the ajax is working

rowers/templates/stepeditor.html

@@ -18,7 +18,7 @@
 </p>
 <div class="stepcontainer" id="list">
 <section class="drop-zone">
-<h2>Training</h2>
+<h2>Training Steps for {{ ps.name }}</h2>
 </section>
 <section class="library">
   <h2>Library</h2>
@@ -48,6 +48,23 @@
         src='https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js'>
 </script>
 <script>
+  let csrftoken;
+  $(document).ready(function() {
+    csrftoken = jQuery("[name=csrfmiddlewaretoken]").val();
+    console.log("CSRF token",csrftoken);
+  });
+  function csrfSafeMethod(method) {
+    // these HTTP methods do not require CSRF protection
+    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
+  }
+  $.ajaxSetup({
+    beforeSend: function(xhr, settings) {
+      if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
+        xhr.setRequestHeader("X-CSRFToken", csrftoken);
+      }
+    }
+  });
+
     let dragged;
     let origcolor;
 
@@ -56,12 +73,30 @@
       steps = document.querySelector('.drop-zone');
       steps.childNodes.forEach(function(item) {
         if (item.className && item.className.includes("trainingstep")) {
-          console.log(item);
+          item.childNodes.forEach(function(child) {
+            console.log(child.id);
+            if (child.id) {
+              list.push(child.id);
+            }
+          })
         }
       });
       console.log(list);
-    }
-
+      $.ajax({
+        data: JSON.stringify(list),
+        type: 'POST',
+        url: '/rowers/plans/stepadder/{{ ps.id }}/',
+        error: function(result) {
+          $("#id_waiting").replaceWith(
+          '<div id="id_failed" class="grid_12 alpha message">Your upload failed</div>'
+          );
+        },
+        success: function(result) {
+          console.log('got something back');
+          console.log(result);
+        }
+    })
+  };
 
     function handleDragStart(event) {
       let target = event.target;

rowers/urls.py

@@ -877,6 +877,10 @@ urlpatterns = [
             name='rower_select_instantplan'),
     re_path(r'^plans/stepeditor/$',
             views.stepeditor, name='stepeditor'),
+    re_path(r'^plans/stepeditor/(?P<id>\d+)/$',
+            views.stepeditor, name='stepeditor'),
+    re_path(r'^plans/stepadder/(?P<id>\d+)/$',
+        views.stepadder, name='stepadder'),
     re_path(r'^plans/(?P<id>[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12})/$',
             views.rower_view_instantplan, name='rower_view_instantplan'),
     re_path(r'^buyplan/(?P<id>\d+)/$', views.buy_trainingplan_view,

rowers/views/planviews.py

@@ -6,6 +6,7 @@ from rowers.views.statements import *
 
 import rowers.garmin_stuff as gs
 from rowers import credits
+from json.decoder import JSONDecodeError
 
 
 @login_required
@@ -2959,10 +2960,53 @@ def rower_create_trainingplan(request, id=0):
                       'old_targets': old_targets,
                   })
 
+@user_passes_test(can_plan, login_url="/rowers/paidplans",
+                  message="This functionality requires a Coach or Self-Coach plan",
+                  redirect_field_name=None)
+def stepadder(request, id=0):
+    is_ajax = request.META.get('HTTP_X_REQUESTED_WITH') == 'XMLHttpRequest'
+    if not is_ajax:
+        return JSONResponse(
+            status=403, data={
+                'status': 'false',
+                'message': 'this view cannot be accessed directly'
+                }
+            )
+    ps = get_object_or_404(PlannedSession, pk=id)
+
+    print(request.method,'aap')
+
+    if request.method != 'POST':
+        message = {'status': 'false',
+                   'message': 'this view cannot be accessed through GET'}
+        return JSONResponse(status=403, data=message)
+
+    try:
+        json_data = json.loads(request.body)
+        post_data = json_data
+    except (KeyError, JSONDecodeError):
+        q = request.POST
+        post_data = {k: q.getlist(k) if len(
+            q.getlist(k)) > 1 else v for k, v in q.items()}
+
+    # only allow local host
+    hostt = request.get_host().split(':')
+    if hostt[0] not in ['localhost', '127.0.0.1', 'dev.rowsandall.com', 'rowsandall.com']:
+        message = {'status': 'false',
+                   'message': 'permission denied for host '+hostt[0]}
+        return JSONResponse(status=403, data=message)
+
+    print(post_data)
+
+    return JSONResponse(status=200,data=post_data)
+
 @user_passes_test(can_plan, login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def stepeditor(request, id=0):
+    ps = get_object_or_404(PlannedSession, pk=id)
+    ps.steps = {}
+
 
     form = StepEditorForm()
 
@@ -2980,6 +3024,7 @@ def stepeditor(request, id=0):
                   {
                       'steps':steps,
                       'form':form,
+                      'ps':ps,
                   })
 
 @user_passes_test(can_plan, login_url="/rowers/paidplans",