Fix check if you are allowed to order food (#3720)

* Fix check if you are allowed to order food * Fix not being able to order food when not registered * Fix small bugs --------- Co-authored-by: bpc <[email protected]> Co-authored-by: Ties <[email protected]>
svthalia · Jun 12, 2024 · 1250552 · 1250552
1 parent 39f23f7
commit 1250552
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 12 deletions.
diff --git a/website/events/templates/events/event.html b/website/events/templates/events/event.html
@@ -256,9 +256,17 @@ <h1 class="section-title">
                                     </th>
                                     <td>
                                     {% if event.food_event == event.food_event.current or event.food_event.just_ended %}
-                                        <a href="{% url "pizzas:index" %}" class="btn btn-primary">
-                                            {% trans "Order" context "pizzas" %}
-                                        </a>
+                                        {% if event.registration_required and not registration.is_invited %}
+                                            <div class="d-inline-block" data-bs-toggle="tooltip" data-placement="auto" title="{% trans 'You do not seem to be registered, which you need to be to order food. '%} {{event.food_event.start}}">
+                                                <a class="btn btn-primary disabled">
+                                                    {% trans "Order" context "pizzas" %}
+                                                </a>
+                                            </div>
+                                        {% else %}
+                                            <a href="{% url "pizzas:index" %}" class="btn btn-primary">
+                                                {% trans "Order" context "pizzas" %}
+                                            </a>
+                                        {% endif %}
                                     {% elif event.food_event.in_the_future %}
                                         <div class="d-inline-block" data-bs-toggle="tooltip" data-placement="auto" title="{% trans 'Ordering pizza for this event will be possible starting '%} {{event.food_event.start}}">
                                             <a class="btn btn-primary disabled">
@@ -300,7 +308,6 @@ <h1 class="section-title">
             </div>
         </div>
     </section>
-
     {% if event.documents.exists %}
         <section class="page-section" id="events-documents">
             <div class="container">

diff --git a/website/pizzas/api/v2/views.py b/website/pizzas/api/v2/views.py
@@ -1,8 +1,10 @@
 from django.db.models import Prefetch
+from django.utils import timezone
 
 from oauth2_provider.contrib.rest_framework import IsAuthenticatedOrTokenHasScope
 from rest_framework import filters as framework_filters
 from rest_framework import status
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.generics import (
     CreateAPIView,
     DestroyAPIView,
@@ -141,7 +143,8 @@ def dispatch(self, request, *args, **kwargs):
 
     def update(self, request, *args, **kwargs):
         instance = self.get_object()
-
+        if instance.event.has_ended:
+            raise PermissionDenied
         if instance.payment:
             delete_payment(instance, member=request.member, ignore_change_window=True)
 
@@ -152,6 +155,19 @@ def update(self, request, *args, **kwargs):
         )
 
     def create(self, request, *args, **kwargs):
+        if self.food_event.start > timezone.now():
+            raise PermissionDenied("You cannot order food yet")
+        if self.food_event.has_ended:
+            raise PermissionDenied("Event has ended")
+
+        event = self.food_event.event
+        if event.registration_required:
+            registration = event.registrations.filter(
+                member=request.member, date_cancelled=None
+            ).first()
+            if registration is None or not registration.is_invited:
+                raise PermissionDenied("You are not registered for this event")
+
         serializer = self.get_serializer(data=request.data)
         serializer.is_valid(raise_exception=True)
         self.perform_create(serializer)

diff --git a/website/pizzas/templates/pizzas/index.html b/website/pizzas/templates/pizzas/index.html
@@ -10,7 +10,7 @@
 {% block opengraph %}
     {% if event %}
         <meta property="og:description"
-              content="{% blocktrans with title=event.title %}Order food for {{ title }}{% endblocktrans %}"/>
+                content="{% blocktrans with title=event.title %}Order food for {{ title }}{% endblocktrans %}"/>
     {% else %}
         <meta property="og:description"
               content="{% trans "There is no current event for which you can order food" %}"/>
@@ -42,7 +42,17 @@ <h2>
 {% block section_tags %}id="pizzas-index"{% endblock %}
 
 {% block page_content %}
-    {% if event %}
+    {% if event and not_registered or not event %}
+        {% if not event %}
+            <p>
+                {% trans "There are no current events for which you can order food" %}
+            </p>
+        {% else %}
+            <p>
+                {% trans "You are not registered for the current food event" %}
+            </p>
+        {% endif %}
+    {% else %}
         <div class="mb-3 row">
             {% if perms.pizzas.change_product %}
                 <div class="col-12 col-md-4 my-1">
@@ -201,9 +211,5 @@ <h4>{% trans "Changing your order" %}</h4>
                 {% endif %}
             {% endif %}
         {% endif %}
-    {% else %}
-        <p>
-            {% trans "There is no current event for which you can order food" %}l
-        </p>
     {% endif %}
 {% endblock %}
diff --git a/website/pizzas/views.py b/website/pizzas/views.py
@@ -3,6 +3,7 @@
 from django.contrib.auth.decorators import login_required
 from django.http import Http404
 from django.shortcuts import get_object_or_404, redirect, render
+from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.http import require_http_methods
 
@@ -23,7 +24,27 @@ def index(request):
         obj = FoodOrder.objects.get(food_event=event, member=request.member)
     except FoodOrder.DoesNotExist:
         obj = None
-    context = {"event": event, "products": products, "order": obj}
+
+    registrated_required = (
+        event is not None
+        and event.event is not None
+        and event.event.registration_required
+    )
+    not_registered = False
+    if registrated_required:
+        registration = event.event.registrations.filter(
+            member=request.member, date_cancelled=None
+        ).first()
+
+        if registration is None or not registration.is_invited:
+            not_registered = True
+
+    context = {
+        "event": event,
+        "products": products,
+        "order": obj,
+        "not_registered": not_registered,
+    }
     return render(request, "pizzas/index.html", context)
 
 
@@ -50,9 +71,23 @@ def cancel_order(request):
 def place_order(request):
     """View that shows the detail of the current order."""
     event = FoodEvent.current()
+
     if not event:
         return redirect("pizzas:index")
 
+    if event.start > timezone.now():
+        return redirect("pizzas:index")
+
+    if event.has_ended:
+        return redirect("pizzas:index")
+
+    if event.event.registration_required:
+        registration = event.event.registrations.filter(
+            member=request.member, date_cancelled=None
+        ).first()
+        if registration is None or not registration.is_invited:
+            return redirect("pizzas:index")
+
     try:
         obj = FoodOrder.objects.get(food_event=event, member=request.member)
         current_order_locked = not obj.can_be_changed