Add post date protection to the main UI

- Add javascript validators for the form - Add simple value validation on the server, just in case something gets past the javascript validation This commit along with commit fed1b92 should close issue #178.
codeforamerica · Apr 27, 2015 · af60797 · af60797
1 parent 45384c0
commit af60797
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/public_records_portal/static/js/new_request.js b/public_records_portal/static/js/new_request.js
@@ -1,13 +1,27 @@
 $(document).ready(function(){
 
+  $.validator.addMethod('nopostdate', function(value, element) {
+    var eod = new Date();
+    var dateval = new Date(value);
+
+    eod.setHours(23, 59, 59, 999);
+    return this.optional(element) || dateval <= eod;
+  }, "This field must not be postdated.");
+
   /* validates add a request form */
   $("#submitRequest").validate({
       rules: {
         request_text: {
           required: true,
           minlength: 2
+        },
+        date_received: {
+          nopostdate: true
         }
       },
+      messages: {
+        date_received: "You must select a date in the past."
+      },
       highlight: function(element) {
         $(element).closest('.control-group').removeClass('success').addClass('error');
       },

diff --git a/public_records_portal/views.py b/public_records_portal/views.py
@@ -27,7 +27,7 @@
 import anyjson
 import helpers
 import csv_export
-from datetime import datetime, timedelta
+from datetime import date, datetime, timedelta
 from filters import *
 import re
 from db_helpers import get_count, get_obj
@@ -78,12 +78,16 @@ def new_request(passed_recaptcha = False, data = None):
 			if date_received != "":
 				try:
 					date_received = datetime.strptime(date_received, '%m/%d/%Y')
-					tz = pytz.timezone(app.config['TIMEZONE'])
-					offset = tz.utcoffset(datetime.now())
-					offset = (offset.days * 86400 + offset.seconds) / 3600
-					date_received = date_received - timedelta(hours = offset) # This is somewhat of a hack, but we need to get this back in UTC time but still treat it as a 'naive' datetime object
 				except ValueError:
 					return render_template('error.html', message = "Please use the datepicker to select a date.")
+				if date_received.date() > date.today():
+					return render_template('error.html', message = "Please choose a request receipt date that is no later than today.")
+
+				tz = pytz.timezone(app.config['TIMEZONE'])
+				offset = tz.utcoffset(datetime.now())
+				offset = (offset.days * 86400 + offset.seconds) / 3600
+				date_received = date_received - timedelta(hours = offset) # This is somewhat of a hack, but we need to get this back in UTC time but still treat it as a 'naive' datetime object
+
 		request_id, is_new = make_request(text = request_text, email = email, alias = alias, phone = phone, passed_spam_filter = True, department = department, offline_submission_type = offline_submission_type, date_received = date_received)
 		if is_new:
 			return redirect(url_for('show_request_for_x', request_id = request_id, audience = 'new'))