Merge branch 'bugfix' into 'master'

Serious counter fix

See merge request !62
This commit is contained in:
Skia 2017-04-04 15:48:59 +02:00
commit ec8ee15d0e

View File

@ -2,6 +2,7 @@ from django.shortcuts import render, get_object_or_404
from django.http import Http404 from django.http import Http404
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django.views.generic import ListView, DetailView, RedirectView, TemplateView from django.views.generic import ListView, DetailView, RedirectView, TemplateView
from django.views.generic.base import View
from django.views.generic.edit import UpdateView, CreateView, DeleteView, ProcessFormView, FormMixin from django.views.generic.edit import UpdateView, CreateView, DeleteView, ProcessFormView, FormMixin
from django.forms.models import modelform_factory from django.forms.models import modelform_factory
from django.forms import CheckboxSelectMultiple from django.forms import CheckboxSelectMultiple
@ -28,6 +29,33 @@ from counter.models import Counter, Customer, Product, Selling, Refilling, Produ
CashRegisterSummary, CashRegisterSummaryItem, Eticket, Permanency CashRegisterSummary, CashRegisterSummaryItem, Eticket, Permanency
from accounting.models import CurrencyField from accounting.models import CurrencyField
class CounterAdminMixin(View):
"""
This view is made to protect counter admin section
"""
edit_group = [settings.SITH_GROUP_COUNTER_ADMIN_ID]
edit_club = []
def _test_group(self, user):
for g in self.edit_group:
if user.is_in_group(g):
return True
return False
def _test_club(self, user):
for c in self.edit_club:
if c.can_be_edited_by(user):
return True
return False
def dispatch(self, request, *args, **kwargs):
res = super(CounterAdminMixin, self).dispatch(request, *args, **kwargs)
if not (request.user.is_root or self._test_group(request.user)
or self._test_club(request.user)):
raise PermissionDenied
return res
class GetUserForm(forms.Form): class GetUserForm(forms.Form):
""" """
The Form class aims at providing a valid user_id field in its cleaned data, in order to pass it to some view, The Form class aims at providing a valid user_id field in its cleaned data, in order to pass it to some view,
@ -158,8 +186,16 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
self.customer = get_object_or_404(Customer, user__id=self.kwargs['user_id']) self.customer = get_object_or_404(Customer, user__id=self.kwargs['user_id'])
obj = self.get_object()
if not self.customer.can_buy: if not self.customer.can_buy:
raise Http404 raise Http404
if obj.type == "BAR":
if not ('counter_token' in request.session.keys() and
request.session['counter_token'] == obj.token) or len(obj.get_barmen_list())<1:
raise PermissionDenied
else:
if not request.user.is_authenticated():
raise PermissionDenied
return super(CounterClick, self).dispatch(request, *args, **kwargs) return super(CounterClick, self).dispatch(request, *args, **kwargs)
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
@ -376,6 +412,7 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
def refill(self, request): def refill(self, request):
"""Refill the customer's account""" """Refill the customer's account"""
if self.get_object().type == 'BAR':
form = RefillForm(request.POST) form = RefillForm(request.POST)
if form.is_valid(): if form.is_valid():
form.instance.counter = self.object form.instance.counter = self.object
@ -384,6 +421,8 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
form.instance.save() form.instance.save()
else: else:
self.refill_form = form self.refill_form = form
else:
raise PermissionDenied
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
""" Add customer to the context """ """ Add customer to the context """
@ -496,7 +535,7 @@ class CounterEditForm(forms.ModelForm):
sellers = make_ajax_field(Counter, 'sellers', 'users', help_text="") sellers = make_ajax_field(Counter, 'sellers', 'users', help_text="")
products = make_ajax_field(Counter, 'products', 'products', help_text="") products = make_ajax_field(Counter, 'products', 'products', help_text="")
class CounterEditView(CounterAdminTabsMixin, CanEditMixin, UpdateView): class CounterEditView(CounterAdminTabsMixin, CounterAdminMixin, UpdateView):
""" """
Edit a counter's main informations (for the counter's manager) Edit a counter's main informations (for the counter's manager)
