django-poll-system / poll / ajax.py

Diff from to

poll/ajax.py

 from django.http import HttpResponse
 from poll.models import Poll, Item, Vote, Choice
 from django.db import transaction
-from django.contrib.auth.models import AnonymousUser
 from django.utils import simplejson
 from utils import set_cookie
 
-def authpassQueue(user, queue):
+def authpass(user, queue):
     if queue != None:
-        if queue.auth and not user.has_perm('Poll.can_vote'):
-            return False
+        if queue.auth:
+            if not user.is_authenticated():
+                return False
     return True
 
 #TODO: Need to optimize
 @transaction.commit_on_success
 def poll_ajax_vote(request, poll_pk):
     if request.is_ajax():
-        
-        queue = Poll.publish_manager.get(pk=poll_pk).queue
-        if not authpassQueue(request.user, queue):    
-            return HttpResponse(status=400)
-        
         try:
+            poll = Poll.objects.get(pk=poll_pk)
+            
+            if poll.queue:
+                if not authpass(request.user, poll.queue):
+                    return HttpResponse('Non-authenticated users can\'t vote', status=400)
+            
             chosen_items = simplejson.loads(request.GET['chosen_items'])
         except:
-            return HttpResponse(status=400)
+            return HttpResponse('Wrong parameters', status=400)
         
-        poll = Poll.objects.get(pk=poll_pk)
-        
-        if isinstance(request.user, AnonymousUser):
+        if request.user.is_authenticated():
+            user = request.user
+        else:
             user = None
-        else:
-            user = request.user 
         
         vote = Vote.objects.create(poll=poll,
                                    ip=request.META['REMOTE_ADDR'],
                                    user=user)
-        
-        for item_pk, value in chosen_items.items():
-            item = Item.objects.get(pk=item_pk)
-            
-            if item.userbox:
-                Choice.objects.create(vote=vote, item=item, uservalue=value)
-            else:
-                Choice.objects.create(vote=vote, item=item)
+        try:
+            for item_pk, value in chosen_items.items():
+                item = Item.objects.get(pk=item_pk)
+                
+                if item.userbox:
+                    Choice.objects.create(vote=vote, item=item, uservalue=value)
+                else:
+                    Choice.objects.create(vote=vote, item=item)
+        except:
+            return HttpResponse('Data recognition failed', status=400)
         
         response = HttpResponse(status=200)
         set_cookie(response, poll.get_cookie_name(), poll_pk)
 
 def poll_ajax_result(request, poll_pk):
     if request.is_ajax():
-        poll = Poll.objects.get(pk=poll_pk)        
+        try:
+            poll = Poll.objects.get(pk=poll_pk)
+        except:
+            return HttpResponse('Wrong parameters', status=400)
+        
         #Send data for results
         data = {}
         
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.