klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-03-26 23:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor RefoundAccountView permission checking

Browse Source
This commit is contained in:
imperosol 2025-03-12 13:47:50 +01:00
parent 99e1318071
commit 93d11bb439
2 changed files with 8 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
accounting/tests.py
View File

@ -32,7 +32,7 @@ class TestRefoundAccount(TestCase):
@classmethod @classmethod
def setUpTestData(cls): def setUpTestData(cls):
cls.skia = User.objects.get(username="skia") cls.skia = User.objects.get(username="skia")
# reffil skia's account # refill skia's account
cls.skia.customer.amount = 800 cls.skia.customer.amount = 800
cls.skia.customer.save() cls.skia.customer.save()
cls.refound_account_url = reverse("accounting:refound_account") cls.refound_account_url = reverse("accounting:refound_account")

25
accounting/views.py
View File

@ -17,7 +17,7 @@ import collections
from django import forms from django import forms
from django.conf import settings from django.conf import settings
from django.contrib.auth.mixins import PermissionRequiredMixin from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
from django.core.exceptions import PermissionDenied, ValidationError from django.core.exceptions import PermissionDenied, ValidationError
from django.db import transaction from django.db import transaction
from django.db.models import Sum from django.db.models import Sum
@ -846,27 +846,16 @@ class CloseCustomerAccountForm(forms.Form):
) )
class RefoundAccountView(FormView): class RefoundAccountView(UserPassesTestMixin, FormView):
"""Create a selling with the same amount than the current user money.""" """Create a selling with the same amount than the current user money."""
template_name = "accounting/refound_account.jinja" template_name = "accounting/refound_account.jinja"
form_class = CloseCustomerAccountForm form_class = CloseCustomerAccountForm
def permission(self, user): def test_func(self):
if user.is_root or user.is_in_group(pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID): return self.request.user.is_root or self.request.user.is_in_group(
return True pk=settings.SITH_GROUP_ACCOUNTING_ADMIN_ID
else: )
raise PermissionDenied
def dispatch(self, request, *arg, **kwargs):
res = super().dispatch(request, *arg, **kwargs)
if self.permission(request.user):
return res
def post(self, request, *arg, **kwargs):
self.operator = request.user
if self.permission(request.user):
return super().post(self, request, *arg, **kwargs)
def form_valid(self, form): def form_valid(self, form):
self.customer = form.cleaned_data["user"] self.customer = form.cleaned_data["user"]
@ -887,7 +876,7 @@ class RefoundAccountView(FormView):
label=_("Refound account"), label=_("Refound account"),
unit_price=uprice, unit_price=uprice,
quantity=1, quantity=1,
seller=self.operator, seller=self.request.user,
customer=self.customer.customer, customer=self.customer.customer,
club=refound_club, club=refound_club,
counter=refound_club_counter, counter=refound_club_counter,