Редактирование книг

2025-01-16 18:34:40 +03:00
parent 0da6c9efa7
commit 782d9cfbb1
5 changed files with 31 additions and 1 deletions
--- a/bookify/bookify/settings.py
+++ b/bookify/bookify/settings.py
@@ -25,7 +25,7 @@ SECRET_KEY = "django-insecure-c1_r=$!h*n-@r1u-r#9x*xsgs7$a*2cnr7!c8=+irf!*4@g$$2
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True

-ALLOWED_HOSTS = ["bookify.tishenko.dev"]
+ALLOWED_HOSTS = ["127.0.0.1", "bookify.tishenko.dev"]


 # Application definition
--- a/bookify/books/templates/books/book_detail.html
+++ b/bookify/books/templates/books/book_detail.html
@@ -17,6 +17,7 @@

    {% if user.is_authenticated and user == book.created_by %}
        <p>
+            <a href="{% url 'books:edit_book' book.pk %}">Редактировать книгу</a> |
            <a class="btn-delete" href="{% url 'books:delete_book' book.pk %}">Удалить книгу</a>
        </p>
    {% endif %}
--- a/bookify/books/templates/books/edit_book.html
+++ b/bookify/books/templates/books/edit_book.html
@@ -0,0 +1,9 @@
+{% extends 'books/base.html' %}
+{% block content %}
+<h2>Редактировать книгу "{{ book.title }}"</h2>
+<form method="POST">
+    {% csrf_token %}
+    {{ form.as_p }}
+    <button type="submit">Сохранить</button>
+</form>
+{% endblock %}
--- a/bookify/books/urls.py
+++ b/bookify/books/urls.py
@@ -23,4 +23,5 @@ urlpatterns = [
    ),
    path("register/", views.register, name="register"),
    path("succesful-logout/", views.logout, name="logout"),
+    path("book/<int:pk>/edit/", views.edit_book, name="edit_book"),
 ]
--- a/bookify/books/views.py
+++ b/bookify/books/views.py
@@ -43,6 +43,25 @@ def book_detail(request, pk):
    )


+@login_required
+def edit_book(request, pk):
+    """Редактирование книги, только для её создателя."""
+    book = get_object_or_404(Book, pk=pk)
+    # Проверяем, что текущий пользователь – владелец:
+    if book.created_by != request.user:
+        raise PermissionDenied("Вы не можете редактировать чужую книгу.")
+
+    if request.method == "POST":
+        form = BookForm(request.POST, instance=book)
+        if form.is_valid():
+            form.save()
+            return redirect("books:book_detail", pk=book.pk)
+    else:
+        form = BookForm(instance=book)
+
+    return render(request, "books/edit_book.html", {"form": form, "book": book})
+
+
@login_required
 def add_book(request):
    """Добавление новой книги (только авторизованный пользователь)."""