mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-22 03:13:12 +00:00
Merge branch 'fix_346' into 'dev'
fix: Missing ACL check for some cotisation endpoints See merge request re2o/re2o!626
This commit is contained in:
commit
dc153bb2c8
2 changed files with 11 additions and 5 deletions
|
@ -32,14 +32,16 @@ from django.utils.translation import ugettext as _
|
|||
from cotisations.models import Facture as Invoice
|
||||
from cotisations.utils import find_payment_method
|
||||
|
||||
from re2o.acl import can_view
|
||||
|
||||
from .forms import InvoiceForm
|
||||
from .models import ChequePayment
|
||||
|
||||
|
||||
@login_required
|
||||
def cheque(request, invoice_pk):
|
||||
@can_view(Invoice)
|
||||
def cheque(request, invoice, **_kwargs):
|
||||
"""This view validate an invoice with the data from a cheque."""
|
||||
invoice = get_object_or_404(Invoice, pk=invoice_pk)
|
||||
payment_method = find_payment_method(invoice.paiement)
|
||||
if invoice.valid or not isinstance(payment_method, ChequePayment):
|
||||
messages.error(request, _("You can't pay this invoice with a cheque."))
|
||||
|
|
|
@ -34,7 +34,10 @@ from django.utils.datastructures import MultiValueDictKeyError
|
|||
from django.utils.translation import ugettext as _
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
||||
from re2o.acl import can_view
|
||||
|
||||
from cotisations.models import Facture
|
||||
from cotisations.utils import find_payment_method
|
||||
|
||||
from .comnpay import Transaction
|
||||
from .models import ComnpayPayment
|
||||
|
@ -42,13 +45,14 @@ from .models import ComnpayPayment
|
|||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def accept_payment(request, factureid):
|
||||
@can_view(Facture)
|
||||
def accept_payment(request, invoice, **_kwargs):
|
||||
"""
|
||||
The view where the user is redirected when a comnpay payment has been
|
||||
accepted.
|
||||
"""
|
||||
invoice = get_object_or_404(Facture, id=factureid)
|
||||
if invoice.valid:
|
||||
payment_method = find_payment_method(invoice.paiement)
|
||||
if invoice.valid and isinstance(payment_method, ComnpayPayment):
|
||||
messages.success(
|
||||
request,
|
||||
_("The payment of %(amount)s € was accepted.")
|
||||
|
|
Loading…
Reference in a new issue