shortcuts import render_to_response, redirect from pytask.taskapp.models import User, Task, Comment, Claim, Credit, Request @@ -177,18 +177,30 @@ for req in user_pending_requests: user_list.remove(req.sent_to.all()[0]) - non_mentors = ((_.id,_.username) for _ in user_list) + non_mentors = ((_.id, _.username) for _ in user_list) + non_mentor_ids = [ str(a_user.id) for a_user in user_list ] ## code till must be made elegant and not brute force like above form = AddMentorForm(non_mentors) + + context = { + 'user':user, + 'pending_requests':pending_requests, + 'form':form, + } + if request.method == "POST": - uid = request.POST['mentor'] - new_mentor = User.objects.get(id=uid) - reqMentor(task, new_mentor, user) - return redirect(task_url) + data = request.POST + uid = data.get('mentor', None) + if uid in non_mentor_ids: + new_mentor = User.objects.get(id=int(uid)) + reqMentor(task, new_mentor, user) + return redirect('/task/addmentor/tid=%s'%task.id) + else: + ## bogus post request + raise Http404 else: - return render_to_response('task/addmentor.html', {'user':user,'pending_requests':pending_requests,'form':form, 'errors':errors}) - + return render_to_response('task/addmentor.html', context) else: return show_msg(user, 'You are not authorised to add mentors for this task', task_url, 'view the task') diff -r 604808d27483 -r d0cb85ba462a templates/task/addmentor.html --- a/templates/task/addmentor.html Sun Feb 28 18:31:10 2010 +0530 +++ b/templates/task/addmentor.html Sun Feb 28 19:31:41 2010 +0530 @@ -1,5 +1,6 @@ {% extends 'base.html' %} {% block content %} + Click here to return to the task.
{{form.as_table}}