Merge branch '24-redirect-after-logging-in' into 'master'

Resolve "Redirect after logging in"

Closes #24

See merge request !9

smash/web/templates/login.html

@@ -75,6 +75,9 @@
 
     <form action="{% url 'web.views.login' %}" method="post">
 	  {% csrf_token %}
+    {% if next %}
+      <input type="hidden" name="next" value="{{ next }}" />
+    {% endif %}
 
       <div class="form-group has-feedback">
         <input type="text" name="username" class="form-control" placeholder="Login">

smash/web/views.py

@@ -54,13 +54,18 @@ def login(request):
 	if request.GET and request.GET.get('error'):
 		context['state'] = request.GET.get('error')
 
+	if request.method == "GET" and request.GET:
+		context['next'] = request.GET.get('next')
+
 	if request.method == "POST" and request.POST:
 		state, message = do_login(request)
 		if state == True:
-			return redirect(appointments)
+			if request.POST.get('next'):
+				return redirect(request.POST.get('next'))
+			else:
+				return redirect(appointments)
 		else:
 			return redirect('/login?error=' + message)
-
 	return render(request, "login.html", context)
 
 class NotificationCount(object):
@@ -84,6 +89,9 @@ def get_filter_locations(user):
 			worker = workers[0]
 	elif isinstance(user, Worker):
 		worker = user
+	elif isinstance(user, AnonymousUser):
+		# anonymous user shouldn't see anything
+		return Location.objects.filter(id=-1)
 	elif user!=None:
 		raise TypeError("Unknown class type: "+user.__class__.__name__)
 
@@ -664,6 +672,8 @@ def appointment_edit_datetime(request, id):
 		form = AppointmentEditForm(instance=the_appointment)
 	return wrap_response(request, 'appointments/edit.html', {'form': form})
 
+#because we don't  wrap_response we must force login required
+@login_required
 def export_to_csv2(request, type="subjects"):
     #Create the HttpResponse object with the appropriate CSV header.
 	response = HttpResponse(content_type='text/csv')