Skip to content
This repository has been archived by the owner on Jun 16, 2021. It is now read-only.

task-2 submission #5

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

task-2 submission #5

wants to merge 7 commits into from

Conversation

nb9960
Copy link
Member

@nb9960 nb9960 commented May 4, 2020
edited

CSoC Task 2 Submission

I have completed the following tasks

  • Stage 1
  • Stage 2
  • Stage 3
  • Stage 4

krashish8
krashish8 reviewed May 9, 2020
View reviewed changes
Copy link
Member

@krashish8 krashish8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work on the assignment @nb9960 ! Will update the points later!

store/models.py
Comment on lines +21 to +22
user=models.ForeignKey(User, null=True,blank=True,on_delete=models.SET_NULL)
rating=models.FloatField(default=0.0)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rating shall be given as an integer - please read proper instructions.
The user should not be null here, and a better option would be to use on_delete=models.CASCADE

You could have also used unique_together META option here.

store/views.py
book_id = None # get the book id from post data


book_id =request.POST['bid']# get the book id from post data
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You directly access POST data without checking if it even exists. This may lead to server crash if a user access this endpoint with invalid request data. The good behavior would have been to throw a client error (400), rather than server error (500).

store/views.py
'message':None,
}
book_id=request.POST['bid']
book=BookCopy.objects.get(pk=book_id)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This may fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.

store/views.py
Comment on lines +105 to +112
try:
book.borrower=None
book.borrow_date=None
book.status=True
book.save()
msg="success"
except:
msg='failure'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There must be a validation in the backend when a user is returning the book, to make sure that he has only borrowed the book. Otherwise, a simple POST request will make the BookCopy to be returned, and would set its status as True.

store/views.py
Comment on lines +121 to +128
r1=UserRating.objects.filter(user=request.user,book=book)
user_rating = request.POST['user_rating']
rating=UserRating()
rating.book=book
rating.user=request.user
rating.rating=user_rating
r1.delete()
rating.save()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've not put a backend validation on the rating, so the user can easily put invalid values of rating.

Also, you could have updated the rating rather than deleting and then saving it.

@krashish8
Copy link
Member

Points updated! 🎉

@krashish8 krashish8 added the Judged The Pull Requests which are judged label May 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@krashish8 krashish8 krashish8 left review comments

Assignees
No one assigned
Labels
Judged The Pull Requests which are judged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nb9960 @krashish8