mirror of https://gitlab.crans.org/bde/nk20
Prevent superusers when they make a transaction with a non-member user
This commit is contained in:
parent
2851d7764c
commit
018ca84e2d
|
@ -1,8 +1,12 @@
|
||||||
# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
|
# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
from django.utils import timezone
|
||||||
from rest_framework import serializers
|
from rest_framework import serializers
|
||||||
|
from rest_framework.serializers import ListSerializer
|
||||||
from rest_polymorphic.serializers import PolymorphicSerializer
|
from rest_polymorphic.serializers import PolymorphicSerializer
|
||||||
|
|
||||||
|
from member.api.serializers import MembershipSerializer
|
||||||
|
from member.models import Membership
|
||||||
from note_kfet.middlewares import get_current_authenticated_user
|
from note_kfet.middlewares import get_current_authenticated_user
|
||||||
from permission.backends import PermissionBackend
|
from permission.backends import PermissionBackend
|
||||||
from rest_framework.utils import model_meta
|
from rest_framework.utils import model_meta
|
||||||
|
@ -109,6 +113,8 @@ class ConsumerSerializer(serializers.ModelSerializer):
|
||||||
|
|
||||||
email_confirmed = serializers.SerializerMethodField()
|
email_confirmed = serializers.SerializerMethodField()
|
||||||
|
|
||||||
|
membership = serializers.SerializerMethodField()
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Alias
|
model = Alias
|
||||||
fields = '__all__'
|
fields = '__all__'
|
||||||
|
@ -127,6 +133,17 @@ class ConsumerSerializer(serializers.ModelSerializer):
|
||||||
return obj.note.user.profile.email_confirmed
|
return obj.note.user.profile.email_confirmed
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def get_membership(self, obj):
|
||||||
|
if isinstance(obj.note, NoteUser):
|
||||||
|
memberships = Membership.objects.filter(
|
||||||
|
PermissionBackend.filter_queryset(get_current_authenticated_user(), Membership, "view")).filter(
|
||||||
|
user=obj.note.user,
|
||||||
|
club=2, # Kfet
|
||||||
|
).order_by("-date_start")
|
||||||
|
if memberships.exists():
|
||||||
|
return MembershipSerializer().to_representation(memberships.first())
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
class TemplateCategorySerializer(serializers.ModelSerializer):
|
class TemplateCategorySerializer(serializers.ModelSerializer):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -202,6 +202,7 @@ class Transaction(PolymorphicModel):
|
||||||
When saving, also transfer money between two notes
|
When saving, also transfer money between two notes
|
||||||
"""
|
"""
|
||||||
with transaction.atomic():
|
with transaction.atomic():
|
||||||
|
if self.pk:
|
||||||
self.refresh_from_db()
|
self.refresh_from_db()
|
||||||
self.source.refresh_from_db()
|
self.source.refresh_from_db()
|
||||||
self.destination.refresh_from_db()
|
self.destination.refresh_from_db()
|
||||||
|
|
|
@ -105,8 +105,10 @@ function displayStyle(note) {
|
||||||
css += " text-danger";
|
css += " text-danger";
|
||||||
else if (balance < 0)
|
else if (balance < 0)
|
||||||
css += " text-warning";
|
css += " text-warning";
|
||||||
if (!note.email_confirmed)
|
else if (!note.email_confirmed)
|
||||||
css += " text-white bg-primary";
|
css += " text-white bg-primary";
|
||||||
|
else if (note.membership && note.membership.date_end < new Date().toISOString())
|
||||||
|
css += "text-white bg-info";
|
||||||
return css;
|
return css;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -263,6 +265,7 @@ function autoCompleteNote(field_id, note_list_id, notes, notes_display, alias_pr
|
||||||
consumers.results.forEach(function (consumer) {
|
consumers.results.forEach(function (consumer) {
|
||||||
let note = consumer.note;
|
let note = consumer.note;
|
||||||
note.email_confirmed = consumer.email_confirmed;
|
note.email_confirmed = consumer.email_confirmed;
|
||||||
|
note.membership = consumer.membership;
|
||||||
let extra_css = displayStyle(note);
|
let extra_css = displayStyle(note);
|
||||||
aliases_matched_html += li(alias_prefix + '_' + consumer.id,
|
aliases_matched_html += li(alias_prefix + '_' + consumer.id,
|
||||||
consumer.name,
|
consumer.name,
|
||||||
|
|
|
@ -218,6 +218,9 @@ function consume(source, source_alias, dest, quantity, amount, reason, type, cat
|
||||||
addMsg("Attention, La transaction depuis la note " + source_alias + " a été réalisée avec " +
|
addMsg("Attention, La transaction depuis la note " + source_alias + " a été réalisée avec " +
|
||||||
"succès, mais la note émettrice " + source_alias + " est en négatif.",
|
"succès, mais la note émettrice " + source_alias + " est en négatif.",
|
||||||
"warning", 30000);
