-
Notifications
You must be signed in to change notification settings - Fork 32
task 2 #14
base: master
Are you sure you want to change the base?
task 2 #14
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work on the assignment! @Captain-Kirk83 👍
There are many errors, but it's good that you've at least tried. Now, try to fix these errors, or look at the submissions of others to understand how you could have done better!
username=request.POST['username'] | ||
password=request.POST['password'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are directly accessing POST data without checking if it even exists. This may lead to server crash if a user access this endpoint with invalid request data. The good behavior would have been to throw a client error (400), rather than server error (500).
@@ -17,6 +21,13 @@ def bookDetailView(request, bid): | |||
'num_available': None, # set this to the number of copies of the book available, or 0 if the book isn't available | |||
} | |||
# START YOUR CODE HERE | |||
obj=Book.objects.get(id=bid) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.
|
||
|
||
try: | ||
context['books']=Book.objects.filter(title=get_data['title']).filter(author=get_data['author']).filter(genre=get_data['genre']) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
During filtering, you could have used icontains
instead of an exact match.
var l=Document.getElementById('loan-button'); | ||
|
||
l.addEventListener("click",function(){ | ||
$.ajax({ | ||
url: "/books/loan/", | ||
method: "POST", | ||
data: { | ||
bid: {{ book.id }} | ||
}, | ||
success: function(data, status, xhr){ | ||
if(data['message'] == "success"){ | ||
alert("Book successfully issued"); | ||
window.location.replace("/books/loaned/"); | ||
} | ||
else{ | ||
alert("Unable to issue this book"); | ||
} | ||
}, | ||
error: function(xhr, status, err){ | ||
alert("Some error occured"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are errors in your Book loan and Book rate function. They aren't working.
There are syntax errors. (Document
shall be document
, punctutation errors etc)
context = { | ||
'message' : 'success', | ||
} | ||
return render(request, template_name, context=context) | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should add @csrf_exempt
here.
obj=RateModel.booktoRate.objects.get(pk=book_id) | ||
obj.bookRate=request.POST['rate'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't correct.
store/views.py
Outdated
get_data = request.POST | ||
obj=BookCopy.objects.get(book__id=get_data['bid']) | ||
obj.borrower=None | ||
obj.borrow_date=None | ||
obj.status=True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There must be a validation in the backend when a user is returning the book, to make sure that he has only borrowed the book. Otherwise, a simple POST request will make the BookCopy to be returned, and would set its status as True.
book_id = request.POST['bid'] | ||
obj=Book.objects.get(id=book_id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.
Points have been updated! 🎉 |
Create LICENSE
Partially completed
CSoC Task 2 Submission
I have completed the following tasks