Serious counter fix

This commit is contained in:
Antoine Bartuccio 2017-04-03 10:41:36 +02:00
parent fb09719317
commit 5d89786c8f

View File

@ -158,8 +158,16 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
self.customer = get_object_or_404(Customer, user__id=self.kwargs['user_id']) self.customer = get_object_or_404(Customer, user__id=self.kwargs['user_id'])
obj = self.get_object()
if not self.customer.can_buy: if not self.customer.can_buy:
raise Http404 raise Http404
if obj.type == "BAR":
if not ('counter_token' in request.session.keys() and
request.session['counter_token'] == obj.token) or len(obj.get_barmen_list())<1:
raise PermissionDenied
else:
if not request.user.is_authenticated():
raise PermissionDenied
return super(CounterClick, self).dispatch(request, *args, **kwargs) return super(CounterClick, self).dispatch(request, *args, **kwargs)
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
@ -376,6 +384,7 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
def refill(self, request): def refill(self, request):
"""Refill the customer's account""" """Refill the customer's account"""
if self.get_object().type == 'BAR':
form = RefillForm(request.POST) form = RefillForm(request.POST)
if form.is_valid(): if form.is_valid():
form.instance.counter = self.object form.instance.counter = self.object
@ -384,6 +393,8 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
form.instance.save() form.instance.save()
else: else:
self.refill_form = form self.refill_form = form
else:
raise PermissionDenied
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
""" Add customer to the context """ """ Add customer to the context """