From e4b45ad9484792fb0ee3afe2c35f56c7ef5ff172 Mon Sep 17 00:00:00 2001
From: Adam Goldsmith <adam@adamgoldsmith.name>
Date: Tue, 22 Dec 2020 15:32:58 -0500
Subject: [PATCH] Check if user is authenticated for showing/accepting task
 event form

---
 tasks/templates/tasks/taskDetail.djhtml | 62 +++++++++++++------------
 tasks/views.py                          | 13 ++++--
 2 files changed, 41 insertions(+), 34 deletions(-)
diff --git a/tasks/templates/tasks/taskDetail.djhtml b/tasks/templates/tasks/taskDetail.djhtml
index e6235cd..5c4aae4 100644
--- a/tasks/templates/tasks/taskDetail.djhtml
+++ b/tasks/templates/tasks/taskDetail.djhtml
@@ -30,27 +30,29 @@
     </div>
   {% endif %}
 
-  <div class="d-md-none">
-    <h2> Log a Maintenance Event </h2>
-    <form class="form-group" method="post">
-      {% csrf_token %}
-      <fieldset class="form-group">
-        {{ form.date.label_tag }}
-        {% render_field form.date type="date" class="form-control" %}
-      </fieldset>
-      <fieldset class="form-group">
-        {{ form.user.label_tag }}
-        {% render_field form.user class="form-control" %}
-      </fieldset>
-      <fieldset class="form-group">
-        {{ form.notes.label_tag }}
-        {% render_field form.notes class="form-control form-control-sm" rows="2" %}
-      </fieldset>
-      <input type="submit" class="btn btn-primary" value="Submit">
-    </form>
+  {% if user.is_authenticated %}
+    <div class="d-md-none">
+      <h2> Log a Maintenance Event </h2>
+      <form class="form-group" method="post">
+        {% csrf_token %}
+        <fieldset class="form-group">
+          {{ form.date.label_tag }}
+          {% render_field form.date type="date" class="form-control" %}
+        </fieldset>
+        <fieldset class="form-group">
+          {{ form.user.label_tag }}
+          {% render_field form.user class="form-control" %}
+        </fieldset>
+        <fieldset class="form-group">
+          {{ form.notes.label_tag }}
+          {% render_field form.notes class="form-control form-control-sm" rows="2" %}
+        </fieldset>
+        <input type="submit" class="btn btn-primary" value="Submit">
+      </form>
 
-    {{ form.media }}
-  </div>
+      {{ form.media }}
+    </div>
+  {% endif %}
 
   <h2> Event Log </h2>
   <table class="table table-striped table-hover">
@@ -62,15 +64,17 @@
       </tr>
     </thead>
     <tbody>
-      <tr class="d-none d-md-table-row">
-        <form method="post">
-          {% csrf_token %}
-          <td> {% render_field form.date type="date" class="form-control" %} </td>
-          <td> {% render_field form.user class="form-control" style="width: initial;" %} </td>
-          <td> {% render_field form.notes class="form-control form-control-sm" rows="2" %} </td>
-          <td> <input type="submit" class="btn btn-primary" value="Submit"> </td>
-        </form>
-      </tr>
+      {% if user.is_authenticated %}
+        <tr class="d-none d-md-table-row">
+          <form method="post">
+            {% csrf_token %}
+            <td> {% render_field form.date type="date" class="form-control" %} </td>
+            <td> {% render_field form.user class="form-control" style="width: initial;" %} </td>
+            <td> {% render_field form.notes class="form-control form-control-sm" rows="2" %} </td>
+            <td> <input type="submit" class="btn btn-primary" value="Submit"> </td>
+          </form>
+        </tr>
+      {% endif %}
       {% for event in events|dictsortreversed:"date" %}
         <tr>
           <td class="text-nowrap"> {{ event.date }} </td>
diff --git a/tasks/views.py b/tasks/views.py
index de03d88..8d08729 100644
--- a/tasks/views.py
+++ b/tasks/views.py
@@ -31,11 +31,14 @@ def taskDetail(request, asset_tag, task_slug):
     events = task.event_set.all()
 
     if request.method == 'POST':
-        event = Event(task=task)
-        form = EventForm(request.POST, instance=event)
-        if form.is_valid():
-            form.save()
-            pass
+        if request.user.is_authenticated:
+            event = Event(task=task)
+            form = EventForm(request.POST, instance=event)
+            if form.is_valid():
+                form.save()
+        else:
+            form = EventForm(request.POST)
+            form.add_error(None, "Not authenticated: please login")
     else:
         form = EventForm(initial={
             'date': datetime.now(),

{% render_field form.date type="date" class="form-control" %}	{% render_field form.user class="form-control" style="width: initial;" %}	{% render_field form.notes class="form-control form-control-sm" rows="2" %}
{% render_field form.date type="date" class="form-control" %}	{% render_field form.user class="form-control" style="width: initial;" %}	{% render_field form.notes class="form-control form-control-sm" rows="2" %}
{{ event.date }}