diff --git a/RIGS/templates/RIGS/event_form.html b/RIGS/templates/RIGS/event_form.html new file mode 100644 index 00000000..8e96c0b2 --- /dev/null +++ b/RIGS/templates/RIGS/event_form.html @@ -0,0 +1,295 @@ +{% extends 'base.html' %} +{% load widget_tweaks %} +{% load static %} +{% load multiply from filters %} +{% block title %}{% if object.pk %}Event {{ object.pk }}{% else %}New Event{% endif %}{% endblock %} + +{% block css %} + +{% endblock %} + +{% block js %} + + + + + + + +{% endblock %} + +{% block content %} +

+ {% if object.pk %} + Event {{ object.pk }} + {% else %} + New Event + {% endif %} +

+ {% include 'form_errors.html' %} +
{% csrf_token %} + {% render_field form.isRig style="display: none" %} + {% if not object.pk %} +
+
+
+ + + + + + +
+
+
+ {% endif %} +
+
+
Contact Details
+
+
+ + +
+
+ + +
+ +
+
+ +
+
+
+
+
+ + +
+
+ + +
+ +
+
+ +
+
+
+
+
+
+
+
Event Description
+
+
+ + +
+ {% render_field form.description class+="form-control" %} +
+
+
+
+
+ + +
+
+
Event Details
+
+
+
+ + +
+ {% render_field form.name class+="form-control" %} +
+
+
+ + +
+
+ + +
+ +
+
+ +
+
+
+
+
+ + +
+ {% render_field form.startDate type="date" class+="form-control startDate" required="" %} +
+
+ {% render_field form.startTime type="time" class+="form-control" %} +
+
+
+ + +
+ {% render_field form.endDate type="date" class+="form-control endDate" required="" %} +
+
+ {% render_field form.endTime type="time" class+="form-control endTime" %} +
+
+
+ 23:00 + 02:00 +
+
+
+ + {# Rig only information #} +
+
+ + +
+ {% render_field form.accessAt type="datetime-local" class+="form-control" %} +
+
+
+ + +
+ {% render_field form.meetAt type="datetime-local" class+="form-control" %} +
+
+
+
+
+ +
+
+
+ {#% include 'RIGS/eventitem_table.html' %#} +
+
+
+
+ +
+
+
+
+
+
+
+
+ +{% endblock %} \ No newline at end of file diff --git a/RIGS/urls.py b/RIGS/urls.py index 138a6f03..096b750a 100644 --- a/RIGS/urls.py +++ b/RIGS/urls.py @@ -64,5 +64,9 @@ urlpatterns = patterns('', url(r'^event/(?P\d+)/edit/$', permission_required_with_403('RIGS.change_event')(rigboard.EventUpdate.as_view()), name='event_update'), + + # API + url(r'^api/(?P\w+)/$', (views.SecureAPIRequest.as_view()), name="api_secure"), + url(r'^api/(?P\w+)/(?P\d+)/$', (views.SecureAPIRequest.as_view()), name="api_secure"), ) diff --git a/RIGS/views.py b/RIGS/views.py index 60222db0..94bce0cf 100644 --- a/RIGS/views.py +++ b/RIGS/views.py @@ -1,8 +1,11 @@ from django.http.response import HttpResponseRedirect +from django.http import HttpResponse from django.core.urlresolvers import reverse_lazy from django.views import generic from django.views.decorators.csrf import csrf_exempt from django.db.models import Q +from django.shortcuts import get_object_or_404 +from django.core import serializers from RIGS import models # Create your views here. @@ -143,4 +146,60 @@ class VenueUpdate(generic.UpdateView): def get_success_url(self): return reverse_lazy('venue_detail', kwargs={ 'pk': self.object.pk, - }) \ No newline at end of file + }) + + +class SecureAPIRequest(generic.View): + models = { + 'venue': models.Venue, + 'person': models.Person, + 'organisation': models.Organisation, + } + + ''' + Validate the request is allowed based on user permissions. + Raises 403 if denied. + Potential to add API key validation at a later date. + ''' + + def __validate__(self, request, key, perm): + if request.user.is_active: + if request.user.is_superuser or request.user.is_staff: + return True + elif request.user.has_perm(perm): + return True + raise PermissionDenied() + + def get(self, request, model, pk=None, param=None): + # Request permission validation things + key = request.GET.get('apikey', None) + perm = 'RIGS.view_' + model + self.__validate__(request, key, perm) + + # Response format where applicable + format = request.GET.get('format', 'json') + + # Supply data for one record + if pk: + object = get_object_or_404(self.models[model], pk=pk) + fields = request.GET.get('fields', None) + data = serializers.serialize(format, [object], fields=fields) + return HttpResponse(data, content_type="application/" + format) + + # Supply data for autocomplete ajax request in json form + term = request.GET.get('term', None) + if term: + objects = self.models[model].objects.filter(name__icontains=term)[:20] + results = [] + for o in objects: + data = { + 'pk': o.pk, + 'value': o.pk, + 'label': o.name, + } + results.append(data) + # todo: fix simplejson issues + json = simplejson.dumps(results) + return HttpResponse(json, content_type="application/json") # Always json + + return HttpResponse(model) \ No newline at end of file