8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-23 15:33:45 +00:00

Merge branch 'fix_346' into 'dev'

fix: Missing ACL check for some cotisation endpoints

See merge request re2o/re2o!626
This commit is contained in:
chapeau 2024-03-23 08:55:05 +00:00
commit dc153bb2c8
2 changed files with 11 additions and 5 deletions

View file

@ -32,14 +32,16 @@ from django.utils.translation import ugettext as _
from cotisations.models import Facture as Invoice from cotisations.models import Facture as Invoice
from cotisations.utils import find_payment_method from cotisations.utils import find_payment_method
from re2o.acl import can_view
from .forms import InvoiceForm from .forms import InvoiceForm
from .models import ChequePayment from .models import ChequePayment
@login_required @login_required
def cheque(request, invoice_pk): @can_view(Invoice)
def cheque(request, invoice, **_kwargs):
"""This view validate an invoice with the data from a cheque.""" """This view validate an invoice with the data from a cheque."""
invoice = get_object_or_404(Invoice, pk=invoice_pk)
payment_method = find_payment_method(invoice.paiement) payment_method = find_payment_method(invoice.paiement)
if invoice.valid or not isinstance(payment_method, ChequePayment): if invoice.valid or not isinstance(payment_method, ChequePayment):
messages.error(request, _("You can't pay this invoice with a cheque.")) messages.error(request, _("You can't pay this invoice with a cheque."))

View file

@ -34,7 +34,10 @@ from django.utils.datastructures import MultiValueDictKeyError
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from re2o.acl import can_view
from cotisations.models import Facture from cotisations.models import Facture
from cotisations.utils import find_payment_method
from .comnpay import Transaction from .comnpay import Transaction
from .models import ComnpayPayment from .models import ComnpayPayment
@ -42,13 +45,14 @@ from .models import ComnpayPayment
@csrf_exempt @csrf_exempt
@login_required @login_required
def accept_payment(request, factureid): @can_view(Facture)
def accept_payment(request, invoice, **_kwargs):
""" """
The view where the user is redirected when a comnpay payment has been The view where the user is redirected when a comnpay payment has been
accepted. accepted.
""" """
invoice = get_object_or_404(Facture, id=factureid) payment_method = find_payment_method(invoice.paiement)
if invoice.valid: if invoice.valid and isinstance(payment_method, ComnpayPayment):
messages.success( messages.success(
request, request,
_("The payment of %(amount)s € was accepted.") _("The payment of %(amount)s € was accepted.")