Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Sith
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
59
Issues
59
List
Boards
Labels
Service Desk
Milestones
Merge Requests
9
Merge Requests
9
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
AE
Sith
Commits
a078bae2
Commit
a078bae2
authored
Mar 28, 2017
by
Skia
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'bugfix' into 'master'
Fix broken accounting + security fixs See merge request
!57
parents
50413abf
63506b15
Pipeline
#831
failed with stage
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
28 additions
and
13 deletions
+28
-13
core/views/forms.py
core/views/forms.py
+3
-2
core/views/user.py
core/views/user.py
+8
-0
counter/models.py
counter/models.py
+6
-1
counter/views.py
counter/views.py
+11
-10
No files found.
core/views/forms.py
View file @
a078bae2
...
...
@@ -5,6 +5,7 @@ from django.core.exceptions import ValidationError
from
django.contrib.auth
import
logout
,
login
,
authenticate
from
django.forms
import
CheckboxSelectMultiple
,
Select
,
DateInput
,
TextInput
,
DateTimeInput
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.translation
import
ugettext
from
phonenumber_field.widgets
import
PhoneNumberInternationalFallbackWidget
from
ajax_select.fields
import
AutoCompleteSelectField
...
...
@@ -59,7 +60,7 @@ class SelectFile(TextInput):
'title'
:
_
(
"Choose file"
),
'name'
:
name
,
}
output
+=
'<span name="'
+
name
+
'" class="choose_file_button">'
+
_
(
"Choose file"
)
+
'</span>'
output
+=
'<span name="'
+
name
+
'" class="choose_file_button">'
+
ugettext
(
"Choose file"
)
+
'</span>'
return
output
class
SelectUser
(
TextInput
):
...
...
@@ -73,7 +74,7 @@ class SelectUser(TextInput):
'title'
:
_
(
"Choose user"
),
'name'
:
name
,
}
output
+=
'<span name="'
+
name
+
'" class="choose_user_button">'
+
_
(
"Choose user"
)
+
'</span>'
output
+=
'<span name="'
+
name
+
'" class="choose_user_button">'
+
ugettext
(
"Choose user"
)
+
'</span>'
return
output
# Forms
...
...
core/views/user.py
View file @
a078bae2
...
...
@@ -262,6 +262,14 @@ class UserStatsView(UserTabsMixin, CanViewMixin, DetailView):
template_name
=
"core/user_stats.jinja"
current_tab
=
'stats'
def
dispatch
(
self
,
request
,
*
arg
,
**
kwargs
):
profile
=
self
.
get_object
()
if
(
profile
!=
request
.
user
and
not
request
.
user
.
is_root
):
raise
PermissionDenied
return
super
(
UserStatsView
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
def
get_context_data
(
self
,
**
kwargs
):
kwargs
=
super
(
UserStatsView
,
self
).
get_context_data
(
**
kwargs
)
from
counter.models
import
Counter
,
Product
,
Selling
...
...
counter/models.py
View file @
a078bae2
...
...
@@ -6,7 +6,7 @@ from django.core.urlresolvers import reverse
from
django.forms
import
ValidationError
from
django.contrib.sites.shortcuts
import
get_current_site
from
datetime
import
timedelta
from
datetime
import
timedelta
,
date
import
random
import
string
import
os
...
...
@@ -35,6 +35,11 @@ class Customer(models.Model):
def
__str__
(
self
):
return
"%s - %s"
%
(
self
.
user
.
username
,
self
.
account_id
)
@
property
def
can_buy
(
self
):
return
(
self
.
user
.
subscriptions
.
last
()
and
(
date
.
today
()
-
self
.
user
.
subscriptions
.
last
().
subscription_end
)
<
timedelta
(
days
=
90
))
def
generate_account_id
(
number
):
number
=
str
(
number
)
letter
=
random
.
choice
(
string
.
ascii_lowercase
)
...
...
counter/views.py
View file @
a078bae2
from
django.shortcuts
import
render
from
django.shortcuts
import
render
,
get_object_or_404
from
django.http
import
Http404
from
django.core.exceptions
import
PermissionDenied
from
django.views.generic
import
ListView
,
DetailView
,
RedirectView
,
TemplateView
from
django.views.generic.edit
import
UpdateView
,
CreateView
,
DeleteView
,
ProcessFormView
,
FormMixin
...
