Store user id/secret in session upon login (#61)

History table uses session's user_id instead of secret in URL.
2018-11-06 21:45:52 -05:00
parent 77141849ac
commit 3d6dff359d
4 changed files with 13 additions and 5 deletions
--- a/graphs/templates/graphs/logged_in.html
+++ b/graphs/templates/graphs/logged_in.html
@@ -16,7 +16,7 @@
    <a class="btn btn-primary" href="{% url "graphs:display_artist_graph" user_secret %}" role="button">
        Artists
    </a>
-    <a class="btn btn-primary" href="{% url "graphs:display_history_table" user_secret %}" role="button">
+    <a class="btn btn-primary" href="{% url "graphs:display_history_table" %}" role="button">
        History
    </a>
 </body>
--- a/graphs/urls.py
+++ b/graphs/urls.py
@@ -10,6 +10,7 @@ urlpatterns = [
        name='display_genre_graph'),
    path('audio_features/<str:user_secret>', display_features_graphs,
        name='display_audio_features'),
-    path('history/<str:user_secret>', display_history_table,
-        name='display_history_table'),
+    #  path('history/<str:user_secret>', display_history_table,
+        #  name='display_history_table'),
+    path('history/', display_history_table, name='display_history_table'),
 ]
--- a/graphs/views.py
+++ b/graphs/views.py
@@ -43,14 +43,14 @@ def display_features_graphs(request, user_secret):
    return render(request, "graphs/features_graphs.html",
            get_secret_context(user_secret))

-def display_history_table(request, user_secret):
+def display_history_table(request):
    """Renders the user history page

    :param request: the HTTP request
    :param user_secret: user secret used for identification
    :return: renders the user history page
    """
-    user_id = User.objects.get(secret=user_secret).id
+    user_id = request.session['user_id']
    user_history = History.objects.filter(user__exact=user_id).order_by('-timestamp')
    history_table = HistoryTable(user_history)
    history_table.exclude = ('id', 'user', 'track', ) 
--- a/login/views.py
+++ b/login/views.py
@@ -74,6 +74,9 @@ def callback(request):
    user_obj = create_user(token_response['refresh_token'],
            token_response['access_token'],
            token_response['expires_in']) 
+    
+    request.session['user_id'] = user_obj.id
+    request.session['user_secret'] = user_obj.secret

    return render(request, 'login/scan.html', get_user_context(user_obj))

@@ -86,6 +89,10 @@ def admin_graphs(request):
    """
    user_id = "polarbier"
    #  user_id = "chrisshyi13"
+
+    request.session['user_id'] = user_id
+    #  request.session['user_secret'] = user_obj.secret
+    request.session['user_secret'] = User.objects.get(id=user_id).secret
    user_obj = User.objects.get(id=user_id)
    return render(request, 'graphs/logged_in.html', get_user_context(user_obj))