only edit own events

2021-08-06 00:27:06 +02:00 · 2021-08-06 00:27:06 +02:00 · 93426083ca
parent 1c9d13883e
commit 93426083ca
5 changed files with 54 additions and 18 deletions
--- a/nmgfitness/calendar.html
+++ b/nmgfitness/calendar.html
@ -62,15 +62,15 @@
                        data: {'title': title, 'start': start, 'end': end, 'id': id},
                        dataType: "json",
                        success: function (data) {
-                            //alert('Event Update');
+                            calendar.fullCalendar('refetchEvents');
                        },
-                        failure: function (data) {
-                            alert('There is a problem!!!');
-                        }
+                        error: function (data) {
+                            calendar.fullCalendar('refetchEvents');
+                        },
+
                    });
                },
-
-                eventAfterRender: function(event, element, view)
+                eventAfterRender: function (event, element, view)
                {
                      $(element).css('width','20%');
                },
@ -87,8 +87,8 @@
                        success: function (data) {
                            //alert('Event Update');
                        },
-                        failure: function (data) {
-                            alert('There is a problem!!!');
+                        error: function (data) {
+                            calendar.fullCalendar('refetchEvents');
                        }
                    });
                },
@ -105,8 +105,8 @@
                                //alert('Event Removed');
                                calendar.fullCalendar('refetchEvents');
                            },
-                            failure: function (data) {
-                                alert('There is a problem!!!');
+                            error: function (data) {
+                                alert('Could not remove');
                            }
                        });
                    }
--- a/nmgfitness/migrations/0002_auto_20210805_2157.py
+++ b/nmgfitness/migrations/0002_auto_20210805_2157.py
@ -0,0 +1,26 @@
+# Generated by Django 3.2.6 on 2021-08-05 21:57
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('nmgfitness', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='events',
+            name='name',
+        ),
+        migrations.AddField(
+            model_name='events',
+            name='user',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, to='auth.user'),
+            preserve_default=False,
+        ),
+    ]
--- a/nmgfitness/models.py
+++ b/nmgfitness/models.py
@ -1,10 +1,12 @@
 from django.db import models
+from django.contrib.auth.models import User
+

 class Events(models.Model):
    id = models.AutoField(primary_key=True)
-    name = models.CharField(max_length=255,null=True,blank=True)
    start = models.DateTimeField(null=True,blank=True)
    end = models.DateTimeField(null=True,blank=True)
+    user = models.ForeignKey(User, on_delete=models.CASCADE)

    def __str__(self):
        return self.name
--- a/nmgfitness/views.py
+++ b/nmgfitness/views.py
@ -22,7 +22,7 @@ def all_events(request):
    out = []
    for event in all_events:
        out.append({
-            'title': event.name,
+            'title': event.user.username,
            'id': event.id,
            'start': event.start.strftime("%m/%d/%Y, %H:%M:%S"),
            'end': event.end.strftime("%m/%d/%Y, %H:%M:%S"),
@ -35,8 +35,7 @@ def all_events(request):
 def add_event(request):
    start = request.GET.get("start", None)
    end = request.GET.get("end", None)
-    title = request.GET.get("title", None)
-    event = Events(name=str(title), start=start, end=end)
+    event = Events(start=start, end=end, user=request.user)
    event.save()
    data = {}
    return JsonResponse(data)
@ -44,14 +43,16 @@ def add_event(request):

@login_required
 def update(request):
+    id = request.GET.get("id", None)
+
+    event = Events.objects.get(id=id)
+    if request.user != event.user:
+        return JsonResponse({'Unauthorized': 'wrong user'}, status=401)
+
    start = request.GET.get("start", None)
    end = request.GET.get("end", None)
-    title = request.GET.get("title", None)
-    id = request.GET.get("id", None)
-    event = Events.objects.get(id=id)
    event.start = start
    event.end = end
-    event.name = title
    event.save()
    data = {}
    return JsonResponse(data)
@ -61,6 +62,9 @@ def update(request):
 def remove(request):
    id = request.GET.get("id", None)
    event = Events.objects.get(id=id)
+
+    if request.user != event.user:
+        return JsonResponse({'Unauthorized': 'wrong user'}, status=401)
    event.delete()
    data = {}
    return JsonResponse(data)
--- a/users/templates/users/register.html
+++ b/users/templates/users/register.html
@ -15,7 +15,11 @@
 <a href="{% url 'login' %}">Back to login</a>
 </div>

+<p>
+Your username will be visible to other users of this platform
+</p>
 <p>
 After registration your account will need to be activated.
 Contact someone from the Fintess Commitee with your username to get your account activated.
+</p>
 {% endblock %}