🎮Implement the functionality to create and edit blog posts

blog/forms.py

@@ -0,0 +1,15 @@
+"""The forms for the Blog application."""
+
+from django import forms
+
+from .models import Post
+
+
+class PostForm(forms.ModelForm):
+    """Form for editing posts in the Blog application."""
+
+    class Meta:
+        """Metadata for the post form."""
+
+        model = Post
+        fields = ('title', 'text')

blog/templates/blog/base.html

@@ -9,11 +9,19 @@
     </head>
     <body>
         <header class="page-header">
-          <div class="container">
-              <h1><a href="/">Django Girls Blog</a></h1>
-          </div>
+            <div class="container">
+                {% if user.is_authenticated %}
+                    <a href="{% url 'post_new' %}" class="top-menu">
+                        {% include './icons/file-earmark-plus.svg' %}
+                    </a>
+                    <p class="top-menu">Hello {{ user.username }} <small>(<a href="{% url 'logout' %}">Log out</a>)</small></p>
+                {% else %}
+                    <a href="{% url 'login' %}" class="top-menu"><span class="glyphicon glyphicon-lock"></span></a>
+                {% endif %}
+                <h1><a href="/">Django Girls Blog</a></h1>
+            </div>
         </header>
-        <main class="container">
+        <main class="content container">
             <div class="row">
                 <div class="col">
                 {% block content %}

blog/templates/blog/post_detail.html

@@ -2,6 +2,13 @@
 
 {% block content %}
     <article class="post">
+        <aside class="actions">
+        {% if user.is_authenticated %}
+            <a class="btn btn-secondary" href="{% url 'post_edit' pk=post.pk %}">
+                {% include './icons/pencil-fill.svg' %}
+            </a>
+        {% endif %}
+        </aside>
         {% if post.published_date %}
             <time class="date">
                 {{ post.published_date }}

blog/templates/blog/post_edit.html

@@ -0,0 +1,9 @@
+{% extends 'blog/base.html' %}
+
+{% block content %}
+    <h2>New post</h2>
+    <form method="POST" class="post-form">{% csrf_token %}
+        {{ form.as_p }}
+        <button type="submit" class="save btn btn-secondary">Save</button>
+    </form>
+{% endblock %}

blog/templates/registration/login.html

@@ -0,0 +1,24 @@
+{% extends "blog/base.html" %}
+
+{% block content %}
+    {% if form.errors %}
+        <p>Your username and password didn't match. Please try again.</p>
+    {% endif %}
+
+    <form method="post" action="{% url 'login' %}">
+    {% csrf_token %}
+        <table>
+        <tr>
+            <td>{{ form.username.label_tag }}</td>
+            <td>{{ form.username }}</td>
+        </tr>
+        <tr>
+            <td>{{ form.password.label_tag }}</td>
+            <td>{{ form.password }}</td>
+        </tr>
+        </table>
+
+        <input type="submit" value="login" />
+        <input type="hidden" name="next" value="{{ next }}" />
+    </form>
+{% endblock %}

blog/urls.py

@@ -7,4 +7,6 @@
 urlpatterns = [
     path('', views.post_list, name='post_list'),
     path('post/<int:pk>/', views.post_detail, name='post_detail'),
+    path('post/new/', views.post_new, name='post_new'),
+    path('post/<int:pk>/edit/', views.post_edit, name='post_edit'),
 ]

blog/views.py

@@ -1,8 +1,10 @@
 """The views for the Blog application."""
 
