Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Solution #889

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 55 additions & 4 deletions taxi/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,71 @@
DriverListView,
DriverDetailView,
ManufacturerListView,
ManufacturerCreateView,
ManufacturerUpdateView,
ManufacturerDeleteView,
CarCreateView,
CarUpdateView,
CarDeleteView
)


urlpatterns = [
path("", index, name="index"),
path(
"manufacturers/",
ManufacturerListView.as_view(),
name="manufacturer-list",
),
path("cars/", CarListView.as_view(), name="car-list"),
path("cars/<int:pk>/", CarDetailView.as_view(), name="car-detail"),
path("drivers/", DriverListView.as_view(), name="driver-list"),
path(
"drivers/<int:pk>/", DriverDetailView.as_view(), name="driver-detail"
"manufacturers/create/",
ManufacturerCreateView.as_view(),
name="manufacturer-create"
),
path(
"manufacturers/<int:pk>/update/",
ManufacturerUpdateView.as_view(),
name="manufacturer-update"
),
path(
"manufacturers/<int:pk>/delete/",
ManufacturerDeleteView.as_view(),
name="manufacturer-delete"
),
path(
"cars/",
CarListView.as_view(),
name="car-list"
),
path(
"cars/create/",
CarCreateView.as_view(),
name="car-create"
),
path(
"cars/<int:pk>/update/",
CarUpdateView.as_view(),
name="car-update"
),
path(
"cars/<int:pk>/delete/",
CarDeleteView.as_view(),
name="car-delete"
),
path(
"cars/<int:pk>/",
CarDetailView.as_view(),
name="car-detail"
),
path(
"drivers/",
DriverListView.as_view(),
name="driver-list"
),
path(
"drivers/<int:pk>/",
DriverDetailView.as_view(),
name="driver-detail"
),
]

Expand Down
40 changes: 40 additions & 0 deletions taxi/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,43 @@ class DriverListView(LoginRequiredMixin, generic.ListView):
class DriverDetailView(LoginRequiredMixin, generic.DetailView):
model = Driver
queryset = Driver.objects.all().prefetch_related("cars__manufacturer")


class ManufacturerCreateView(LoginRequiredMixin, generic.CreateView):
model = Manufacturer
fields = "__all__"
template_name = "taxi/manufacturer_form.html"
success_url = "taxi/manufacturer_list"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The success_url should be a URL pattern name, not a string representing a path. Consider using Django's reverse_lazy to reference the URL pattern name, like reverse_lazy('manufacturer-list').



class ManufacturerUpdateView(LoginRequiredMixin, generic.UpdateView):
model = Manufacturer
fields = "__all__"
template_name = "taxi/manufacturer_form.html"
success_url = "taxi/manufacturer_list"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the previous comment, the success_url should use reverse_lazy with the URL pattern name instead of a string path.



class ManufacturerDeleteView(LoginRequiredMixin, generic.DeleteView):
model = Manufacturer
success_url = "taxi/manufacturer_list"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure success_url uses reverse_lazy with the URL pattern name, such as reverse_lazy('manufacturer-list').

template_name = "taxi/manufacturer_delete_confirmation.html"


class CarCreateView(LoginRequiredMixin, generic.CreateView):
model = Car
fields = "__all__"
template_name = "taxi/car_form.html"
success_url = "taxi/car_list"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The success_url should use reverse_lazy with the URL pattern name, like reverse_lazy('car-list').



class CarUpdateView(LoginRequiredMixin, generic.UpdateView):
model = Car
fields = "__all__"
template_name = "taxi/car_form.html"
success_url = "taxi/car_list"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use reverse_lazy with the URL pattern name for success_url, such as reverse_lazy('car-list').



class CarDeleteView(LoginRequiredMixin, generic.DeleteView):
model = Car
success_url = "taxi/car_list"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure success_url uses reverse_lazy with the URL pattern name, like reverse_lazy('car-list').

template_name = "taxi/car_delete_confirmation.html"
4 changes: 4 additions & 0 deletions taxi_service/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@
"django.contrib.staticfiles",
"debug_toolbar",
"taxi",
"crispy_forms",
"crispy_bootstrap4"
]

MIDDLEWARE = [
Expand Down Expand Up @@ -140,3 +142,5 @@
# https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"

CRISPY_TEMPLATE_PACK = "bootstrap4"
12 changes: 12 additions & 0 deletions templates/taxi/car_delete_confirmation.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{% extends "base.html" %}

{% block content %}
<h1>Deleting Car from the List</h1>
<p><strong>WARNING!</strong> You're trying to delete a car:
<strong>{{ car }}</strong> from the list.</p>
<p>Are you sure want to delete this car?
Press "Submit" button to confirm.</p>
<form action="" method="post">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's important to include a CSRF token in forms to protect against CSRF attacks. Add {% csrf_token %} inside the form tag.

