Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Solution #889

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 55 additions & 4 deletions taxi/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,71 @@
DriverListView,
DriverDetailView,
ManufacturerListView,
ManufacturerCreateView,
ManufacturerUpdateView,
ManufacturerDeleteView,
CarCreateView,
CarUpdateView,
CarDeleteView
)


urlpatterns = [
path("", index, name="index"),
path(
"manufacturers/",
ManufacturerListView.as_view(),
name="manufacturer-list",
),
path("cars/", CarListView.as_view(), name="car-list"),
path("cars/<int:pk>/", CarDetailView.as_view(), name="car-detail"),
path("drivers/", DriverListView.as_view(), name="driver-list"),
path(
"drivers/<int:pk>/", DriverDetailView.as_view(), name="driver-detail"
"manufacturers/create/",
ManufacturerCreateView.as_view(),
name="manufacturer-create"
),
path(
"manufacturers/<int:pk>/update/",
ManufacturerUpdateView.as_view(),
name="manufacturer-update"
),
path(
"manufacturers/<int:pk>/delete/",
ManufacturerDeleteView.as_view(),
name="manufacturer-delete"
),
path(
"cars/",
CarListView.as_view(),
name="car-list"
),
path(
"cars/create/",
CarCreateView.as_view(),
name="car-create"
),
path(
"cars/<int:pk>/update/",
CarUpdateView.as_view(),
name="car-update"
),
path(
"cars/<int:pk>/delete/",
CarDeleteView.as_view(),
name="car-delete"
),
path(
"cars/<int:pk>/",
CarDetailView.as_view(),
name="car-detail"
),
path(
"drivers/",
DriverListView.as_view(),
name="driver-list"
),
path(
"drivers/<int:pk>/",
DriverDetailView.as_view(),
name="driver-detail"
),
]

Expand Down
41 changes: 41 additions & 0 deletions taxi/views.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from django.contrib.auth.decorators import login_required
from django.shortcuts import render
from django.urls import reverse_lazy
from django.views import generic
from django.contrib.auth.mixins import LoginRequiredMixin

Expand Down Expand Up @@ -52,3 +53,43 @@ class DriverListView(LoginRequiredMixin, generic.ListView):
class DriverDetailView(LoginRequiredMixin, generic.DetailView):
model = Driver
queryset = Driver.objects.all().prefetch_related("cars__manufacturer")


class ManufacturerCreateView(LoginRequiredMixin, generic.CreateView):
model = Manufacturer
fields = "__all__"
template_name = "taxi/manufacturer_form.html"
success_url = reverse_lazy("taxi:manufacturer-list")


class ManufacturerUpdateView(LoginRequiredMixin, generic.UpdateView):
model = Manufacturer
fields = "__all__"
template_name = "taxi/manufacturer_form.html"
success_url = reverse_lazy("taxi:manufacturer-list")


class ManufacturerDeleteView(LoginRequiredMixin, generic.DeleteView):
model = Manufacturer
success_url = reverse_lazy("taxi:manufacturer-list")
template_name = "taxi/manufacturer_delete_confirmation.html"


class CarCreateView(LoginRequiredMixin, generic.CreateView):
model = Car
fields = "__all__"
template_name = "taxi/car_form.html"
success_url = reverse_lazy("taxi:car-list")


class CarUpdateView(LoginRequiredMixin, generic.UpdateView):
model = Car
fields = "__all__"
template_name = "taxi/car_form.html"
success_url = reverse_lazy("taxi:car-list")


class CarDeleteView(LoginRequiredMixin, generic.DeleteView):
model = Car
success_url = reverse_lazy("taxi:car-list")
template_name = "taxi/car_delete_confirmation.html"
4 changes: 4 additions & 0 deletions taxi_service/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@
"django.contrib.staticfiles",
"debug_toolbar",
"taxi",
"crispy_forms",
"crispy_bootstrap4"
]

MIDDLEWARE = [
Expand Down Expand Up @@ -140,3 +142,5 @@
# https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"

CRISPY_TEMPLATE_PACK = "bootstrap4"
13 changes: 13 additions & 0 deletions templates/taxi/car_delete_confirmation.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{% extends "base.html" %}

{% block content %}
<h1>Deleting Car from the List</h1>
<p><strong>WARNING!</strong> You're trying to delete a car:
<strong>{{ car }}</strong> from the list.</p>
<p>Are you sure want to delete this car?
Press "Submit" button to confirm.</p>
<form action="" method="post">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's important to include a CSRF token in forms to protect against CSRF attacks. Add {% csrf_token %} inside the form tag.

