diff --git a/bookwyrm/templates/book.html b/bookwyrm/templates/book.html
index b0064e1fd..51fbdafc6 100644
--- a/bookwyrm/templates/book.html
+++ b/bookwyrm/templates/book.html
@@ -57,6 +57,35 @@
{% include 'snippets/trimmed_text.html' with full=book|book_description %}
+ {% if request.user.is_authenticated and perms.bookwyrm.edit_book and not book|book_description %}
+
+
+
+ Add description
+
+
+
+
+ {% endif %}
+
+
{% if book.parent_work.edition_set.count > 1 %}
{{ book.parent_work.edition_set.count }} editions
{% endif %}
@@ -112,7 +141,7 @@
Save
- Cancel
+ Cancel
@@ -135,7 +164,7 @@
Delete
- Cancel
+ Cancel
diff --git a/bookwyrm/urls.py b/bookwyrm/urls.py
index 1b81c601f..3b3c1ab52 100644
--- a/bookwyrm/urls.py
+++ b/bookwyrm/urls.py
@@ -102,6 +102,7 @@ urlpatterns = [
re_path(r'^resolve-book/?', actions.resolve_book),
re_path(r'^edit-book/(?P\d+)/?', actions.edit_book),
re_path(r'^upload-cover/(?P\d+)/?', actions.upload_cover),
+ re_path(r'^add-description/(?P\d+)/?', actions.add_description),
re_path(r'^edit-readthrough/?', actions.edit_readthrough),
re_path(r'^delete-readthrough/?', actions.delete_readthrough),
diff --git a/bookwyrm/view_actions.py b/bookwyrm/view_actions.py
index ad9a12cf7..ca306bcba 100644
--- a/bookwyrm/view_actions.py
+++ b/bookwyrm/view_actions.py
@@ -14,6 +14,7 @@ from django.http import HttpResponseBadRequest, HttpResponseNotFound
from django.shortcuts import get_object_or_404, redirect
from django.template.response import TemplateResponse
from django.utils import timezone
+from django.views.decorators.http import require_GET, require_POST
from bookwyrm import books_manager
from bookwyrm import forms, models, outgoing
@@ -23,11 +24,9 @@ from bookwyrm.settings import DOMAIN
from bookwyrm.views import get_user_from_username
+@require_GET
def user_login(request):
''' authenticate user login '''
- if request.method == 'GET':
- return redirect('/login')
-
login_form = forms.LoginForm(request.POST)
username = login_form.data['username']
@@ -50,11 +49,9 @@ def user_login(request):
return TemplateResponse(request, 'login.html', data)
+@require_GET
def register(request):
''' join the server '''
- if request.method == 'GET':
- return redirect('/login')
-
if not models.SiteSettings.get().allow_registration:
invite_code = request.POST.get('invite_code')
@@ -97,12 +94,14 @@ def register(request):
@login_required
+@require_GET
def user_logout(request):
''' done with this place! outa here! '''
logout(request)
return redirect('/')
+@require_POST
def password_reset_request(request):
''' create a password reset token '''
email = request.POST.get('email')
@@ -121,6 +120,7 @@ def password_reset_request(request):
return TemplateResponse(request, 'password_reset_request.html', data)
+@require_POST
def password_reset(request):
''' allow a user to change their password through an emailed token '''
try:
@@ -148,6 +148,7 @@ def password_reset(request):
@login_required
+@require_POST
def password_change(request):
''' allow a user to change their password '''
new_password = request.POST.get('password')
@@ -163,11 +164,9 @@ def password_change(request):
@login_required
+@require_POST
def edit_profile(request):
''' les get fancy with images '''
- if not request.method == 'POST':
- return redirect('/user/%s' % request.user.localname)
-
form = forms.EditUserForm(request.POST, request.FILES)
if not form.is_valid():
data = {
@@ -226,11 +225,9 @@ def resolve_book(request):
@login_required
@permission_required('bookwyrm.edit_book', raise_exception=True)
+@require_POST
def edit_book(request, book_id):
''' edit a book cool '''
- if not request.method == 'POST':
- return redirect('/book/%s' % book_id)
-
book = get_object_or_404(models.Edition, id=book_id)
form = forms.EditionForm(request.POST, request.FILES, instance=book)
@@ -248,16 +245,14 @@ def edit_book(request, book_id):
@login_required
+@require_POST
def upload_cover(request, book_id):
''' upload a new cover '''