""" """
@ -506,10 +545,15 @@ class CounterEditView(CounterAdminTabsMixin, CanEditMixin, UpdateView):
template_name = 'core/edit.jinja' template_name = 'core/edit.jinja'
current_tab = "counters" current_tab = "counters"
def dispatch(self, request, *args, **kwargs):
obj = self.get_object()
self.edit_club.append(obj.club)
return super(CounterEditView, self).dispatch(request, *args, **kwargs)
def get_success_url(self): def get_success_url(self):
return reverse_lazy('counter:admin', kwargs={'counter_id': self.object.id}) return reverse_lazy('counter:admin', kwargs={'counter_id': self.object.id})
class CounterEditPropView(CounterAdminTabsMixin, CanEditPropMixin, UpdateView): class CounterEditPropView(CounterAdminTabsMixin, CounterAdminMixin, UpdateView):
""" """
Edit a counter's main informations (for the counter's admin) Edit a counter's main informations (for the counter's admin)
""" """
@ -519,7 +563,7 @@ class CounterEditPropView(CounterAdminTabsMixin, CanEditPropMixin, UpdateView):
template_name = 'core/edit.jinja' template_name = 'core/edit.jinja'
current_tab = "counters" current_tab = "counters"
class CounterCreateView(CounterAdminTabsMixin, CanEditMixin, CreateView): class CounterCreateView(CounterAdminTabsMixin, CounterAdminMixin, CreateView):
""" """
Create a counter (for the admins) Create a counter (for the admins)
""" """
@ -529,7 +573,7 @@ class CounterCreateView(CounterAdminTabsMixin, CanEditMixin, CreateView):
template_name = 'core/create.jinja' template_name = 'core/create.jinja'
current_tab = "counters" current_tab = "counters"
class CounterDeleteView(CounterAdminTabsMixin, CanEditMixin, DeleteView): class CounterDeleteView(CounterAdminTabsMixin, CounterAdminMixin, DeleteView):
""" """
Delete a counter (for the admins) Delete a counter (for the admins)
""" """
@ -541,7 +585,7 @@ class CounterDeleteView(CounterAdminTabsMixin, CanEditMixin, DeleteView):
# Product management # Product management
class ProductTypeListView(CounterAdminTabsMixin, CanEditPropMixin, ListView): class ProductTypeListView(CounterAdminTabsMixin, CounterAdminMixin, ListView):
""" """
A list view for the admins A list view for the admins
""" """
@ -549,7 +593,7 @@ class ProductTypeListView(CounterAdminTabsMixin, CanEditPropMixin, ListView):
template_name = 'counter/producttype_list.jinja' template_name = 'counter/producttype_list.jinja'
current_tab = "product_types" current_tab = "product_types"
class ProductTypeCreateView(CounterAdminTabsMixin, CanCreateMixin, CreateView): class ProductTypeCreateView(CounterAdminTabsMixin, CounterAdminMixin, CreateView):
""" """
A create view for the admins A create view for the admins
""" """
@ -558,7 +602,7 @@ class ProductTypeCreateView(CounterAdminTabsMixin, CanCreateMixin, CreateView):
template_name = 'core/create.jinja' template_name = 'core/create.jinja'
current_tab = "products" current_tab = "products"
class ProductTypeEditView(CounterAdminTabsMixin, CanEditPropMixin, UpdateView): class ProductTypeEditView(CounterAdminTabsMixin, CounterAdminMixin, UpdateView):
""" """
An edit view for the admins An edit view for the admins
""" """
@ -568,7 +612,7 @@ class ProductTypeEditView(CounterAdminTabsMixin, CanEditPropMixin, UpdateView):
pk_url_kwarg = "type_id" pk_url_kwarg = "type_id"
current_tab = "products" current_tab = "products"
class ProductArchivedListView(CounterAdminTabsMixin, CanEditPropMixin, ListView): class ProductArchivedListView(CounterAdminTabsMixin, CounterAdminMixin, ListView):
""" """
A list view for the admins A list view for the admins
""" """
@ -578,7 +622,7 @@ class ProductArchivedListView(CounterAdminTabsMixin, CanEditPropMixin, ListView)
ordering = ['name'] ordering = ['name']
current_tab = "archive" current_tab = "archive"
class ProductListView(CounterAdminTabsMixin, CanEditPropMixin, ListView): class ProductListView(CounterAdminTabsMixin, CounterAdminMixin, ListView):
""" """
A list view for the admins A list view for the admins
""" """
@ -616,7 +660,7 @@ class ProductEditForm(forms.ModelForm):
c.save() c.save()
return ret return ret
class ProductCreateView(CounterAdminTabsMixin, CanCreateMixin, CreateView): class ProductCreateView(CounterAdminTabsMixin, CounterAdminMixin, CreateView):
""" """
