# Get the current user's characters
chars = request.user.character_set.all()
+ # If a character_id was specified in the url, or there is only one
+ # character, preselect it.
if (character_id):
initial['character'] = character_id
elif (chars.count() == 1):
initial['character'] = chars[0].id
+
f = InfluenceForm(request=request, initial=initial)
- if (f.is_valid()):
- influence = f.save(commit=False)
- if (influence.character.player == request.user):
- influence.save()
- return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
- else:
- # TODO: Make this a bit more pretty. Perhaps throw an exception here and add some middleware to catch it?
- return HttpResponseForbidden("Forbidden -- Trying to submit influence for somebody else's character")
-
- # Only allow characters of the current user
+
+ # Only allow characters of the current user. Putting this here also
+ # ensures that a form will not validate when any other choice was
+ # selected (perhaps through URL crafting).
f.fields['character']._set_queryset(chars)
+ if (f.is_valid()):
+ # The form was submitted, let's save it.
+ influence = f.save()
+ # Redirect to the just saved influence
+ return HttpResponseRedirect(reverse('influences_influence_detail', args=[influence.id]))
+
return render_to_response('influences/add.html', {'form' : f}, RequestContext(request))
@login_required
influences = Influence.objects.filter(character__player=request.user)
return render_to_response('influences/index.html', {'characters' : characters, 'influences' : influences}, RequestContext(request))
+#
+# The views below are very similar to django's generic views (in fact,
+# they used to be generic views before). However, since they all depend
+# on the currently logged in user (for limiting the show list or
+# performing access control), we won't actually use the generic views
+# here.
+
@login_required
def character_list(request):
+ # Only show this player's characters
os = request.user.character_set.all()
return render_to_response('influences/character_list.html', {'object_list' : os}, RequestContext(request))
@login_required
def character_detail(request, object_id):
o = Character.objects.get(pk=object_id)
+ # Don't show other player's characters
if (o.player != request.user):
return HttpResponseForbidden("Forbidden -- Trying to view somebody else's character")
return render_to_response('influences/character_detail.html', {'object' : o}, RequestContext(request))
@login_required
def influence_list(request):
+ # Only show this player's influences
os = Influence.objects.filter(character__player=request.user)
return render_to_response('influences/influence_list.html', {'object_list' : os}, RequestContext(request))
@login_required
def influence_detail(request, object_id):
o = Influence.objects.get(pk=object_id)
+ # Don't show other player's influences
if (o.character.player != request.user):
return HttpResponseForbidden("Forbidden -- Trying to view influences of somebody else's character")
return render_to_response('influences/influence_detail.html', {'object' : o}, RequestContext(request))
projects / matthijs / projects / xerxes.git / commitdiff