- if not request.method == 'POST':
- return redirect('/book/%s' % request.user.localname)
-
book = get_object_or_404(models.Edition, id=book_id)
form = forms.CoverForm(request.POST, request.FILES, instance=book)
if not form.is_valid():
- return redirect(request.headers.get('Referer', '/'))
+ return redirect('/book/%d' % book.id)
book.cover = form.files['cover']
book.sync_cover = False
@@ -268,6 +263,26 @@ def upload_cover(request, book_id):
@login_required
+@require_POST
+@permission_required('bookwyrm.edit_book', raise_exception=True)
+def add_description(request, book_id):
+ ''' upload a new cover '''
+ if not request.method == 'POST':
+ return redirect('/')
+
+ book = get_object_or_404(models.Edition, id=book_id)
+
+ description = request.POST.get('description')
+
+ book.description = description
+ book.save()
+
+ outgoing.handle_update_book(request.user, book)
+ return redirect('/book/%s' % book.id)
+
+
+@login_required
+@require_POST
def create_shelf(request):
''' user generated shelves '''
form = forms.ShelfForm(request.POST)
@@ -280,6 +295,7 @@ def create_shelf(request):
@login_required
+@require_POST
def edit_shelf(request, shelf_id):
''' user generated shelves '''
shelf = get_object_or_404(models.Shelf, id=shelf_id)
@@ -295,6 +311,7 @@ def edit_shelf(request, shelf_id):
@login_required
+@require_POST
def delete_shelf(request, shelf_id):
''' user generated shelves '''
shelf = get_object_or_404(models.Shelf, id=shelf_id)
@@ -306,6 +323,7 @@ def delete_shelf(request, shelf_id):
@login_required
+@require_POST
def shelve(request):
''' put a on a user's shelf '''
book = books_manager.get_edition(request.POST['book'])
@@ -340,6 +358,7 @@ def shelve(request):
@login_required
+@require_POST
def unshelve(request):
''' put a on a user's shelf '''
book = models.Edition.objects.get(id=request.POST['book'])
@@ -350,6 +369,7 @@ def unshelve(request):
@login_required
+@require_POST
def start_reading(request, book_id):
''' begin reading a book '''
book = books_manager.get_edition(book_id)
@@ -385,6 +405,7 @@ def start_reading(request, book_id):
@login_required
+@require_POST
def finish_reading(request, book_id):
''' a user completed a book, yay '''
book = books_manager.get_edition(book_id)
@@ -420,6 +441,7 @@ def finish_reading(request, book_id):
@login_required
+@require_POST
def edit_readthrough(request):
''' can't use the form because the dates are too finnicky '''
readthrough = update_readthrough(request, create=False)
@@ -435,6 +457,7 @@ def edit_readthrough(request):
@login_required
+@require_POST
def delete_readthrough(request):
''' remove a readthrough '''
readthrough = get_object_or_404(
@@ -449,6 +472,7 @@ def delete_readthrough(request):
@login_required
+@require_POST
def rate(request):
''' just a star rating for a book '''
form = forms.RatingForm(request.POST)
@@ -456,6 +480,7 @@ def rate(request):
@login_required
+@require_POST
def review(request):
''' create a book review '''
form = forms.ReviewForm(request.POST)
@@ -463,6 +488,7 @@ def review(request):
@login_required
+@require_POST
def quotate(request):
''' create a book quotation '''
form = forms.QuotationForm(request.POST)
@@ -470,6 +496,7 @@ def quotate(request):
@login_required
+@require_POST
def comment(request):
''' create a book comment '''
form = forms.CommentForm(request.POST)
@@ -477,6 +504,7 @@ def comment(request):
@login_required
+@require_POST
def reply(request):
''' respond to a book review '''
form = forms.ReplyForm(request.POST)
@@ -493,6 +521,7 @@ def handle_status(request, form):
@login_required
+@require_POST
def tag(request):
''' tag a book '''
# I'm not using a form here because sometimes "name" is sent as a hidden
@@ -512,6 +541,7 @@ def tag(request):
@login_required
+@require_POST
def untag(request):
''' untag a book '''
name = request.POST.get('name')
@@ -522,6 +552,7 @@ def untag(request):
@login_required
+@require_POST
def favorite(request, status_id):
''' like a status '''
status = models.Status.objects.get(id=status_id)