A create view for the admins A create view for the admins
""" """
@ -625,7 +669,7 @@ class ProductCreateView(CounterAdminTabsMixin, CanCreateMixin, CreateView):
template_name = 'core/create.jinja' template_name = 'core/create.jinja'
current_tab = "products" current_tab = "products"
class ProductEditView(CounterAdminTabsMixin, CanEditPropMixin, UpdateView): class ProductEditView(CounterAdminTabsMixin, CounterAdminMixin, UpdateView):
""" """
An edit view for the admins An edit view for the admins
""" """
@ -855,7 +899,7 @@ class CounterActivityView(DetailView):
pk_url_kwarg = "counter_id" pk_url_kwarg = "counter_id"
template_name = 'counter/activity.jinja' template_name = 'counter/activity.jinja'
class CounterStatView(DetailView, CanEditMixin): class CounterStatView(DetailView, CounterAdminMixin):
""" """
Show the bar stats Show the bar stats
""" """
@ -917,7 +961,7 @@ class CounterStatView(DetailView, CanEditMixin):
return super(CanEditMixin, self).dispatch(request, *args, **kwargs) return super(CanEditMixin, self).dispatch(request, *args, **kwargs)
raise PermissionDenied raise PermissionDenied
class CashSummaryEditView(CanEditPropMixin, CounterAdminTabsMixin, UpdateView): class CashSummaryEditView(CounterAdminTabsMixin, CounterAdminMixin, UpdateView):
"""Edit cash summaries""" """Edit cash summaries"""
model = CashRegisterSummary model = CashRegisterSummary
template_name = 'counter/cash_register_summary.jinja' template_name = 'counter/cash_register_summary.jinja'
@ -933,7 +977,7 @@ class CashSummaryFormBase(forms.Form):
begin_date = forms.DateTimeField(['%Y-%m-%d %H:%M:%S'], label=_("Begin date"), required=False, widget=SelectDateTime) begin_date = forms.DateTimeField(['%Y-%m-%d %H:%M:%S'], label=_("Begin date"), required=False, widget=SelectDateTime)
end_date = forms.DateTimeField(['%Y-%m-%d %H:%M:%S'], label=_("End date"), required=False, widget=SelectDateTime) end_date = forms.DateTimeField(['%Y-%m-%d %H:%M:%S'], label=_("End date"), required=False, widget=SelectDateTime)
class CashSummaryListView(CanEditPropMixin, CounterAdminTabsMixin, ListView): class CashSummaryListView(CounterAdminTabsMixin, CounterAdminMixin, ListView):
"""Display a list of cash summaries""" """Display a list of cash summaries"""
model = CashRegisterSummary model = CashRegisterSummary
template_name = 'counter/cash_summary_list.jinja' template_name = 'counter/cash_summary_list.jinja'
@ -970,7 +1014,7 @@ class CashSummaryListView(CanEditPropMixin, CounterAdminTabsMixin, ListView):
kwargs['refilling_sums'][c.name] = sum([s.amount for s in refillings.all()]) kwargs['refilling_sums'][c.name] = sum([s.amount for s in refillings.all()])
return kwargs return kwargs
class InvoiceCallView(CounterAdminTabsMixin, TemplateView): class InvoiceCallView(CounterAdminTabsMixin, CounterAdminMixin, TemplateView):
template_name = 'counter/invoices_call.jinja' template_name = 'counter/invoices_call.jinja'
current_tab = 'invoices_call' current_tab = 'invoices_call'
@ -997,7 +1041,7 @@ class InvoiceCallView(CounterAdminTabsMixin, TemplateView):
)).exclude(selling_sum=None).order_by('-selling_sum') )).exclude(selling_sum=None).order_by('-selling_sum')
return kwargs return kwargs
class EticketListView(CounterAdminTabsMixin, CanEditPropMixin, ListView): class EticketListView(CounterAdminTabsMixin, CounterAdminMixin, ListView):
""" """
A list view for the admins A list view for the admins
""" """
@ -1015,7 +1059,7 @@ class EticketForm(forms.ModelForm):
} }
product = AutoCompleteSelectField('products', show_help_text=False, label=_("Product"), required=True) product = AutoCompleteSelectField('products', show_help_text=False, label=_("Product"), required=True)
class EticketCreateView(CounterAdminTabsMixin, CanEditPropMixin, CreateView): class EticketCreateView(CounterAdminTabsMixin, CounterAdminMixin, CreateView):
""" """
Create an eticket Create an eticket
""" """
@ -1024,7 +1068,7 @@ class EticketCreateView(CounterAdminTabsMixin, CanEditPropMixin, CreateView):
form_class = EticketForm form_class = EticketForm
current_tab = "etickets" current_tab = "etickets"
class EticketEditView(CounterAdminTabsMixin, CanEditPropMixin, UpdateView): class EticketEditView(CounterAdminTabsMixin, CounterAdminMixin, UpdateView):
""" """
Edit an eticket Edit an eticket
""" """