Completed all stages#1
Conversation
|
Hi @subodhk01, Your deployment failed, Please fix the issues. |
|
Here is the log if it helps Make sure you are using pipenv to manage your dependencies. |
|
@nishantwrp What about new migrations? |
krashish8
left a comment
krashish8
left a comment
There was a problem hiding this comment.
Great work on the assignment @subodhk01! I'll update the points later!
| username = request.POST['username'] | ||
| password = request.POST['password'] |
There was a problem hiding this comment.
You directly access POST data without checking if it even exists. This may lead to server crash if a user access this endpoint with invalid request data. The good behavior would have been to throw a client error (400), rather than server error (500).
| password1 = request.POST['password1'] | ||
| password2 = request.POST['password2'] | ||
| email = request.POST['email'] | ||
| except: |
There was a problem hiding this comment.
As a good coding practice, whenever you use try-except block, capture only the exceptions which you want to catch (IndexError, IntegrityError, etc.)
| rating = models.FloatField(default=0.0) | ||
| user_ratings = JSONField() |
There was a problem hiding this comment.
Nice use of JSONField()!
Since the model fields rating and user_rating are linked with each other, you could have used a @property decorator, so that the rating field would even update if the user_ratings is updated from the backend.
| bid = request.POST['bid'] | ||
| book = BookCopy.objects.get(pk=bid) | ||
| book.status = True | ||
| book.borrower = None | ||
| book.borrow_date = None | ||
| book.save() | ||
| return JsonResponse( {"message":"Book successfully returned."} ) |
There was a problem hiding this comment.
There must be a validation in the backend when a user is returning the book, to make sure that he has only borrowed the book. Otherwise, a simple POST request will make the BookCopy to be returned, and would set its status as True.
| def rateBookview(request, bid): | ||
| if request.method == "POST": | ||
| book = Book.objects.get(pk=bid) | ||
| rating = request.POST['rating'] |
There was a problem hiding this comment.
You've not put a backend validation on this value, so the user can simply edit the JS code you've written in the template and easily put invalid values of rating.
| @login_required | ||
| def rateBookview(request, bid): | ||
| if request.method == "POST": | ||
| book = Book.objects.get(pk=bid) |
There was a problem hiding this comment.
This may also fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.
|
Points Updated! 🎉 |
3 participants
CSoC Task 2 Submission
I have completed the following tasks