Open timparenti opened 4 years ago
@reckert477 could we make this a decently high priority so I can overhaul abtech.org infrastructure over winter break? Basically we just want to be able to set the form target on abtech.org to go to a tracker API with proper access-origin headers and redirect-back-on-submit.
The correct solution to this is almost certainly to modify the ACL for events#create to allow anonymous requests, and just change the form's submission URL to be tracker/events, rather than spending the time and extra maintenance overhead of making an API
I think that's certainly the simplest approach. Only potential additional concern is that, currently, the public form sends an email confirmation to the submitter, so there ought to be some equivalent form of feedback in the new paradigm, though that could just be something akin to the "event created" page that is equally careful with the wording when the request comes through anonymously (and thus is very much pending).
Given the spam problems which have recently cropped up over on https://github.com/ABTech/abtech.org/issues/106, this is taking on increased importance, especially so that @DaAwesomeP doesn't have to build an equivalent workaround into the new version of the website he is planning.
To be effective in combatting spam and limiting submissions to the campus community, the form would need to be authenticated, but could authorize any Andrew user. If repurposing events#create as suggested, the existing form should adapt its presentation as a "request form" to those not currently permitted to create events, and should simplify the inputs it presents accordingly.
@reckert477 Any chance you or others might get to look into this soon?
Rather than relying on ABTech/abtech.org using
robobrowser
to insert event requests into the form on Tracker, there ought to be some sort of API for Tracker, restricted appropriately, that Django can use on that end to effectively insert requests directly into Tracker's database.Request from @DaAwesomeP