-
Notifications
You must be signed in to change notification settings - Fork 32
task-2 submission #5
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work on the assignment @nb9960 ! Will update the points later!
user=models.ForeignKey(User, null=True,blank=True,on_delete=models.SET_NULL) | ||
rating=models.FloatField(default=0.0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rating shall be given as an integer - please read proper instructions.
The user should not be null here, and a better option would be to use on_delete=models.CASCADE
You could have also used unique_together
META option here.
book_id = None # get the book id from post data | ||
|
||
|
||
book_id =request.POST['bid']# get the book id from post data |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You directly access POST data without checking if it even exists. This may lead to server crash if a user access this endpoint with invalid request data. The good behavior would have been to throw a client error (400), rather than server error (500).
'message':None, | ||
} | ||
book_id=request.POST['bid'] | ||
book=BookCopy.objects.get(pk=book_id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.
try: | ||
book.borrower=None | ||
book.borrow_date=None | ||
book.status=True | ||
book.save() | ||
msg="success" | ||
except: | ||
msg='failure' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There must be a validation in the backend when a user is returning the book, to make sure that he has only borrowed the book. Otherwise, a simple POST request will make the BookCopy to be returned, and would set its status as True.
r1=UserRating.objects.filter(user=request.user,book=book) | ||
user_rating = request.POST['user_rating'] | ||
rating=UserRating() | ||
rating.book=book | ||
rating.user=request.user | ||
rating.rating=user_rating | ||
r1.delete() | ||
rating.save() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You've not put a backend validation on the rating, so the user can easily put invalid values of rating.
Also, you could have updated the rating rather than deleting and then saving it.
Points updated! 🎉 |
CSoC Task 2 Submission
I have completed the following tasks