[#897] Feature/contacts approval flow #363
Conversation
vaszig
force-pushed
the
task-897-add-contacts-approval
branch
from
0455693
to
9e3881e
Compare
Codecov Report
@@ Coverage Diff @@
## develop #363 +/- ##
===========================================
+ Coverage 96.48% 96.50% +0.02%
===========================================
Files 450 457 +7
Lines 14034 14495 +461
===========================================
+ Hits 13541 13989 +448
- Misses 493 506 +13
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
| <li class="approval__list-item"> | ||
| <p>{{approval.get_full_name}}</p> | ||
| {% url 'accounts:contact_approval' uuid=approval.uuid as approval_url %} | ||
| {% render_form form=None method="POST" form_action=approval_url id="approval_form" spaceless=True show_notifications=True %} |
There was a problem hiding this comment.
ID-attribute must be unique so can't in a loop.
| approved = request.POST.get("contact_approve") | ||
| rejected = request.POST.get("contact_reject") | ||
| if approved or rejected: | ||
| self.update_contact(sender, receiver, (approved or rejected)) | ||
| return HttpResponseRedirect(self.success_url) | ||
|
|
||
| def update_contact(self, sender, receiver, type_of_approval): | ||
| if type_of_approval == "approve": | ||
| sender.contacts_for_approval.remove(receiver) | ||
| sender.user_contacts.add(receiver) | ||
| self.log_change(sender, _("contact was approved")) | ||
|
|
||
| elif type_of_approval == "reject": |
There was a problem hiding this comment.
I think it is convention to not use raw POST but always try to go for a Form, and use Choices instead of magic strings so validation is a bit harder and more regular.
The two buttons can have the same name in the HTML but different values and then the Form is just a CharField with the choices for the incoming data.
Also, looking at the post method: what happens if there is no approved or rejected? It could raise BadRequest since there is no HTML for this view.
There was a problem hiding this comment.
Discussed this with Anna as well and I decided to go for the same approach as the one in deleting a contact. That's why you saw the ids in the for loop.
There was a problem hiding this comment.
Ok, if it's same pattern as the other and Anna is ok with it then it's fine.
There was a problem hiding this comment.
Let's wait for @annashamray 's approval as well because she hasn't seen this implemented.
There was a problem hiding this comment.
I think there is a little misunderstanding.
I said that there is no need in adding additional forms into ContactListView context - we can just generate forms in the template since it's only csrf token, two buttons and 1 action. It's how the delete buttons for contacts are done.
Security-wise it should be ok, since we send csrf token.
But it's a different story with the view which process POST request (ContactApprovalView).
Here we can use forms to escape and validate user input, especially if we use values in buttons. We can use only button names like django admin does, and they do it without extra validation. I don't know is it a best practice or not.
|
I forgot to mention this: there is a small CSS bug in the first header of the contacts table (probably from earlier):
|
Yes, this was there before I touch the frontend!It seems weird but if @alextreme wants I can create a task for it. |
Yes, there is a task in taiga about this. A change in the cases tables has broken all tables. |
Task #960 created, noticed it before so lets make this prettier. |
vaszig
force-pushed
the
task-897-add-contacts-approval
branch
from
4620695
to
9215625
Compare
| approved = request.POST.get("contact_approve") | ||
| rejected = request.POST.get("contact_reject") | ||
| if approved or rejected: | ||
| self.update_contact(sender, receiver, (approved or rejected)) | ||
| return HttpResponseRedirect(self.success_url) | ||
|
|
||
| def update_contact(self, sender, receiver, type_of_approval): | ||
| if type_of_approval == "approve": | ||
| sender.contacts_for_approval.remove(receiver) | ||
| sender.user_contacts.add(receiver) | ||
| self.log_change(sender, _("contact was approved")) | ||
|
|
||
| elif type_of_approval == "reject": |
There was a problem hiding this comment.
I think there is a little misunderstanding.
I said that there is no need in adding additional forms into ContactListView context - we can just generate forms in the template since it's only csrf token, two buttons and 1 action. It's how the delete buttons for contacts are done.
Security-wise it should be ok, since we send csrf token.
But it's a different story with the view which process POST request (ContactApprovalView).
Here we can use forms to escape and validate user input, especially if we use values in buttons. We can use only button names like django admin does, and they do it without extra validation. I don't know is it a best practice or not.
|
Removing @annashamray , for @Bartvaderkin to double-check after Vasileios's changes |
vaszig
force-pushed
the
task-897-add-contacts-approval
branch
from
0f499d1
to
9bbc49c
Compare
|
✔️ 👍 |
No description provided.