@@ -530,6 +561,7 @@ def favorite(request, status_id):
@login_required
+@require_POST
def unfavorite(request, status_id):
''' like a status '''
status = models.Status.objects.get(id=status_id)
@@ -538,6 +570,7 @@ def unfavorite(request, status_id):
@login_required
+@require_POST
def boost(request, status_id):
''' boost a status '''
status = models.Status.objects.get(id=status_id)
@@ -546,6 +579,7 @@ def boost(request, status_id):
@login_required
+@require_POST
def unboost(request, status_id):
''' boost a status '''
status = models.Status.objects.get(id=status_id)
@@ -554,6 +588,7 @@ def unboost(request, status_id):
@login_required
+@require_POST
def delete_status(request, status_id):
''' delete and tombstone a status '''
status = get_object_or_404(models.Status, id=status_id)
@@ -568,6 +603,7 @@ def delete_status(request, status_id):
@login_required
+@require_POST
def follow(request):
''' follow another user, here or abroad '''
username = request.POST['user']
@@ -583,6 +619,7 @@ def follow(request):
@login_required
+@require_POST
def unfollow(request):
''' unfollow a user '''
username = request.POST['user']
@@ -605,6 +642,7 @@ def clear_notifications(request):
@login_required
+@require_POST
def accept_follow_request(request):
''' a user accepts a follow request '''
username = request.POST['user']
@@ -628,6 +666,7 @@ def accept_follow_request(request):
@login_required
+@require_POST
def delete_follow_request(request):
''' a user rejects a follow request '''
username = request.POST['user']
@@ -649,6 +688,7 @@ def delete_follow_request(request):
@login_required
+@require_POST
def import_data(request):
''' ingest a goodreads csv '''
form = forms.ImportForm(request.POST, request.FILES)
@@ -672,6 +712,7 @@ def import_data(request):
@login_required
+@require_POST
def retry_import(request):
''' ingest a goodreads csv '''
job = get_object_or_404(models.ImportJob, id=request.POST.get('import_job'))
@@ -689,6 +730,7 @@ def retry_import(request):
@login_required
+@require_POST
@permission_required('bookwyrm.create_invites', raise_exception=True)
def create_invite(request):
''' creates a user invite database entry '''
diff --git a/bookwyrm/views.py b/bookwyrm/views.py
index 38e882cd5..e0feaee75 100644
--- a/bookwyrm/views.py
+++ b/bookwyrm/views.py
@@ -11,6 +11,7 @@ from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404, redirect
from django.template.response import TemplateResponse
from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.http import require_GET
from bookwyrm import outgoing
from bookwyrm.activitypub import ActivityEncoder
@@ -47,12 +48,14 @@ def not_found_page(request, _):
@login_required
+@require_GET
def home(request):
''' this is the same as the feed on the home tab '''
return home_tab(request, 'home')
@login_required
+@require_GET
def home_tab(request, tab):
''' user's homepage with activity feed '''
try:
@@ -160,6 +163,7 @@ def get_activity_feed(user, filter_level, model=models.Status):
return activities
+@require_GET
def search(request):
''' that search bar up top '''
query = request.GET.get('q')
@@ -191,6 +195,7 @@ def search(request):
@login_required
+@require_GET
def import_page(request):
''' import history from goodreads '''
return TemplateResponse(request, 'import.html', {
@@ -203,6 +208,7 @@ def import_page(request):
@login_required
+@require_GET
def import_status(request, job_id):
''' status of an import job '''
job = models.ImportJob.objects.get(id=job_id)
@@ -221,6 +227,7 @@ def import_status(request, job_id):
})
+@require_GET
def login_page(request):
''' authentication '''
if request.user.is_authenticated:
@@ -235,6 +242,7 @@ def login_page(request):
return TemplateResponse(request, 'login.html', data)
+@require_GET
def about_page(request):
''' more information about the instance '''
data = {
@@ -244,6 +252,7 @@ def about_page(request):
return TemplateResponse(request, 'about.html', data)
+@require_GET
def password_reset_request(request):
