From 104290201877c16922baceb5635d71d63f431c67 Mon Sep 17 00:00:00 2001
From: avara1986 <a.vara.1986@gmail.com>
Date: Thu, 11 Sep 2014 12:58:56 +0200
Subject: [PATCH] Added Filter Domain origin

---
 events/api/api.py    | 14 +++++++++++++-
 events/api/models.py |  4 +++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/events/api/api.py b/events/api/api.py
index b92bdde..aec2be6 100755
--- a/events/api/api.py
+++ b/events/api/api.py
@@ -1,4 +1,5 @@
 #encoding: utf-8
+import re
 from rest_framework import generics, permissions
 from rest_framework import status
 #from rest_framework.decorators import api_view
@@ -37,8 +38,19 @@ def post(self, request, format=None):
             #request.META['HTTP_ORIGIN']
             #import ipdb; ipdb.set_trace()
             event = Event.objects.get(pk=serializer.init_data['event'])
+            if event.url != "" and event.url is not None:
+                #import ipdb; ipdb.set_trace()
+                if 'HTTP_ORIGIN' in  request.META.keys():
+                    requestURL =  request.META['HTTP_ORIGIN']
+                else:
+                    requestURL =  request.META['HTTP_REFERER']
+
+                if not re.search(event.url, requestURL):
+                    serializer.data.update({'result': False})
+                    serializer.data.update({'error_msg': 'No está permitido registrarse desde %s' % requestURL })
+                    return Response(serializer.data, status=status.HTTP_201_CREATED)
             # Puesto +2 para tests, TODO: cambiar a +1
-            if event.is_open and (event.num_registereds()+2 <= event.n_seats):
+            if event.is_open and (event.num_registereds()+1 <= event.n_seats):
                 serializer.save()
                 serializer.data.update({'result': True})
                 return Response(serializer.data, status=status.HTTP_201_CREATED)
diff --git a/events/api/models.py b/events/api/models.py
index 30a6e20..acded68 100755
--- a/events/api/models.py
+++ b/events/api/models.py
@@ -20,7 +20,7 @@ class Event(models.Model):
 
     registered = models.DateTimeField(auto_now_add=True)
     title = models.CharField(max_length=100)
-    url = models.CharField(max_length=100)
+    url = models.CharField(verbose_name="Url del evento", max_length=200, null=True, blank=True)
     n_seats = models.PositiveIntegerField(verbose_name="Número de plazas")
     n_seats_overflow = models.IntegerField()
     address = models.CharField(max_length=200)
@@ -31,6 +31,8 @@ class Event(models.Model):
     status = models.BooleanField(verbose_name="Activo", max_length=1, default=True)
     deleted = models.BooleanField(verbose_name="Borrado", max_length=1, default=False)
 
+
+
     def num_registereds(self):
         return int(Attendee.objects.filter(event=self.pk).count())