Commit 90e47c9d authored by Skia's avatar Skia 🤘
Browse files

Add a restriction on the counter login view to authorize only the sellers

parent 4c2bf9cb
Pipeline #206 failed with stage
in 2 minutes and 45 seconds
......@@ -151,6 +151,7 @@ class UserTabsMixin(TabedViewMixin):
if (self.object.customer and (self.object == self.request.user
or self.request.user.is_in_group(settings.SITH_GROUPS['accounting-admin']['name'])
or self.request.user.is_in_group(settings.SITH_BAR_MANAGER['unix_name']+settings.SITH_BOARD_SUFFIX)
or self.request.user.is_root)):
'url': reverse('core:user_account', kwargs={'user_id':}),
......@@ -312,6 +313,7 @@ class UserAccountView(UserTabsMixin, DetailView):
res = super(UserAccountView, self).dispatch(request, *arg, **kwargs)
if (self.object == request.user
or request.user.is_in_group(settings.SITH_GROUPS['accounting-admin']['name'])
or request.user.is_in_group(settings.SITH_BAR_MANAGER['unix_name']+settings.SITH_BOARD_SUFFIX)
or request.user.is_root):
return res
raise PermissionDenied
......@@ -81,8 +81,8 @@ class CounterMain(DetailView, ProcessFormView, FormMixin):
kwargs['login_form'].cleaned_data = {} # add_error fails if there are no cleaned_data
if "credentials" in self.request.GET:
kwargs['login_form'].add_error(None, _("Bad credentials"))
if "subscription" in self.request.GET:
kwargs['login_form'].add_error(None, _("User is not subscriber"))
if "sellers" in self.request.GET:
kwargs['login_form'].add_error(None, _("User is not barman"))
kwargs['form'] = self.get_form()
if self.object.type == 'BAR':
kwargs['barmen'] = self.object.get_barmen_list()
......@@ -356,10 +356,10 @@ class CounterLogin(RedirectView):
self.errors = []
if form.is_valid():
user = User.objects.filter(username=form.cleaned_data['username']).first()
if user.is_in_group(settings.SITH_MAIN_MEMBERS_GROUP) and not user in self.counter.get_barmen_list():
if user in self.counter.sellers.all() and not user in self.counter.get_barmen_list():
self.errors += ["subscription"]
self.errors += ["sellers"]
self.errors += ["credentials"]
return super(CounterLogin, self).post(request, *args, **kwargs)
This diff is collapsed.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment