mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-11-26 18:37:12 +00:00
Security against the cycles
This commit is contained in:
parent
7f12ee63f2
commit
e0b2d24fe7
@ -27,10 +27,9 @@ class TransformedFoodAdmin(admin.ModelAdmin):
|
|||||||
exclude = ["allergens", "expiry_date"]
|
exclude = ["allergens", "expiry_date"]
|
||||||
|
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
def save_related(self, *args, **kwargs):
|
def save_related(self, request, form, *args, **kwargs):
|
||||||
ans = super().save_related(*args, **kwargs)
|
super().save_related(request, form, *args, **kwargs)
|
||||||
args[1].instance.update()
|
form.instance.update()
|
||||||
return ans
|
|
||||||
|
|
||||||
|
|
||||||
@admin.register(Allergen, site=admin_site)
|
@admin.register(Allergen, site=admin_site)
|
||||||
|
@ -17,9 +17,9 @@ from .models import BasicFood, Food, QRCode, TransformedFood
|
|||||||
from .tables import TransformedFoodTable
|
from .tables import TransformedFoodTable
|
||||||
|
|
||||||
|
|
||||||
class AddIngredientView(ProtectQuerysetMixin, FormView):
|
class AddIngredientView(ProtectQuerysetMixin, UpdateView):
|
||||||
"""
|
"""
|
||||||
A view to see a qrcode
|
A view to add an ingredient
|
||||||
"""
|
"""
|
||||||
model = Food
|
model = Food
|
||||||
template_name = 'food/add_ingredient_form.html'
|
template_name = 'food/add_ingredient_form.html'
|
||||||
@ -34,28 +34,25 @@ class AddIngredientView(ProtectQuerysetMixin, FormView):
|
|||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
form.instance.creater = self.request.user
|
form.instance.creater = self.request.user
|
||||||
|
food = Food.objects.get(pk=self.kwargs['pk'])
|
||||||
add_ingredient_form = AddIngredientForms(data=self.request.POST)
|
add_ingredient_form = AddIngredientForms(data=self.request.POST)
|
||||||
|
if not food.is_ready:
|
||||||
|
form.add_error(None, _("The product isn't ready"))
|
||||||
|
return self.form_invalid(form)
|
||||||
if not add_ingredient_form.is_valid():
|
if not add_ingredient_form.is_valid():
|
||||||
return self.form_invalid(form)
|
return self.form_invalid(form)
|
||||||
|
|
||||||
food = Food.objects.get(pk=self.kwargs['pk'])
|
|
||||||
# Save the aliment and the allergens associed
|
# Save the aliment and the allergens associed
|
||||||
for transformed_pk in self.request.POST.getlist('ingredient'):
|
for transformed_pk in self.request.POST.getlist('ingredient'):
|
||||||
transformed = TransformedFood.objects.get(pk=transformed_pk)
|
transformed = TransformedFood.objects.get(pk=transformed_pk)
|
||||||
|
if not transformed.is_ready:
|
||||||
transformed.ingredient.add(food)
|
transformed.ingredient.add(food)
|
||||||
transformed.update()
|
transformed.update()
|
||||||
|
return HttpResponseRedirect(self.get_success_url())
|
||||||
return super().form_valid(form)
|
|
||||||
|
|
||||||
def get_success_url(self, **kwargs):
|
def get_success_url(self, **kwargs):
|
||||||
return reverse('food:food_list')
|
return reverse('food:food_list')
|
||||||
|
|
||||||
def get_sample_object(self):
|
|
||||||
return TransformedFood(
|
|
||||||
name="",
|
|
||||||
creation_date=timezone.now(),
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class BasicFoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
|
class BasicFoodUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
|
||||||
"""
|
"""
|
||||||
|
Loading…
Reference in New Issue
Block a user