mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-25 22:03:10 +00:00
Merge branch 'fix_346' into 'dev'
fix: Missing ACL check for some cotisation endpoints See merge request re2o/re2o!626
This commit is contained in:
commit
dc153bb2c8
2 changed files with 11 additions and 5 deletions
|
@ -32,14 +32,16 @@ from django.utils.translation import ugettext as _
|
||||||
from cotisations.models import Facture as Invoice
|
from cotisations.models import Facture as Invoice
|
||||||
from cotisations.utils import find_payment_method
|
from cotisations.utils import find_payment_method
|
||||||
|
|
||||||
|
from re2o.acl import can_view
|
||||||
|
|
||||||
from .forms import InvoiceForm
|
from .forms import InvoiceForm
|
||||||
from .models import ChequePayment
|
from .models import ChequePayment
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def cheque(request, invoice_pk):
|
@can_view(Invoice)
|
||||||
|
def cheque(request, invoice, **_kwargs):
|
||||||
"""This view validate an invoice with the data from a cheque."""
|
"""This view validate an invoice with the data from a cheque."""
|
||||||
invoice = get_object_or_404(Invoice, pk=invoice_pk)
|
|
||||||
payment_method = find_payment_method(invoice.paiement)
|
payment_method = find_payment_method(invoice.paiement)
|
||||||
if invoice.valid or not isinstance(payment_method, ChequePayment):
|
if invoice.valid or not isinstance(payment_method, ChequePayment):
|
||||||
messages.error(request, _("You can't pay this invoice with a cheque."))
|
messages.error(request, _("You can't pay this invoice with a cheque."))
|
||||||
|
|
|
@ -34,7 +34,10 @@ from django.utils.datastructures import MultiValueDictKeyError
|
||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
from django.views.decorators.csrf import csrf_exempt
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
|
|
||||||
|
from re2o.acl import can_view
|
||||||
|
|
||||||
from cotisations.models import Facture
|
from cotisations.models import Facture
|
||||||
|
from cotisations.utils import find_payment_method
|
||||||
|
|
||||||
from .comnpay import Transaction
|
from .comnpay import Transaction
|
||||||
from .models import ComnpayPayment
|
from .models import ComnpayPayment
|
||||||
|
@ -42,13 +45,14 @@ from .models import ComnpayPayment
|
||||||
|
|
||||||
@csrf_exempt
|
@csrf_exempt
|
||||||
@login_required
|
@login_required
|
||||||
def accept_payment(request, factureid):
|
@can_view(Facture)
|
||||||
|
def accept_payment(request, invoice, **_kwargs):
|
||||||
"""
|
"""
|
||||||
The view where the user is redirected when a comnpay payment has been
|
The view where the user is redirected when a comnpay payment has been
|
||||||
accepted.
|
accepted.
|
||||||
"""
|
"""
|
||||||
invoice = get_object_or_404(Facture, id=factureid)
|
payment_method = find_payment_method(invoice.paiement)
|
||||||
if invoice.valid:
|
if invoice.valid and isinstance(payment_method, ComnpayPayment):
|
||||||
messages.success(
|
messages.success(
|
||||||
request,
|
request,
|
||||||
_("The payment of %(amount)s € was accepted.")
|
_("The payment of %(amount)s € was accepted.")
|
||||||
|
|
Loading…
Reference in a new issue