|
"warning", 30000);
|
||||||
|
if (source.note.membership && source.note.membership.date_end > new Date().toISOString())
|
||||||
|
addMsg("Attention : la note émettrice " + source.name + " n'est plus adhérente.",
|
||||||
|
"danger", 30000);
|
||||||
}
|
}
|
||||||
reset();
|
reset();
|
||||||
}).fail(function (e) {
|
}).fail(function (e) {
|
||||||
|
|
|
@ -260,6 +260,13 @@ $("#btn_transfer").click(function() {
|
||||||
"destination": dest.note.id,
|
"destination": dest.note.id,
|
||||||
"destination_alias": dest.name
|
"destination_alias": dest.name
|
||||||
}).done(function () {
|
}).done(function () {
|
||||||
|
if (source.note.membership && source.note.membership.date_end > new Date().toISOString())
|
||||||
|
addMsg("Attention : la note émettrice " + source.name + " n'est plus adhérente.",
|
||||||
|
"danger", 30000);
|
||||||
|
if (dest.note.membership && dest.note.membership.date_end > new Date().toISOString())
|
||||||
|
addMsg("Attention : la note destination " + dest.name + " n'est plus adhérente.",
|
||||||
|
"danger", 30000);
|
||||||
|
|
||||||
if (!isNaN(source.note.balance)) {
|
if (!isNaN(source.note.balance)) {
|
||||||
let newBalance = source.note.balance - source.quantity * dest.quantity * amount;
|
let newBalance = source.note.balance - source.quantity * dest.quantity * amount;
|
||||||
if (newBalance <= -5000) {
|
if (newBalance <= -5000) {
|
||||||
|
@ -327,19 +334,22 @@ $("#btn_transfer").click(function() {
|
||||||
} else if ($("#type_credit").is(':checked') || $("#type_debit").is(':checked')) {
|
} else if ($("#type_credit").is(':checked') || $("#type_debit").is(':checked')) {
|
||||||
let special_note = $("#credit_type").val();
|
let special_note = $("#credit_type").val();
|
||||||
let user_note;
|
let user_note;
|
||||||
|
let alias;
|
||||||
let given_reason = reason;
|
let given_reason = reason;
|
||||||
let source_id, dest_id;
|
let source_id, dest_id;
|
||||||
if ($("#type_credit").is(':checked')) {
|
if ($("#type_credit").is(':checked')) {
|
||||||
user_note = dests_notes_display[0].note.id;
|
user_note = dests_notes_display[0].note;
|
||||||
|
alias = dests_notes_display[0].name;
|
||||||
source_id = special_note;
|
source_id = special_note;
|
||||||
dest_id = user_note;
|
dest_id = user_note.id;
|
||||||
reason = "Crédit " + $("#credit_type option:selected").text().toLowerCase();
|
reason = "Crédit " + $("#credit_type option:selected").text().toLowerCase();
|
||||||
if (given_reason.length > 0)
|
if (given_reason.length > 0)
|
||||||
reason += " (" + given_reason + ")";
|
reason += " (" + given_reason + ")";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
user_note = sources_notes_display[0].note.id;
|
user_note = sources_notes_display[0].note;
|
||||||
source_id = user_note;
|
alias = sources_notes_display[0].name;
|
||||||
|
source_id = user_note.id;
|
||||||
dest_id = special_note;
|
dest_id = special_note;
|
||||||
reason = "Retrait " + $("#credit_type option:selected").text().toLowerCase();
|
reason = "Retrait " + $("#credit_type option:selected").text().toLowerCase();
|
||||||
if (given_reason.length > 0)
|
if (given_reason.length > 0)
|
||||||
|
@ -355,14 +365,16 @@ $("#btn_transfer").click(function() {
|
||||||
"polymorphic_ctype": SPECIAL_TRANSFER_POLYMORPHIC_CTYPE,
|
"polymorphic_ctype": SPECIAL_TRANSFER_POLYMORPHIC_CTYPE,
|
||||||
"resourcetype": "SpecialTransaction",
|
"resourcetype": "SpecialTransaction",
|
||||||
"source": source_id,
|
"source": source_id,
|
||||||
"source_alias": sources_notes_display.length ? sources_notes_display[0].name : null,
|
"source_alias": sources_notes_display.length ? alias : null,
|
||||||
"destination": dest_id,
|
"destination": dest_id,
|
||||||
"destination_alias": dests_notes_display.length ? dests_notes_display[0].name : null,
|
"destination_alias": dests_notes_display.length ? alias : null,
|
||||||
"last_name": $("#last_name").val(),
|
"last_name": $("#last_name").val(),
|
||||||
"first_name": $("#first_name").val(),
|
"first_name": $("#first_name").val(),
|
||||||
"bank": $("#bank").val()
|
"bank": $("#bank").val()
|
||||||
}).done(function () {
|
}).done(function () {
|
||||||
addMsg("Le crédit/retrait a bien été effectué !", "success", 10000);
|
addMsg("Le crédit/retrait a bien été effectué !", "success", 10000);
|
||||||
|
if (user_note.membership && user_note.membership.date_end > new Date().toISOString())
|
||||||
|
addMsg("Attention : la note " + alias + " n'est plus adhérente.", "danger", 10000);
|
||||||
reset();
|
reset();
|
||||||
}).fail(function (err) {
|
}).fail(function (err) {
|
||||||
let errObj = JSON.parse(err.responseText);
|
let errObj = JSON.parse(err.responseText);
|
||||||
|
|
Loading…
Reference in New Issue