Security against the cycles

This commit is contained in:
korenstin 2024-07-08 17:44:09 +02:00
parent 50a680eed2
commit dcfd0167e7
2 changed files with 13 additions and 17 deletions

View File

@ -27,10 +27,9 @@ class TransformedFoodAdmin(admin.ModelAdmin):
exclude = ["allergens", "expiry_date"] exclude = ["allergens", "expiry_date"]
@transaction.atomic @transaction.atomic
def save_related(self, *args, **kwargs): def save_related(self, request, form, *args, **kwargs):
ans = super().save_related(*args, **kwargs) super().save_related(request, form, *args, **kwargs)
args[1].instance.update() form.instance.update()
return ans
@admin.register(Allergen, site=admin_site) @admin.register(Allergen, site=admin_site)

View File

@ -17,9 +17,9 @@ from .models import BasicFood, Food, QRCode, TransformedFood
from .tables import TransformedFoodTable from .tables import TransformedFoodTable
class AddIngredientView(ProtectQuerysetMixin, FormView): class AddIngredientView(ProtectQuerysetMixin, UpdateView):
""" """
A view to see a qrcode A view to add an ingredient
""" """
model = Food model = Food
template_name = 'food/add_ingredient_form.html' template_name = 'food/add_ingredient_form.html'
@ -34,28 +34,25 @@ class AddIngredientView(ProtectQuerysetMixin, FormView):
@transaction.atomic @transaction.atomic
def form_valid(self, form): def form_valid(self, form):
form.instance.creater = self.request.user form.instance.creater = self.request.user
food = Food.objects.get(pk=self.kwargs['pk'])
add_ingredient_form = AddIngredientForms(data=self.request.POST) add_ingredient_form = AddIngredientForms(data=self.request.POST)
if not food.is_ready:
form.add_error(None, _("The product isn't ready"))
return self.form_invalid(form)
if not add_ingredient_form.is_valid(): if not add_ingredient_form.is_valid():
return self.form_invalid(form) return self.form_invalid(form)
food = Food.objects.get(pk=self.kwargs['pk'])
# Save the aliment and the allergens associed # Save the aliment and the allergens associed
for transformed_pk in self.request.POST.getlist('ingredient'): for transformed_pk in self.request.POST.getlist('ingredient'):
transformed = TransformedFood.objects.get(pk=transformed_pk) transformed = TransformedFood.objects.get(pk=transformed_pk)
transformed.ingredient.add(food) if not transformed.is_ready:
transformed.update() transformed.ingredient.add(food)
transformed.update()
return super().form_valid(form) return HttpResponseRedirect(self.get_success_url())
def get_success_url(self, **kwargs): def get_success_url(self, **kwargs):
return reverse('food:food_list') return reverse('food:food_list')
def get_sample_object(self):
return TransformedFood(
name="",
creation_date=timezone.now(),
)
class BasicFoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView): class BasicFoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
""" """