diff --git a/counter/tests/test_counter.py b/counter/tests/test_counter.py index 1d50fdf4..a62e5fab 100644 --- a/counter/tests/test_counter.py +++ b/counter/tests/test_counter.py @@ -187,7 +187,7 @@ class TestRefilling(FullClickSetup, TestCase): self.refill_user( self.customer_old_can_not_buy, self.counter, 10 ).status_code - == 403 + == 404 ) def test_refilling_counter_success(self): @@ -868,4 +868,4 @@ class TestClubCounterClickAccess(TestCase): self.counter.sellers.add(self.user) self.client.force_login(self.user) res = self.client.get(self.click_url) - assert res.status_code == 200 + assert res.status_code == 403 diff --git a/counter/views/click.py b/counter/views/click.py index 3a320337..f324a9fc 100644 --- a/counter/views/click.py +++ b/counter/views/click.py @@ -167,7 +167,10 @@ class CounterClick(CounterTabsMixin, CanViewMixin, SingleObjectMixin, FormView): if not self.customer.can_buy or self.customer.user.is_banned_counter: return redirect(obj) # Redirect to counter - if obj.type == "OFFICE" and not obj.club.has_rights_in_club(request.user): + if obj.type == "OFFICE" and ( + obj.sellers.filter(pk=request.user.pk).exists() + or not obj.club.has_rights_in_club(request.user) + ): raise PermissionDenied if obj.type == "BAR" and (