task-2 submission#5
Conversation
| user=models.ForeignKey(User, null=True,blank=True,on_delete=models.SET_NULL) | ||
| rating=models.FloatField(default=0.0) |
There was a problem hiding this comment.
The rating shall be given as an integer - please read proper instructions.
The user should not be null here, and a better option would be to use on_delete=models.CASCADE
You could have also used unique_together META option here.
| book_id = None # get the book id from post data | ||
|
|
||
|
|
||
| book_id =request.POST['bid']# get the book id from post data |
There was a problem hiding this comment.
You directly access POST data without checking if it even exists. This may lead to server crash if a user access this endpoint with invalid request data. The good behavior would have been to throw a client error (400), rather than server error (500).
| 'message':None, | ||
| } | ||
| book_id=request.POST['bid'] | ||
| book=BookCopy.objects.get(pk=book_id) |
There was a problem hiding this comment.
This may fail with invalid book ID given in POST request, and would lead to server error. Expected behavior is to inform user with Not found (404) error.
| try: | ||
| book.borrower=None | ||
| book.borrow_date=None | ||
| book.status=True | ||
| book.save() | ||
| msg="success" | ||
| except: | ||
| msg='failure' |
There was a problem hiding this comment.
There must be a validation in the backend when a user is returning the book, to make sure that he has only borrowed the book. Otherwise, a simple POST request will make the BookCopy to be returned, and would set its status as True.
| r1=UserRating.objects.filter(user=request.user,book=book) | ||
| user_rating = request.POST['user_rating'] | ||
| rating=UserRating() | ||
| rating.book=book | ||
| rating.user=request.user | ||
| rating.rating=user_rating | ||
| r1.delete() | ||
| rating.save() |
There was a problem hiding this comment.
You've not put a backend validation on the rating, so the user can easily put invalid values of rating.
Also, you could have updated the rating rather than deleting and then saving it.
|
Points updated! 🎉 |
2 participants
CSoC Task 2 Submission
I have completed the following tasks