Commits

Ian Lewis committed 6a224b4

HTTPメソッドチェック

Comments (0)

Files changed (3)

eventstream/event/models.py

     def attending(self):
         """参加情報取得
         """
-        return self.filter(is_cancelled=False)
+        return self.filter(is_cancelled=False).order_by('utime')
 
     def cancelled(self):
         """キャンセル情報取得
         """
-        return self.filter(is_cancelled=True)
+        return self.filter(is_cancelled=True).order_by('utime')
 
 class Participation(models.Model):
     """イベント参加管理モデル
         db_table = 'event_participation'
         verbose_name = verbose_name_plural = u'イベント参加'
         unique_together = (("user", "event"),)
-        ordering = ['is_cancelled', 'ctime']
+        ordering = ['is_cancelled', 'utime']
 
     def __unicode__(self):
         return u'%s (%s)' % (self.event, self.user)

eventstream/event/views.py

 # -*- coding: utf-8 -*-
 from django.shortcuts import redirect
 from django.views.generic.simple import direct_to_template
+from django.views.decorators.http import require_http_methods
 
 from account.decorators import account_required
 
 from event.forms import *
 from event.models import * 
 
+@require_http_methods(["GET", "HEAD", "POST"])
 @account_required
 def create(request):
     """
         'frm': frm,
      })
 
+@require_http_methods(["GET", "HEAD"])
 @event_view
 def detail(request, event):
     """
         'event': event,
     })
 
+@require_http_methods(["GET", "HEAD", "POST"])
 @account_required
 @event_view
 @owner_required
         'frm': frm,
     })
 
+@require_http_methods(["POST"])
 @account_required
 @event_view
 @owner_required
     event.delete()
     return redirect('core:index')
 
+@require_http_methods(["POST"])
 @account_required
 @event_view
 def participate(request, event):

templates/event/detail.html

     <div class="event-body">{{ event.body|linebreaks }}</div>
 
     {% if request.account == event.user %}
-    <div class="event-actions">
-      <a href="{% url event:edit event.id %}">編集</a> |
-      <a href="{% url event:delete event.id %}">削除</a>
-    </div>
+    <form action="{% url event:delete event.id %}" method="POST">
+      <div class="event-actions">
+        <a href="{% url event:edit event.id %}">編集</a> |
+          <input type="submit" name="delete" value="削除">
+          {% csrf_token %}
+      </div>
+    </form>
     {% endif %}
 
     {% if event.hashtag %}