task 2 #14
task 2 #14
Conversation
There was a problem hiding this comment.
Great work on the assignment! @Captain-Kirk83 👍
There are many errors, but it's good that you've at least tried. Now, try to fix these errors, or look at the submissions of others to understand how you could have done better!
| username=request.POST['username'] | ||
| password=request.POST['password'] |
There was a problem hiding this comment.
You are directly accessing POST data without checking if it even exists. This may lead to server crash if a user access this endpoint with invalid request data. The good behavior would have been to throw a client error (400), rather than server error (500).
| @@ -17,6 +21,13 @@ def bookDetailView(request, bid): | |||
| 'num_available': None, # set this to the number of copies of the book available, or 0 if the book isn't available | |||
| } | |||
| # START YOUR CODE HERE | |||
| obj=Book.objects.get(id=bid) | |||
There was a problem hiding this comment.
This may fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.
|
|
||
|
|
||
| try: | ||
| context['books']=Book.objects.filter(title=get_data['title']).filter(author=get_data['author']).filter(genre=get_data['genre']) |
There was a problem hiding this comment.
During filtering, you could have used icontains instead of an exact match.
| var l=Document.getElementById('loan-button'); | ||
|
|
||
| l.addEventListener("click",function(){ | ||
| $.ajax({ | ||
| url: "/books/loan/", | ||
| method: "POST", | ||
| data: { | ||
| bid: {{ book.id }} | ||
| }, | ||
| success: function(data, status, xhr){ | ||
| if(data['message'] == "success"){ | ||
| alert("Book successfully issued"); | ||
| window.location.replace("/books/loaned/"); | ||
| } | ||
| else{ | ||
| alert("Unable to issue this book"); | ||
| } | ||
| }, | ||
| error: function(xhr, status, err){ | ||
| alert("Some error occured"); |
There was a problem hiding this comment.
There are errors in your Book loan and Book rate function. They aren't working.
There are syntax errors. (Document shall be document, punctutation errors etc)
| context = { | ||
| 'message' : 'success', | ||
| } | ||
| return render(request, template_name, context=context) | ||
|
|
||
|
|
There was a problem hiding this comment.
You should add @csrf_exempt here.
| obj=RateModel.booktoRate.objects.get(pk=book_id) | ||
| obj.bookRate=request.POST['rate'] |
store/views.py
Outdated
| get_data = request.POST | ||
| obj=BookCopy.objects.get(book__id=get_data['bid']) | ||
| obj.borrower=None | ||
| obj.borrow_date=None | ||
| obj.status=True |
There was a problem hiding this comment.
There must be a validation in the backend when a user is returning the book, to make sure that he has only borrowed the book. Otherwise, a simple POST request will make the BookCopy to be returned, and would set its status as True.
| book_id = request.POST['bid'] | ||
| obj=Book.objects.get(id=book_id) |
There was a problem hiding this comment.
This may fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.
|
Points have been updated! 🎉 |
Create LICENSE
Partially completed
CSoC Task 2 Submission
I have completed the following tasks