''' invite management page '''
return TemplateResponse(
@@ -253,6 +262,7 @@ def password_reset_request(request):
)
+@require_GET
def password_reset(request, code):
''' endpoint for sending invites '''
if request.user.is_authenticated:
@@ -271,6 +281,7 @@ def password_reset(request, code):
)
+@require_GET
def invite_page(request, code):
''' endpoint for sending invites '''
if request.user.is_authenticated:
@@ -293,6 +304,7 @@ def invite_page(request, code):
@login_required
@permission_required('bookwyrm.create_invites', raise_exception=True)
+@require_GET
def manage_invites(request):
''' invite management page '''
data = {
@@ -304,6 +316,7 @@ def manage_invites(request):
@login_required
+@require_GET
def notifications_page(request):
''' list notitications '''
notifications = request.user.notification_set.all() \
@@ -319,6 +332,7 @@ def notifications_page(request):
@csrf_exempt
+@require_GET
def user_page(request, username):
''' profile page for a user '''
try:
@@ -387,11 +401,9 @@ def user_page(request, username):
@csrf_exempt
+@require_GET
def followers_page(request, username):
''' list of followers '''
- if request.method != 'GET':
- return HttpResponseBadRequest()
-
try:
user = get_user_from_username(username)
except models.User.DoesNotExist:
@@ -410,11 +422,9 @@ def followers_page(request, username):
@csrf_exempt
+@require_GET
def following_page(request, username):
''' list of followers '''
- if request.method != 'GET':
- return HttpResponseBadRequest()
-
try:
user = get_user_from_username(username)
except models.User.DoesNotExist:
@@ -433,11 +443,9 @@ def following_page(request, username):
@csrf_exempt
+@require_GET
def status_page(request, username, status_id):
''' display a particular status (and replies, etc) '''
- if request.method != 'GET':
- return HttpResponseBadRequest()
-
try:
user = get_user_from_username(username)
status = models.Status.objects.select_subclasses().get(id=status_id)
@@ -476,11 +484,9 @@ def status_visible_to_user(viewer, status):
@csrf_exempt
+@require_GET
def replies_page(request, username, status_id):
''' ordered collection of replies to a status '''
- if request.method != 'GET':
- return HttpResponseBadRequest()
-
if not is_api_request(request):
return status_page(request, username, status_id)
@@ -495,6 +501,7 @@ def replies_page(request, username, status_id):
@login_required
+@require_GET
def edit_profile_page(request):
''' profile page for a user '''
user = request.user
@@ -508,6 +515,7 @@ def edit_profile_page(request):
return TemplateResponse(request, 'edit_user.html', data)
+@require_GET
def book_page(request, book_id):
''' info about a book '''
try:
@@ -595,6 +603,7 @@ def book_page(request, book_id):
@login_required
@permission_required('bookwyrm.edit_book', raise_exception=True)
+@require_GET
def edit_book_page(request, book_id):
''' info about a book '''
book = books_manager.get_edition(book_id)
@@ -608,6 +617,7 @@ def edit_book_page(request, book_id):
return TemplateResponse(request, 'edit_book.html', data)
+@require_GET
def editions_page(request, book_id):
''' list of editions of a book '''
work = get_object_or_404(models.Work, id=book_id)
@@ -627,6 +637,7 @@ def editions_page(request, book_id):
return TemplateResponse(request, 'editions.html', data)
+@require_GET
def author_page(request, author_id):
''' landing page for an author '''
author = get_object_or_404(models.Author, id=author_id)
@@ -643,6 +654,7 @@ def author_page(request, author_id):
return TemplateResponse(request, 'author.html', data)
+@require_GET
def tag_page(request, tag_id):
''' books related to a tag '''
tag_obj = models.Tag.objects.filter(identifier=tag_id).first()
@@ -663,11 +675,13 @@ def tag_page(request, tag_id):
@csrf_exempt
+@require_GET
def user_shelves_page(request, username):
''' list of followers '''
return shelf_page(request, username, None)
+@require_GET
def shelf_page(request, username, shelf_identifier):
''' display a shelf '''
try: