From 1c0d78f2eec787a5c70fa14f21644c31fb932fb3 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Fri, 20 May 2022 22:46:56 +0200 Subject: [PATCH] Make sure only users with at least one association can create an order --- app/forms.py | 2 ++ .../versions/5c8378aa4dff_add_user_associations.py | 4 ++-- app/models/anonymous_user.py | 4 ++++ app/models/order.py | 2 +- app/models/user.py | 2 +- app/templates/orders.html | 5 +++++ app/views/order.py | 5 ++++- 7 files changed, 19 insertions(+), 5 deletions(-) diff --git a/app/forms.py b/app/forms.py index e259563..f847e96 100644 --- a/app/forms.py +++ b/app/forms.py @@ -24,6 +24,7 @@ class OrderForm(Form): "Starttime", default=datetime.now, format="%d-%m-%Y %H:%M" ) stoptime = DateTimeField("Stoptime", format="%d-%m-%Y %H:%M") + association = SelectField("Association", coerce=str, validators=[validators.required()]) submit_button = SubmitField("Submit") def populate(self) -> None: @@ -38,6 +39,7 @@ class OrderForm(Form): (current_user.id, current_user.username), ] self.location_id.choices = [(l.id, l.name) for l in location_definitions] + self.association.choices = current_user.association_list() if self.stoptime.data is None: self.stoptime.data = datetime.now() + timedelta(hours=1) diff --git a/app/migrations/versions/5c8378aa4dff_add_user_associations.py b/app/migrations/versions/5c8378aa4dff_add_user_associations.py index 4cc135d..24f52c7 100644 --- a/app/migrations/versions/5c8378aa4dff_add_user_associations.py +++ b/app/migrations/versions/5c8378aa4dff_add_user_associations.py @@ -16,8 +16,8 @@ import sqlalchemy as sa def upgrade(): # ### commands auto generated by Alembic - please adjust! ### - op.add_column('order', sa.Column('association', sa.String(length=120), nullable=True)) - op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=True)) + op.add_column('order', sa.Column('association', sa.String(length=120), nullable=False, default="")) + op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=False, default="")) # ### end Alembic commands ### diff --git a/app/models/anonymous_user.py b/app/models/anonymous_user.py index 2ae10f2..8e2532a 100644 --- a/app/models/anonymous_user.py +++ b/app/models/anonymous_user.py @@ -1,10 +1,14 @@ "AnonymouseUser for people who are not logged in the normal way" +from typing import List # pylint: disable=R0201,C0111 class AnonymouseUser: id = None + def association_list(self) -> List[str]: + return [] + def is_active(self) -> bool: return False diff --git a/app/models/order.py b/app/models/order.py index 7729d42..37407dd 100644 --- a/app/models/order.py +++ b/app/models/order.py @@ -27,7 +27,7 @@ class Order(db.Model): stoptime = db.Column(db.DateTime) public = db.Column(db.Boolean, default=True) slug = db.Column(db.String(7), default=generate_slug, unique=True) - association = db.Column(db.String(120)) + association = db.Column(db.String(120), nullable=False) items = db.relationship("OrderItem", backref="order", lazy="dynamic") diff --git a/app/models/user.py b/app/models/user.py index 13634bb..964ba42 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -11,7 +11,7 @@ class User(db.Model): admin = db.Column(db.Boolean) bias = db.Column(db.Integer) # Assocation logic - associations = db.Column(db.String(120)) + associations = db.Column(db.String(120), nullable=False) # Relations runs = db.relation( diff --git a/app/templates/orders.html b/app/templates/orders.html index e472461..35fa189 100644 --- a/app/templates/orders.html +++ b/app/templates/orders.html @@ -38,6 +38,11 @@ {{ form.location_id(class='form-control select') }} {{ util.render_form_field_errors(form.location_id) }} +
+ {{ form.association.label(class='control-label') }} + {{ form.association(class='form-control select') }} + {{ util.render_form_field_errors(form.association) }} +
{% if current_user.is_admin() %}
{{ form.starttime.label(class='control-label') }} diff --git a/app/views/order.py b/app/views/order.py index 8023ecf..e779c5a 100644 --- a/app/views/order.py +++ b/app/views/order.py @@ -21,7 +21,7 @@ order_bp = Blueprint("order_bp", "order") @order_bp.route("/") def orders(form: OrderForm = None) -> str: """Generate general order view""" - if form is None and not current_user.is_anonymous(): + if form is None and current_user.association_list(): form = OrderForm() location_id = request.args.get("location_id") form.location_id.default = location_id @@ -34,6 +34,9 @@ def orders(form: OrderForm = None) -> str: @login_required def order_create() -> typing.Union[str, Response]: """Generate order create view""" + if not current_user.association_list(): + flash("Not allowed to create an order.", "info") + abort(401) orderForm = OrderForm() orderForm.populate() if orderForm.validate_on_submit():