<input type="submit" value="Submit" class="btn btn-danger">
</form>
{% endblock %}
7 changes: 7 additions & 0 deletions templates/taxi/car_detail.html
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,11 @@ <h1>Drivers</h1>
<li>{{ driver.username }} ({{ driver.first_name }} {{ driver.last_name }})</li>
{% endfor %}
</ul>
<form action="{% url 'taxi:car-update' pk=car.id %}">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The form for updating the car should use the POST method instead of GET for security reasons. Additionally, include {% csrf_token %} inside the form.

<input type="submit" value="UPDATE CAR" class="btn btn-info">
</form>
<br>
<form action="{% url 'taxi:car-delete' pk=car.id %}">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The form for deleting the car should use the POST method instead of GET for security reasons. Also, include {% csrf_token %} inside the form.

<input type="submit" value="DELETE CAR" class="btn btn-danger">
</form>
{% endblock %}
10 changes: 10 additions & 0 deletions templates/taxi/car_form.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{% extends "base.html" %}
{% load crispy_forms_filters %}
{% block content %}
<h1>{{ object|yesno:"Update,Create" }} a Car</h1>
<form action="" method="post">
{% csrf_token %}
{{ form|crispy }}
<input type="submit" value="Submit" class="btn btn-info">
</form>
{% endblock %}
4 changes: 4 additions & 0 deletions templates/taxi/car_list.html
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ <h1>Car list</h1>
</li>
{% endfor %}
</ul>
<form action="{% url "taxi:car-create" %}" method="get">
<input type="submit" value="Submit" class="btn btn-success">
</form>
<br>
{% else %}
<p>There are no cars in taxi</p>
{% endif %}
Expand Down
13 changes: 13 additions & 0 deletions templates/taxi/manufacturer_delete_confirmation.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{% extends "base.html" %}

{% block content %}
<h1>Deleting Manufacturer from the List</h1>
<p><strong>WARNING!</strong> You're trying to delete a manufacturer:
<strong>{{ manufacturer }}</strong> from the list.</p>
<p>This causes a deleting related cars from the cars list too.</p>
<p>Are you sure want to delete this manufacturer?
Press "Submit" button to confirm.</p>
<form action="" method="post">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Include {% csrf_token %} inside the form to protect against CSRF attacks.

<input type="submit" value="Submit" class="btn btn-danger ">
</form>
{% endblock %}
9 changes: 9 additions & 0 deletions templates/taxi/manufacturer_form.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{% extends "base.html" %}
{% load crispy_forms_filters %}
{% block content %}
<h1>{{ object|yesno:"Update,Create" }} a Manufacturer</h1>
<form action="" method="post">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Include {% csrf_token %} inside the form to protect against CSRF attacks.

{{ form|crispy }}
<input type="submit" value="Submit" class="btn btn-info">
</form>
{% endblock %}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add newline

17 changes: 16 additions & 1 deletion templates/taxi/manufacturer_list.html
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ <h1>Manufacturer List
<th>ID</th>
<th>Name</th>
<th>Country</th>
<th>Update</th>
<th>Delete</th>
</tr>

{% for manufacturer in manufacturer_list %}
Expand All @@ -23,10 +25,23 @@ <h1>Manufacturer List
<td>
{{ manufacturer.country }}
</td>
<td>
<a href="{% url 'taxi:manufacturer-update' pk=manufacturer.id %}">Update</a>

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using a form with the POST method for the update action to prevent unintended actions from being triggered by simple URL visits.

</td>
<td>
<a
href="{%url 'taxi:manufacturer-delete' pk=manufacturer.id %}"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URL tag syntax is incorrect due to the lack of space between {% and url. Ensure there is a space: {% url 'taxi:manufacturer-delete' pk=manufacturer.id %}.

style="color: red;"
>Delete</a>
</td>
</tr>
{% endfor %}
</table>

<br>
<form action="{% url 'taxi:manufacturer-create' %}">
<input type="submit" value="Add" class="btn btn-success">
</form>
<br>
{% else %}
<p>There are no manufacturers in the service.</p>
{% endif %}
Expand Down
Loading