...
@@ -49,9 +50,7 @@ class GetUserForm(forms.Form):
cus
=
Customer
.
objects
.
filter
(
account_id__iexact
=
cleaned_data
[
'code'
]).
first
()
elif
cleaned_data
[
'id'
]
is
not
None
:
cus
=
Customer
.
objects
.
filter
(
user
=
cleaned_data
[
'id'
]).
first
()
sub
=
cus
.
user
if
cus
is
not
None
else
None
if
(
cus
is
None
or
sub
is
None
or
not
sub
.
subscriptions
.
last
()
or
(
date
.
today
()
-
sub
.
subscriptions
.
last
().
subscription_end
)
>
timedelta
(
days
=
90
)):
if
(
cus
is
None
or
not
cus
.
can_buy
):
raise
forms
.
ValidationError
(
_
(
"User not found"
))
cleaned_data
[
'user_id'
]
=
cus
.
user
.
id
cleaned_data
[
'user'
]
=
cus
.
user
...
...
@@ -60,12 +59,10 @@ class GetUserForm(forms.Form):
class
RefillForm
(
forms
.
ModelForm
):
error_css_class
=
'error'
required_css_class
=
'required'
amount
=
forms
.
FloatField
(
min_value
=
0
,
widget
=
forms
.
NumberInput
(
attrs
=
{
'class'
:
'focus'
}))
class
Meta
:
model
=
Refilling
fields
=
[
'amount'
,
'payment_method'
,
'bank'
]
widgets
=
{
'amount'
:
forms
.
NumberInput
(
attrs
=
{
'class'
:
'focus'
},)
}
class
CounterTabsMixin
(
TabedViewMixin
):
def
get_tabs_title
(
self
):
...
...
@@ -159,9 +156,14 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
pk_url_kwarg
=
"counter_id"
current_tab
=
"counter"
def
dispatch
(
self
,
request
,
*
args
,
**
kwargs
):
self
.
customer
=
get_object_or_404
(
Customer
,
user__id
=
self
.
kwargs
[
'user_id'
])
if
not
self
.
customer
.
can_buy
:
raise
Http404
return
super
(
CounterClick
,
self
).
dispatch
(
request
,
*
args
,
**
kwargs
)
def
get
(
self
,
request
,
*
args
,
**
kwargs
):
"""Simple get view"""
self
.
customer
=
Customer
.
objects
.
filter
(
user__id
=
self
.
kwargs
[
'user_id'
]).
first
()
if
'basket'
not
in
request
.
session
.
keys
():
# Init the basket session entry
request
.
session
[
'basket'
]
=
{}
request
.
session
[
'basket_total'
]
=
0
...
...
@@ -180,7 +182,6 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
""" Handle the many possibilities of the post request """
self
.
object
=
self
.
get_object
()
self
.
customer
=
Customer
.
objects
.
filter
(
user__id
=
self
.
kwargs
[
'user_id'
]).
first
()
self
.
refill_form
=
None
if
((
self
.
object
.
type
!=
"BAR"
and
not
request
.
user
.
is_authenticated
())
or
(
self
.
object
.
type
==
"BAR"
and
...
...
@@ -275,7 +276,7 @@ class CounterClick(CounterTabsMixin, CanViewMixin, DetailView):
total_qty_mod_6
=
self
.
get_total_quantity_for_pid
(
request
,
pid
)
%
6
bq
=
int
((
total_qty_mod_6
+
q
)
/
6
)
# Integer division
q
-=
bq
if
self
.
customer
.
amount
<
(
total
+
q
*
float
(
price
)):
# Check for enough money
if
self
.
customer
.
amount
<
(
total
+
round
(
q
*
float
(
price
),
2
)):
# Check for enough money
request
.
session
[
'not_enough'
]
=
True
return
False
if
product
.
limit_age
>=
18
and
not
self
.
customer
.
user
.
date_of_birth
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment