fnp / edumed.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Validate user key even before the contest
[edumed.git] / wtem / views.py
diff --git a/wtem/views.py b/wtem/views.py
index 1647f09..38a4985 100644 (file)
--- a/wtem/views.py
+++ b/wtem/views.py
@@ -3,46 +3,50 @@ import os
 from django.shortcuts import render
 from django.utils import simplejson
 from django.conf import settings
-from django.http import Http404
+from django.http import Http404, HttpResponseForbidden
+from django.views.decorators.csrf import csrf_exempt
 
-from .models import Submission
+from .models import Submission, DEBUG_KEY, exercises
 from .forms import WTEMForm
 
 WTEM_CONTEST_STAGE = getattr(settings, 'WTEM_CONTEST_STAGE', 'before')
 
 
-def main(request):
-    pass
-
+@csrf_exempt
 def form(request, key):
     return globals()['form_' + WTEM_CONTEST_STAGE](request, key)
     
 def form_before(request, key):
-    return render(request, 'wtem/main_before.html')
+    try:
+        submission = Submission.objects.get(key = key)
+    except:
+        return render(request, 'wtem/key_not_found_before.html')
+    else:
+        return render(request, 'wtem/main_before.html')
 
 def form_after(request, key):
     return render(request, 'wtem/main_after.html')
 
+@csrf_exempt
 def form_during(request, key):
+
+    if WTEM_CONTEST_STAGE != 'during':
+        if request.META['REMOTE_ADDR'] != getattr(settings, 'WTEM_CONTEST_IP_ALLOW', 'xxx'):
+            return HttpResponseForbidden('Not allowed')
+
     try:
         submission = Submission.objects.get(key = key)
     except Submission.DoesNotExist:
-        if settings.DEBUG and key == '12345':
-            submission = Submission.create(first_name = 'Debug', last_name = 'Debug', email = 'debug@debug.com', key = '12345')
+        if settings.DEBUG and key == DEBUG_KEY:
+            submission = Submission.create(first_name = 'Debug', last_name = 'Debug', email = 'debug@debug.com', key = DEBUG_KEY)
         else:
-            raise Http404
-
-    ## @@ move this out of the view
-    f = file(os.path.dirname(__file__) + '/fixtures/exercises.json')
-    exercises = simplejson.loads(f.read())
-    f.close()
-
+            return render(request, 'wtem/key_not_found.html')
     if request.method == 'GET':
-        return render(request, 'wtem/main.html', dict(exercises = exercises))
+        return render(request, 'wtem/main.html', dict(exercises = exercises, end_time = submission.end_time))
     elif request.method == 'POST':
         form = WTEMForm(request.POST, request.FILES, instance = submission)
         if form.is_valid():
             form.save()
-            return render(request, 'wtem/thanks.html')
+            return render(request, 'wtem/thanks.html', dict(end_time = submission.end_time))
         else:
             raise Exception