-from django.shortcuts import get_object_or_404, render
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import get_object_or_404, redirect, render
 from django.utils import timezone
 
+from .forms import PostForm
 from .models import Post
 
 
@@ -20,3 +22,36 @@ def post_detail(request, pk):
     """Display a blog post based on the post's primary key."""
     post = get_object_or_404(Post, pk=pk)
     return render(request, 'blog/post_detail.html', {'post': post})
+
+
+@login_required
+def post_new(request):
+    """Create a new post."""
+    if request.method == 'POST':
+        form = PostForm(request.POST)
+        if form.is_valid():
+            post = form.save(commit=False)
+            post.author = request.user
+            post.published_date = timezone.now()
+            post.save()
+            return redirect('post_detail', pk=post.pk)
+    else:
+        form = PostForm()
+    return render(request, 'blog/post_edit.html', {'form': form})
+
+
+@login_required
+def post_edit(request, pk):
+    """Edit an existing post."""
+    post = get_object_or_404(Post, pk=pk)
+    if request.method == 'POST':
+        form = PostForm(request.POST, instance=post)
+        if form.is_valid():
+            post = form.save(commit=False)
+            post.author = request.user
+            post.published_date = timezone.now()
+            post.save()
+            return redirect('post_detail', pk=post.pk)
+    else:
+        form = PostForm(instance=post)
+    return render(request, 'blog/post_edit.html', {'form': form})

mysite/urls.py

@@ -1,9 +1,15 @@
 """mysite URL Configuration."""
 
 from django.contrib import admin
+from django.contrib.auth import views
 from django.urls import include, path
 
 urlpatterns = [
     path('admin/', admin.site.urls),
+    path('accounts/login/', views.LoginView.as_view(), name='login'),
+    path(
+        'accounts/logout/', views.LogoutView.as_view(next_page='/'),
+        name='logout',
+    ),
     path('', include('blog.urls')),
 ]

requirements/base.txt

@@ -4,11 +4,11 @@
 #
 #    pip-compile requirements/base.in
 #
-asgiref==3.7.2
+asgiref==3.8.1
     # via django
-django==3.2.21
-    # via -r base.in
-pytz==2023.3.post1
+django==3.2.25
+    # via -r requirements/base.in
+pytz==2024.2
     # via django
-sqlparse==0.4.4
+sqlparse==0.5.2
     # via django

requirements/dev.txt

@@ -4,31 +4,31 @@
 #
 #    pip-compile requirements/dev.in
 #
-asgiref==3.7.2
+asgiref==3.8.1
     # via django
-astroid==3.0.2
+astroid==3.3.6
     # via pylint
 covdefaults==2.3.0
     # via -r requirements/dev.in
-coverage==7.3.4
+coverage==7.6.9
     # via
     #   -r requirements/dev.in
     #   covdefaults
-dill==0.3.7
+dill==0.3.9
     # via pylint
-django==3.2.23
+django==3.2.25
     # via -r requirements/base.in
 isort==5.13.2
     # via pylint
 mccabe==0.7.0
     # via pylint
-platformdirs==4.1.0
+platformdirs==4.3.6
     # via pylint
-pylint==3.0.3
+pylint==3.3.2
     # via -r requirements/dev.in
-pytz==2023.3.post1
+pytz==2024.2
     # via django
-sqlparse==0.4.4
+sqlparse==0.5.2
     # via django
-tomlkit==0.12.3
+tomlkit==0.13.2
     # via pylint

tests/test_views.py

@@ -38,6 +38,16 @@ def setUpTestData(cls):
             published_date=datetime(2030, 3, 1, tzinfo=cls.tm_zone),
         )
 
