klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-07-10 11:59:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add a restriction on the counter login view to authorize only the sellers

Browse Source
This commit is contained in:
Skia
2016-09-09 01:54:26 +02:00
parent 4c2bf9cbf9
commit 90e47c9d7d
4 changed files with 163 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
counter/views.py
View File

@ -81,8 +81,8 @@ class CounterMain(DetailView, ProcessFormView, FormMixin):
kwargs['login_form'].cleaned_data = {} # add_error fails if there are no cleaned_data
if "credentials" in self.request.GET:
kwargs['login_form'].add_error(None, _("Bad credentials"))
if "subscription" in self.request.GET:
kwargs['login_form'].add_error(None, _("User is not subscriber"))
if "sellers" in self.request.GET:
kwargs['login_form'].add_error(None, _("User is not barman"))
kwargs['form'] = self.get_form()
if self.object.type == 'BAR':
kwargs['barmen'] = self.object.get_barmen_list()
@ -356,10 +356,10 @@ class CounterLogin(RedirectView):
self.errors = []
if form.is_valid():
user = User.objects.filter(username=form.cleaned_data['username']).first()
if user.is_in_group(settings.SITH_MAIN_MEMBERS_GROUP) and not user in self.counter.get_barmen_list():
if user in self.counter.sellers.all() and not user in self.counter.get_barmen_list():
self.counter.add_barman(user)
else:
self.errors += ["subscription"]
self.errors += ["sellers"]
else:
self.errors += ["credentials"]
return super(CounterLogin, self).post(request, *args, **kwargs)