Prevent superusers when they make a transaction with a non-member user

apps/note/api/serializers.py

@@ -1,8 +1,12 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-
+from django.utils import timezone
 from rest_framework import serializers
+from rest_framework.serializers import ListSerializer
 from rest_polymorphic.serializers import PolymorphicSerializer
+
+from member.api.serializers import MembershipSerializer
+from member.models import Membership
 from note_kfet.middlewares import get_current_authenticated_user
 from permission.backends import PermissionBackend
 from rest_framework.utils import model_meta
@@ -109,6 +113,8 @@ class ConsumerSerializer(serializers.ModelSerializer):
 
     email_confirmed = serializers.SerializerMethodField()
 
+    membership = serializers.SerializerMethodField()
+
     class Meta:
         model = Alias
         fields = '__all__'
@@ -127,6 +133,17 @@ class ConsumerSerializer(serializers.ModelSerializer):
             return obj.note.user.profile.email_confirmed
         return True
 
+    def get_membership(self, obj):
+        if isinstance(obj.note, NoteUser):
+            memberships = Membership.objects.filter(
+                PermissionBackend.filter_queryset(get_current_authenticated_user(), Membership, "view")).filter(
+                user=obj.note.user,
+                club=2,  # Kfet
+            ).order_by("-date_start")
+            if memberships.exists():
+                return MembershipSerializer().to_representation(memberships.first())
+        return None
+
 
 class TemplateCategorySerializer(serializers.ModelSerializer):
     """

apps/note/models/transactions.py

@@ -202,7 +202,8 @@ class Transaction(PolymorphicModel):
         When saving, also transfer money between two notes
         """
         with transaction.atomic():
-            self.refresh_from_db()
+            if self.pk:
+                self.refresh_from_db()
             self.source.refresh_from_db()
             self.destination.refresh_from_db()
             self.validate(False)

static/js/base.js

@@ -105,8 +105,10 @@ function displayStyle(note) {
         css += " text-danger";
     else if (balance < 0)
         css += " text-warning";
-    if (!note.email_confirmed)
+    else if (!note.email_confirmed)
         css += " text-white bg-primary";
+    else if (note.membership && note.membership.date_end < new Date().toISOString())
+        css += "text-white bg-info";
     return css;
 }
 
@@ -263,6 +265,7 @@ function autoCompleteNote(field_id, note_list_id, notes, notes_display, alias_pr
                 consumers.results.forEach(function (consumer) {
                     let note = consumer.note;
                     note.email_confirmed = consumer.email_confirmed;
+                    note.membership = consumer.membership;
                     let extra_css = displayStyle(note);
                     aliases_matched_html += li(alias_prefix + '_' + consumer.id,
                         consumer.name,

static/js/consos.js

@@ -218,6 +218,9 @@ function consume(source, source_alias, dest, quantity, amount, reason, type, cat
                     addMsg("Attention, La transaction depuis la note " + source_alias + " a été réalisée avec " +
                         "succès, mais la note émettrice " + source_alias + " est en négatif.",
                         "warning", 30000);
+                if (source.note.membership && source.note.membership.date_end > new Date().toISOString())
+                    addMsg("Attention : la note émettrice " + source.name + " n'est plus adhérente.",
+                        "danger", 30000);
             }
             reset();
         }).fail(function (e) {

static/js/transfer.js

@@ -260,6 +260,13 @@ $("#btn_transfer").click(function() {
                         "destination": dest.note.id,
                         "destination_alias": dest.name
                     }).done(function () {
+                        if (source.note.membership && source.note.membership.date_end > new Date().toISOString())
+                            addMsg("Attention : la note émettrice " + source.name + " n'est plus adhérente.",
+                                "danger", 30000);
+                        if (dest.note.membership && dest.note.membership.date_end > new Date().toISOString())
+                            addMsg("Attention : la note destination " + dest.name + " n'est plus adhérente.",
+                                "danger", 30000);
+
                         if (!isNaN(source.note.balance)) {
                             let newBalance = source.note.balance - source.quantity * dest.quantity * amount;
                             if (newBalance <= -5000) {
@@ -327,19 +334,22 @@ $("#btn_transfer").click(function() {
     } else if ($("#type_credit").is(':checked') || $("#type_debit").is(':checked')) {
         let special_note = $("#credit_type").val();
         let user_note;
+        let alias;
         let given_reason = reason;
         let source_id, dest_id;
         if ($("#type_credit").is(':checked')) {
-            user_note = dests_notes_display[0].note.id;
+            user_note = dests_notes_display[0].note;
+            alias = dests_notes_display[0].name;
             source_id = special_note;
-            dest_id = user_note;
+            dest_id = user_note.id;
             reason = "Crédit " + $("#credit_type option:selected").text().toLowerCase();
             if (given_reason.length > 0)
                 reason += " (" + given_reason + ")";
         }
         else {
-            user_note = sources_notes_display[0].note.id;
-            source_id = user_note;
+            user_note = sources_notes_display[0].note;
+            alias = sources_notes_display[0].name;
+            source_id = user_note.id;
             dest_id = special_note;
             reason = "Retrait " + $("#credit_type option:selected").text().toLowerCase();
             if (given_reason.length > 0)
@@ -355,14 +365,16 @@ $("#btn_transfer").click(function() {
                 "polymorphic_ctype": SPECIAL_TRANSFER_POLYMORPHIC_CTYPE,
                 "resourcetype": "SpecialTransaction",
                 "source": source_id,
-                "source_alias": sources_notes_display.length ? sources_notes_display[0].name : null,
+                "source_alias": sources_notes_display.length ? alias : null,
                 "destination": dest_id,
-                "destination_alias": dests_notes_display.length ? dests_notes_display[0].name : null,
+                "destination_alias": dests_notes_display.length ? alias : null,
                 "last_name": $("#last_name").val(),
                 "first_name": $("#first_name").val(),
                 "bank": $("#bank").val()
             }).done(function () {
                 addMsg("Le crédit/retrait a bien été effectué !", "success", 10000);
+                if (user_note.membership && user_note.membership.date_end > new Date().toISOString())
+                    addMsg("Attention : la note " + alias +  " n'est plus adhérente.", "danger", 10000);
                 reset();
             }).fail(function (err) {
                 let errObj = JSON.parse(err.responseText);