+        cls.valid_form_post = {
+            'title': 'Test Title',
+            'text': 'Test Text',
+        }
+
+        cls.invalid_form_post = {
+            'title': '',
+            'text': 'Test Text',
+        }
+
     def test_post_list_rendering(self):
         """Check correct posts displayed based on mocked current time."""
         post_list_url = reverse('post_list')
@@ -86,3 +96,103 @@ def test_post_detail_failed(self):
             reverse('post_detail', kwargs={'pk': 31}),
         )
         self.assertEqual(404, http_response.status_code)
+
+    def test_post_new_get_authorized(self):
+        """Ensure authorized users can access the new post page."""
+        self.client.force_login(self.user)
+        url = reverse('post_new')
+        http_response = self.client.get(url)
+        self.assertEqual(http_response.status_code, 200)
+        self.assertTemplateUsed(http_response, 'blog/post_edit.html')
+
+    def test_post_new_get_unauthorized(self):
+        """Ensure unauthorized users are redirected when add the new post."""
+        self.client.logout()
+        url = reverse('post_new')
+        http_response = self.client.get(url)
+        self.assertRedirects(http_response, f'/accounts/login/?next={url}')
+
+    def test_post_new_valid_form_authorized(self):
+        """Ensure authorized users can correctly fill out the form for post."""
+        self.client.force_login(self.user)
+        url = reverse('post_new')
+        initial_post_count = Post.objects.count()
+        http_response = self.client.post(
+            url, self.valid_form_post, follow=True,
+        )
+        self.assertEqual(http_response.status_code, 200)
+        self.assertTemplateUsed(http_response, 'blog/post_detail.html')
+        new_post = Post.objects.last()
+        self.assertRedirects(
+            http_response,
+            reverse(
+                'post_detail',
+                kwargs={'pk': new_post.pk},
+            ),
+        )
+        self.assertEqual(new_post.title, 'Test Title')
+        self.assertEqual(new_post.text, 'Test Text')
+        self.assertEqual(new_post.author, self.user)
+        self.assertIsNotNone(new_post.published_date)
+        self.assertEqual(Post.objects.count(), initial_post_count + 1)
+
+    def test_post_new_invalid_form_authorized(self):
+        """Test handling of invalid form submission for new post."""
+        self.client.force_login(self.user)
+        url = reverse('post_new')
+        http_response = self.client.post(url, self.invalid_form_post)
+        self.assertEqual(http_response.status_code, 200)
+        self.assertTemplateUsed(http_response, 'blog/post_edit.html')
+        self.assertContains(
+            http_response, 'This field is required.', html=True,
+        )
+
+    def test_post_edit_get_authorized(self):
+        """Ensure authorized users have access to edit the post."""
+        self.client.force_login(self.user)
+        post = self.current_post
+        url = reverse('post_edit', kwargs={'pk': post.pk})
+        http_response = self.client.get(url)
+        self.assertEqual(http_response.status_code, 200)
+        self.assertTemplateUsed(http_response, 'blog/post_edit.html')
+
+    def test_post_edit_get_unauthorized(self):
+        """Ensure unauthorized users are redirected when edit a post."""
+        self.client.logout()
+        url = reverse('post_edit', kwargs={'pk': self.current_post.pk})
+        http_response = self.client.get(url)
+        self.assertRedirects(http_response, f'/accounts/login/?next={url}')
+
+    def test_post_edit_valid_form_authorized(self):
+        """Check the correctness of updating the post after editing."""
+        self.client.force_login(self.user)
+        post = self.current_post
+        url = reverse('post_edit', kwargs={'pk': post.pk})
+        updated_form_data = self.valid_form_post.copy()
+        updated_form_data['title'] = 'Updated Title'
+        updated_form_data['text'] = 'Updated Text'
+        initial_published_date = post.published_date
+        http_response = self.client.post(url, updated_form_data, follow=True)
+        self.assertEqual(http_response.status_code, 200)
+        self.assertTemplateUsed(http_response, 'blog/post_detail.html')
+        self.assertRedirects(
+            http_response, reverse(
+                'post_detail', kwargs={'pk': post.pk},
+            ),
+        )
+        post.refresh_from_db()
+        self.assertEqual(post.title, 'Updated Title')
+        self.assertEqual(post.text, 'Updated Text')
+        self.assertEqual(post.author, self.user)
+        self.assertNotEqual(post.published_date, initial_published_date)
+
+    def test_post_edit_invalid_form_authorized(self):
+        """Test handling of invalid form submission when editing a post."""
+        self.client.force_login(self.user)
+        url = reverse('post_edit', kwargs={'pk': self.current_post.pk})
+        http_response = self.client.post(url, self.invalid_form_post)
+        self.assertEqual(http_response.status_code, 200)
+        self.assertTemplateUsed(http_response, 'blog/post_edit.html')
+        self.assertContains(
+            http_response, 'This field is required.', html=True,
+        )