only auth can add books

2021-03-05 13:23:36 -05:00 · 2021-03-05 13:23:36 -05:00 · 9bb663e116
parent f84881d0fc
commit 9bb663e116
4 changed files with 20 additions and 4 deletions
--- a/bookshelf_management/apps/mgmt/templates/bookshelf.html
+++ b/bookshelf_management/apps/mgmt/templates/bookshelf.html
@ -7,12 +7,15 @@
  
    <strong class="heading-info">Number of Books in Bookshelf:</strong> <p>{{ total }}</p>

-    <form class="add-form" action="/bookshelves/{{bookshelfId}}" method="post">
+  {% if user.is_authenticated %}
+  <form class="add-form" action="/bookshelves/{{bookshelfId}}" method="post">
      {% csrf_token %}
      {{ form }}
      <input type="submit" value="Add Book">
  </form>
  <p class="form-help">Or search for a book to add <a href="/bookshelves/{{bookshelfId}}/search">here</a></p>
+  {% endif %} 
+

    <h1 class="secondary-heading">Book List</h1>
    {% if books %}
--- a/bookshelf_management/apps/mgmt/templates/generic_template.html
+++ b/bookshelf_management/apps/mgmt/templates/generic_template.html
@ -27,9 +27,16 @@
          <li class="nav-item">
            <a class="nav-link" href="/bookshelves">Bookshelves</a>
          </li>
+          {% if user.is_authenticated %}
+          <li class="nav-item left">
+            <a class="nav-link" href="/logout">Logout</a>
+          </li>
+          {% else %}
          <li class="nav-item left">
            <a class="nav-link" href="/login">Login</a>
          </li>
+          {% endif %}
+
        </ul>
      </div>
    </nav>
--- a/bookshelf_management/apps/mgmt/views.py
+++ b/bookshelf_management/apps/mgmt/views.py
@ -1,7 +1,7 @@
 from .models import Book, Bookshelf, BookshelfToBook
 from django.http import HttpResponse
 from django.shortcuts import render, redirect
-from django.contrib.auth import authenticate
+from django.contrib.auth import authenticate, login, logout



@ -156,7 +156,7 @@ def get_name(request):

    return render(request, 'name.html', {'form': form})

-def login(request):
+def loginView(request):
    context = {
        "message": ""
    }
@ -169,6 +169,7 @@ def login(request):
            print(user)
            if user is not None:
                # A backend authenticated the credentials
+                login(request, user)
                return redirect("/bookshelves")
            else:
                # No backend authenticated the credentials
@ -183,3 +184,7 @@ def login(request):
        context['form'] = form
    
    return render(request, 'login.html', context=context)
+
+def logoutView(request):
+    logout(request)
+    return redirect("/bookshelves")
--- a/bookshelf_management/urls.py
+++ b/bookshelf_management/urls.py
@ -24,7 +24,8 @@ urlpatterns = [
    path('admin/', admin.site.urls),
    path('bookshelves', views.bookshelfList, name='detail'),
    path('books', views.searchBooks, name='detail'),
-    path('login', views.login, name='detail'),
+    path('login', views.loginView, name='detail'),
+    path('logout', views.logoutView, name='detail'),
    path('books/<int:bookId>', views.bookshelvesOfBook, name='detail'),
    path('bookshelves/<int:bookshelfId>/search', views.searchBooksToAdd, name='detail'),
    path('bookshelves/<int:bookshelfId>', views.booksInBookshelf, name='detail')