Fix refill permissions

* Remove ability to refill from counters * Fix bug where you could refill without any board member on a BAR * Add a warning message explaining why refilling are disabled
2025-07-10 11:59:23 +00:00 · 2024-12-17 02:42:07 +01:00
parent fc0ef29738
commit 03c27b10e5
5 changed files with 152 additions and 138 deletions
--- a/counter/models.py
+++ b/counter/models.py
@ -43,7 +43,7 @@ from core.fields import ResizedImageField
 from core.models import Group, Notification, User
 from core.utils import get_start_of_semester
 from counter.apps import PAYMENT_METHOD
-from sith.settings import SITH_COUNTER_OFFICES, SITH_MAIN_CLUB
+from sith.settings import SITH_MAIN_CLUB
 from subscription.models import Subscription


@ -559,9 +559,6 @@ class Counter(models.Model):
        """Show if the counter authorize the refilling with physic money."""
        if self.type != "BAR":
            return False
-        if self.id in SITH_COUNTER_OFFICES:
-            # If the counter is either 'AE' or 'BdF', refills are authorized
-            return True
        # at least one of the barmen is in the AE board
        ae = Club.objects.get(unix_name=SITH_MAIN_CLUB["unix_name"])
        return any(ae.get_membership_for(barman) for barman in self.barmen_list)
--- a/counter/templates/counter/counter_click.jinja
+++ b/counter/templates/counter/counter_click.jinja
@ -31,7 +31,7 @@
      <p>{% trans %}Amount: {% endtrans %}<span x-text="customerBalance"></span> €</p>
    </div>

-    <div id="click_form">
+    <div id="click_form" style="width: 20%;">
      <h5 id="selling-accordion">{% trans %}Selling{% endtrans %}</h5>
      <div>
        {% set counter_click_url = url('counter:click', counter_id=counter.id, user_id=customer.user_id) %}
@ -100,19 +100,28 @@
          <input type="submit" value="{% trans %}Cancel{% endtrans %}"/>
        </form>
      </div>
-      {% if refilling_fragment %}
+      {% if object.type == "BAR" %}
        <h5>{% trans %}Refilling{% endtrans %}</h5>
-        <div
-          @htmx:after-request="onRefillingSuccess"
-        >
-          {{ refilling_fragment }}
-        </div>
-      {% endif %}
-      {% if student_card_fragment %}
-        <h5>{% trans %}Student card{% endtrans %}</h3>
-        <div>
-          {{ student_card_fragment }}
-        </div>
+        {% if refilling_fragment %}
+          <div
+            @htmx:after-request="onRefillingSuccess"
+          >
+            {{ refilling_fragment }}
+          </div>
+        {% else %}
+          <div>
+            <p class="alert alert-yellow">
+              {% trans trimmed %}As a barman, you are not able to refill any account on your own. An admin should be connected on this counter for that. The customer can refill by using the eboutic.{% endtrans %}
+            </p>
+          </div>
+        {% endif %}
+        {% if student_card_fragment %}
+          <h5>{% trans %}Student card{% endtrans %}</h3>
+          <div>
+            {{ student_card_fragment }}
+          </div>
+        {% endif %}
+
      {% endif %}
    </div>

--- a/counter/tests/test_counter.py
+++ b/counter/tests/test_counter.py
@ -159,7 +159,7 @@ class TestCounter(TestCase):
            },
            HTTP_REFERER=counter_url,
        )
-        assert response.status_code == 302
+        assert response.status_code == 403  # Krophil is not board admin

    def test_annotate_has_barman_queryset(self):
        """Test if the custom queryset method `annotate_has_barman` works as intended."""