counter: fix eticket server crash induced by old permission system and fix Selling permission

2019-10-16 21:21:51 +02:00 · 2019-10-16 21:21:51 +02:00 · 241650c171
parent 811809895e
commit 241650c171
2 changed files with 7 additions and 1 deletions
--- a/counter/models.py
+++ b/counter/models.py
@ -478,6 +478,8 @@ class Selling(models.Model):
        return user.is_owner(self.counter) and self.payment_method != "CARD"

    def can_be_viewed_by(self, user):
+        if not hasattr(self, "customer"):  # Customer can be set to Null
+            return False
        return user == self.customer.user

    def delete(self, *args, **kwargs):
--- a/counter/views.py
+++ b/counter/views.py
@ -1752,7 +1752,11 @@ class EticketPDFView(CanViewMixin, DetailView):
        from reportlab.graphics.barcode.qr import QrCodeWidget
        from reportlab.graphics import renderPDF

-        self.object = self.get_object()
+        if not (
+            hasattr(self.object, "product") and hasattr(self.object.product, "eticket")
+        ):
+            raise Http404
+
        eticket = self.object.product.eticket
        user = self.object.customer.user
        code = "%s %s %s %s" % (