Make sure only users with at least one association can create an order

2022-05-20 22:46:56 +02:00 · 2022-05-20 22:46:56 +02:00 · 1c0d78f2ee
commit 1c0d78f2ee
parent c43efa4b10
7 changed files with 19 additions and 5 deletions
--- a/app/forms.py
+++ b/app/forms.py
@ -24,6 +24,7 @@ class OrderForm(Form):
        "Starttime", default=datetime.now, format="%d-%m-%Y %H:%M"
    )
    stoptime = DateTimeField("Stoptime", format="%d-%m-%Y %H:%M")
+    association = SelectField("Association", coerce=str, validators=[validators.required()])
    submit_button = SubmitField("Submit")

    def populate(self) -> None:
@ -38,6 +39,7 @@ class OrderForm(Form):
                (current_user.id, current_user.username),
            ]
        self.location_id.choices = [(l.id, l.name) for l in location_definitions]
+        self.association.choices = current_user.association_list()
        if self.stoptime.data is None:
            self.stoptime.data = datetime.now() + timedelta(hours=1)

--- a/app/migrations/versions/5c8378aa4dff_add_user_associations.py
+++ b/app/migrations/versions/5c8378aa4dff_add_user_associations.py
@ -16,8 +16,8 @@ import sqlalchemy as sa

 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
-    op.add_column('order', sa.Column('association', sa.String(length=120), nullable=True))
-    op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=True))
+    op.add_column('order', sa.Column('association', sa.String(length=120), nullable=False, default=""))
+    op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=False, default=""))
    # ### end Alembic commands ###


--- a/app/models/anonymous_user.py
+++ b/app/models/anonymous_user.py
@ -1,10 +1,14 @@
 "AnonymouseUser for people who are not logged in the normal way"
+from typing import List
 # pylint: disable=R0201,C0111


 class AnonymouseUser:
    id = None

+    def association_list(self) -> List[str]:
+        return []
+
    def is_active(self) -> bool:
        return False

--- a/app/models/order.py
+++ b/app/models/order.py
@ -27,7 +27,7 @@ class Order(db.Model):
    stoptime = db.Column(db.DateTime)
    public = db.Column(db.Boolean, default=True)
    slug = db.Column(db.String(7), default=generate_slug, unique=True)
-    association = db.Column(db.String(120))
+    association = db.Column(db.String(120), nullable=False)

    items = db.relationship("OrderItem", backref="order", lazy="dynamic")

--- a/app/models/user.py
+++ b/app/models/user.py
@ -11,7 +11,7 @@ class User(db.Model):
    admin = db.Column(db.Boolean)
    bias = db.Column(db.Integer)
    # Assocation logic
-    associations = db.Column(db.String(120))
+    associations = db.Column(db.String(120), nullable=False)

    # Relations
    runs = db.relation(
--- a/app/templates/orders.html
+++ b/app/templates/orders.html
@ -38,6 +38,11 @@
 								{{ form.location_id(class='form-control select') }}
 								{{ util.render_form_field_errors(form.location_id) }}
 							</div>
+							<div class="form-group select2 {{ 'has-errors' if form.association.errors else ''}}{{ ' required' if form.association.flags.required }}">
+								{{ form.association.label(class='control-label') }}
+								{{ form.association(class='form-control select') }}
+								{{ util.render_form_field_errors(form.association) }}
+							</div>
 							{% if current_user.is_admin() %}
 								<div class="form-group{{ ' has-error' if form.starttime.errors }}{{ ' required' if form.starttime.flags.required }}{{ ' hidden' if not current_user.is_admin() }}">
 									{{ form.starttime.label(class='control-label') }}
--- a/app/views/order.py
+++ b/app/views/order.py
@ -21,7 +21,7 @@ order_bp = Blueprint("order_bp", "order")
@order_bp.route("/")
 def orders(form: OrderForm = None) -> str:
    """Generate general order view"""
-    if form is None and not current_user.is_anonymous():
+    if form is None and current_user.association_list():
        form = OrderForm()
        location_id = request.args.get("location_id")
        form.location_id.default = location_id
@ -34,6 +34,9 @@ def orders(form: OrderForm = None) -> str:
@login_required
 def order_create() -> typing.Union[str, Response]:
    """Generate order create view"""
+    if not current_user.association_list():
+        flash("Not allowed to create an order.", "info")
+        abort(401)
    orderForm = OrderForm()
    orderForm.populate()
    if orderForm.validate_on_submit():