Spam click on invalidity button is no longer possible

apps/logs/api/views.py

@@ -19,5 +19,5 @@ class ChangelogViewSet(ReadOnlyProtectedModelViewSet):
     serializer_class = ChangelogSerializer
     filter_backends = [DjangoFilterBackend, OrderingFilter]
     filterset_fields = ['model', 'action', "instance_pk", 'user', 'ip', ]
-    ordering_fields = ['timestamp', ]
+    ordering_fields = ['timestamp', 'id', ]
-    ordering = ['-timestamp', ]
+    ordering = ['-id', ]

apps/logs/signals.py

@@ -81,19 +81,27 @@ def save_object(sender, instance, **kwargs):
         if instance.last_login != previous.last_login:
             return
 
-    # On crée notre propre sérialiseur JSON pour pouvoir sauvegarder les modèles
+    fields = '__all__'
+    if previous:
+        # On ne garde que les champs modifiés
+        changed_fields = []
+        for field in instance._meta.fields:
+            if getattr(instance, field.name) != getattr(previous, field.name):
+                changed_fields.append(field.name)
+
+    if len(changed_fields) == 0:
+        # Pas de log s'il n'y a pas de modification
+        return
+
+    # On crée notre propre sérialiseur JSON pour pouvoir sauvegarder les modèles avec uniquement les champs modifiés
     class CustomSerializer(ModelSerializer):
         class Meta:
             model = instance.__class__
-            fields = '__all__'
+            fields = changed_fields
 
     previous_json = JSONRenderer().render(CustomSerializer(previous).data).decode("UTF-8") if previous else None
     instance_json = JSONRenderer().render(CustomSerializer(instance).data).decode("UTF-8")
 
-    if previous_json == instance_json:
-        # Pas de log s'il n'y a pas de modification
-        return
-
     Changelog.objects.create(user=user,
                              ip=ip,
                              model=ContentType.objects.get_for_model(instance),

apps/note/models/transactions.py

@@ -167,26 +167,35 @@ class Transaction(PolymorphicModel):
         previous_source_balance = self.source.balance
         previous_dest_balance = self.destination.balance
 
+        source_balance = self.source.balance
+        dest_balance = self.destination.balance
+
         created = self.pk is None
         to_transfer = self.amount * self.quantity
         if not created:
             # Revert old transaction
             old_transaction = Transaction.objects.get(pk=self.pk)
+            # Check that nothing important changed
+            for field_name in ["source_id", "destination_id", "quantity", "amount"]:
+                if getattr(self, field_name) != getattr(old_transaction, field_name):
+                    raise ValidationError(_("You can't update the {field} on a Transaction. "
+                                            "Please invalidate it and create one other.").format(field=field_name))
+
+            if old_transaction.valid == self.valid:
+                # Don't change anything
+                return 0, 0
             if old_transaction.valid:
-                self.source.balance += to_transfer
+                source_balance += to_transfer
-                self.destination.balance -= to_transfer
+                dest_balance -= to_transfer
 
         if self.valid:
-            self.source.balance -= to_transfer
+            source_balance -= to_transfer
-            self.destination.balance += to_transfer
+            dest_balance += to_transfer
 
             # When a transaction is declared valid, we ensure that the invalidity reason is null, if it was
             # previously invalid
             self.invalidity_reason = None
 
-        source_balance = self.source.balance
-        dest_balance = self.destination.balance
-
         if source_balance > 2147483647 or source_balance < -2147483648\
                 or dest_balance > 2147483647 or dest_balance < -2147483648:
             raise ValidationError(_("The note balances must be between - 21 474 836.47 € and 21 474 836.47 €."))

apps/permission/fixtures/initial.json

@@ -2456,7 +2456,7 @@
 				47,
 				49,
 				50,
-				140
+				141
 			]
 		}
 	},

note_kfet/settings/base.py

@@ -46,6 +46,7 @@ INSTALLED_APPS = [
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'django.forms',
+    'django_filters',
 
     # API
     'rest_framework',

note_kfet/static/js/base.js

@@ -349,8 +349,15 @@ function autoCompleteNote(field_id, note_list_id, notes, notes_display, alias_pr
 
 // When a validate button is clicked, we switch the validation status
 function de_validate(id, validated) {
+    let validate_obj = $("#validate_" + id);
+
+    if (validate_obj.data("pending"))
+        // The button is already clicked
+        return;
+
     let invalidity_reason = $("#invalidity_reason_" + id).val();
-    $("#validate_" + id).html("<strong style=\"font-size: 16pt;\">⟳</strong>");
+    validate_obj.html("<strong style=\"font-size: 16pt;\">⟳</strong>");
+    validate_obj.data("pending", true);
 
     // Perform a PATCH request to the API in order to update the transaction
     // If the user has insufficient rights, an error message will appear