{% csrf_token %}
<input type="submit" value="Submit" class="btn btn-danger">
</form>
{% endblock %}
9 changes: 9 additions & 0 deletions templates/taxi/car_detail.html
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,13 @@ <h1>Drivers</h1>
<li>{{ driver.username }} ({{ driver.first_name }} {{ driver.last_name }})</li>
{% endfor %}
</ul>
<form action="{% url 'taxi:car-update' pk=car.id %}" method="post">
{% csrf_token %}
<input type="submit" value="UPDATE CAR" class="btn btn-info">
</form>
<br>
<form action="{% url 'taxi:car-delete' pk=car.id %}" method="post">
{% csrf_token %}
<input type="submit" value="DELETE CAR" class="btn btn-danger">
</form>
{% endblock %}
10 changes: 10 additions & 0 deletions templates/taxi/car_form.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{% extends "base.html" %}
{% load crispy_forms_filters %}
{% block content %}
<h1>{{ object|yesno:"Update,Create" }} a Car</h1>
<form action="" method="post">
{% csrf_token %}
{{ form|crispy }}
<input type="submit" value="Submit" class="btn btn-info">
</form>
{% endblock %}
5 changes: 5 additions & 0 deletions templates/taxi/car_list.html
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ <h1>Car list</h1>
</li>
{% endfor %}
</ul>
<form action="{% url "taxi:car-create" %}" method="get">
{% csrf_token %}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CSRF token is unnecessary for a form using the GET method. Consider removing it to avoid confusion.

<input type="submit" value="Add" class="btn btn-success">
</form>
<br>
{% else %}
<p>There are no cars in taxi</p>
{% endif %}
Expand Down
14 changes: 14 additions & 0 deletions templates/taxi/manufacturer_delete_confirmation.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{% extends "base.html" %}

{% block content %}
<h1>Deleting Manufacturer from the List</h1>
<p><strong>WARNING!</strong> You're trying to delete a manufacturer:
<strong>{{ manufacturer }}</strong> from the list.</p>
<p>This causes a deleting related cars from the cars list too.</p>
<p>Are you sure want to delete this manufacturer?
Press "Submit" button to confirm.</p>
<form action="" method="post">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Include {% csrf_token %} inside the form to protect against CSRF attacks.

{% csrf_token %}
<input type="submit" value="Submit" class="btn btn-danger ">
</form>
{% endblock %}
10 changes: 10 additions & 0 deletions templates/taxi/manufacturer_form.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{% extends "base.html" %}
{% load crispy_forms_filters %}
{% block content %}
<h1>{{ object|yesno:"Update,Create" }} a Manufacturer</h1>
<form action="" method="post">

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Include {% csrf_token %} inside the form to protect against CSRF attacks.

{% csrf_token %}
{{ form|crispy }}
<input type="submit" value="Submit" class="btn btn-info">
</form>
{% endblock %}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add newline

17 changes: 16 additions & 1 deletion templates/taxi/manufacturer_list.html
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ <h1>Manufacturer List
<th>ID</th>
<th>Name</th>
<th>Country</th>
<th>Update</th>
<th>Delete</th>
</tr>

{% for manufacturer in manufacturer_list %}
Expand All @@ -23,10 +25,23 @@ <h1>Manufacturer List
<td>
{{ manufacturer.country }}
</td>
<td>
<a href="{% url 'taxi:manufacturer-update' pk=manufacturer.id %}">Update</a>

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using a form with the POST method for the update action to prevent unintended actions from being triggered by simple URL visits.

</td>
<td>
<a
href="{% url 'taxi:manufacturer-delete' pk=manufacturer.id %}"
style="color: red;"
>Delete</a>
Comment on lines +32 to +35

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using a form with the POST method for the delete action to prevent unintended actions from being triggered by simple URL visits.

</td>
</tr>
{% endfor %}
</table>

<br>
<form action="{% url 'taxi:manufacturer-create' %}">
<input type="submit" value="Add" class="btn btn-success">
</form>
<br>
{% else %}
<p>There are no manufacturers in the service.</p>
{% endif %}
Expand Down
Loading