From 12505522f03a71b44871f30f912421475993fe65 Mon Sep 17 00:00:00 2001 From: Dirk Doesburg Date: Wed, 12 Jun 2024 20:13:05 +0200 Subject: [PATCH] Fix check if you are allowed to order food (#3720) * Fix check if you are allowed to order food * Fix not being able to order food when not registered * Fix small bugs --------- Co-authored-by: bpc Co-authored-by: Ties --- website/events/templates/events/event.html | 15 ++++++--- website/pizzas/api/v2/views.py | 18 ++++++++++- website/pizzas/templates/pizzas/index.html | 18 +++++++---- website/pizzas/views.py | 37 +++++++++++++++++++++- 4 files changed, 76 insertions(+), 12 deletions(-) diff --git a/website/events/templates/events/event.html b/website/events/templates/events/event.html index 7915195bb..d1d88d8f1 100644 --- a/website/events/templates/events/event.html +++ b/website/events/templates/events/event.html @@ -256,9 +256,17 @@

{% if event.food_event == event.food_event.current or event.food_event.just_ended %} - - {% trans "Order" context "pizzas" %} - + {% if event.registration_required and not registration.is_invited %} +
+ + {% trans "Order" context "pizzas" %} + +
+ {% else %} + + {% trans "Order" context "pizzas" %} + + {% endif %} {% elif event.food_event.in_the_future %}
@@ -300,7 +308,6 @@

- {% if event.documents.exists %}
diff --git a/website/pizzas/api/v2/views.py b/website/pizzas/api/v2/views.py index f62c70473..ffd6e324a 100644 --- a/website/pizzas/api/v2/views.py +++ b/website/pizzas/api/v2/views.py @@ -1,8 +1,10 @@ from django.db.models import Prefetch +from django.utils import timezone from oauth2_provider.contrib.rest_framework import IsAuthenticatedOrTokenHasScope from rest_framework import filters as framework_filters from rest_framework import status +from rest_framework.exceptions import PermissionDenied from rest_framework.generics import ( CreateAPIView, DestroyAPIView, @@ -141,7 +143,8 @@ def dispatch(self, request, *args, **kwargs): def update(self, request, *args, **kwargs): instance = self.get_object() - + if instance.event.has_ended: + raise PermissionDenied if instance.payment: delete_payment(instance, member=request.member, ignore_change_window=True) @@ -152,6 +155,19 @@ def update(self, request, *args, **kwargs): ) def create(self, request, *args, **kwargs): + if self.food_event.start > timezone.now(): + raise PermissionDenied("You cannot order food yet") + if self.food_event.has_ended: + raise PermissionDenied("Event has ended") + + event = self.food_event.event + if event.registration_required: + registration = event.registrations.filter( + member=request.member, date_cancelled=None + ).first() + if registration is None or not registration.is_invited: + raise PermissionDenied("You are not registered for this event") + serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) self.perform_create(serializer) diff --git a/website/pizzas/templates/pizzas/index.html b/website/pizzas/templates/pizzas/index.html index 34b3cb712..341fde947 100644 --- a/website/pizzas/templates/pizzas/index.html +++ b/website/pizzas/templates/pizzas/index.html @@ -10,7 +10,7 @@ {% block opengraph %} {% if event %} + content="{% blocktrans with title=event.title %}Order food for {{ title }}{% endblocktrans %}"/> {% else %} @@ -42,7 +42,17 @@

{% block section_tags %}id="pizzas-index"{% endblock %} {% block page_content %} - {% if event %} + {% if event and not_registered or not event %} + {% if not event %} +

+ {% trans "There are no current events for which you can order food" %} +

+ {% else %} +

+ {% trans "You are not registered for the current food event" %} +

+ {% endif %} + {% else %}
{% if perms.pizzas.change_product %}
@@ -201,9 +211,5 @@

{% trans "Changing your order" %}

{% endif %} {% endif %} {% endif %} - {% else %} -

- {% trans "There is no current event for which you can order food" %}l -

{% endif %} {% endblock %} diff --git a/website/pizzas/views.py b/website/pizzas/views.py index f4bbfd317..5cfdc1a4c 100644 --- a/website/pizzas/views.py +++ b/website/pizzas/views.py @@ -3,6 +3,7 @@ from django.contrib.auth.decorators import login_required from django.http import Http404 from django.shortcuts import get_object_or_404, redirect, render +from django.utils import timezone from django.utils.translation import gettext_lazy as _ from django.views.decorators.http import require_http_methods @@ -23,7 +24,27 @@ def index(request): obj = FoodOrder.objects.get(food_event=event, member=request.member) except FoodOrder.DoesNotExist: obj = None - context = {"event": event, "products": products, "order": obj} + + registrated_required = ( + event is not None + and event.event is not None + and event.event.registration_required + ) + not_registered = False + if registrated_required: + registration = event.event.registrations.filter( + member=request.member, date_cancelled=None + ).first() + + if registration is None or not registration.is_invited: + not_registered = True + + context = { + "event": event, + "products": products, + "order": obj, + "not_registered": not_registered, + } return render(request, "pizzas/index.html", context) @@ -50,9 +71,23 @@ def cancel_order(request): def place_order(request): """View that shows the detail of the current order.""" event = FoodEvent.current() + if not event: return redirect("pizzas:index") + if event.start > timezone.now(): + return redirect("pizzas:index") + + if event.has_ended: + return redirect("pizzas:index") + + if event.event.registration_required: + registration = event.event.registrations.filter( + member=request.member, date_cancelled=None + ).first() + if registration is None or not registration.is_invited: + return redirect("pizzas:index") + try: obj = FoodOrder.objects.get(food_event=event, member=request.member) current_order_locked = not obj.can_be_changed