Make sure only users with at least one association can create an order

app/forms.py

@@ -24,6 +24,7 @@ class OrderForm(Form):
         "Starttime", default=datetime.now, format="%d-%m-%Y %H:%M"
     )
     stoptime = DateTimeField("Stoptime", format="%d-%m-%Y %H:%M")
+    association = SelectField("Association", coerce=str, validators=[validators.required()])
     submit_button = SubmitField("Submit")
 
     def populate(self) -> None:
@@ -38,6 +39,7 @@ class OrderForm(Form):
                 (current_user.id, current_user.username),
             ]
         self.location_id.choices = [(l.id, l.name) for l in location_definitions]
+        self.association.choices = current_user.association_list()
         if self.stoptime.data is None:
             self.stoptime.data = datetime.now() + timedelta(hours=1)
 

app/migrations/versions/5c8378aa4dff_add_user_associations.py

@@ -16,8 +16,8 @@ import sqlalchemy as sa
 
 def upgrade():
     # ### commands auto generated by Alembic - please adjust! ###
-    op.add_column('order', sa.Column('association', sa.String(length=120), nullable=True))
+    op.add_column('order', sa.Column('association', sa.String(length=120), nullable=False, default=""))
-    op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=True))
+    op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=False, default=""))
     # ### end Alembic commands ###
 
 

app/models/anonymous_user.py

@@ -1,10 +1,14 @@
 "AnonymouseUser for people who are not logged in the normal way"
+from typing import List
 # pylint: disable=R0201,C0111
 
 
 class AnonymouseUser:
     id = None
 
+    def association_list(self) -> List[str]:
+        return []
+
     def is_active(self) -> bool:
         return False
 

app/models/order.py

@@ -27,7 +27,7 @@ class Order(db.Model):
     stoptime = db.Column(db.DateTime)
     public = db.Column(db.Boolean, default=True)
     slug = db.Column(db.String(7), default=generate_slug, unique=True)
-    association = db.Column(db.String(120))
+    association = db.Column(db.String(120), nullable=False)
 
     items = db.relationship("OrderItem", backref="order", lazy="dynamic")
 

app/models/user.py

@@ -11,7 +11,7 @@ class User(db.Model):
     admin = db.Column(db.Boolean)
     bias = db.Column(db.Integer)
     # Assocation logic
-    associations = db.Column(db.String(120))
+    associations = db.Column(db.String(120), nullable=False)
 
     # Relations
     runs = db.relation(

app/templates/orders.html

@@ -38,6 +38,11 @@
 								{{ form.location_id(class='form-control select') }}
 								{{ util.render_form_field_errors(form.location_id) }}
 							</div>
+							<div class="form-group select2 {{ 'has-errors' if form.association.errors else ''}}{{ ' required' if form.association.flags.required }}">
+								{{ form.association.label(class='control-label') }}
+								{{ form.association(class='form-control select') }}
+								{{ util.render_form_field_errors(form.association) }}
+							</div>
 							{% if current_user.is_admin() %}
 								<div class="form-group{{ ' has-error' if form.starttime.errors }}{{ ' required' if form.starttime.flags.required }}{{ ' hidden' if not current_user.is_admin() }}">
 									{{ form.starttime.label(class='control-label') }}

app/views/order.py

@@ -21,7 +21,7 @@ order_bp = Blueprint("order_bp", "order")
 @order_bp.route("/")
 def orders(form: OrderForm = None) -> str:
     """Generate general order view"""
-    if form is None and not current_user.is_anonymous():
+    if form is None and current_user.association_list():
         form = OrderForm()
         location_id = request.args.get("location_id")
         form.location_id.default = location_id
@@ -34,6 +34,9 @@ def orders(form: OrderForm = None) -> str:
 @login_required
 def order_create() -> typing.Union[str, Response]:
     """Generate order create view"""
+    if not current_user.association_list():
+        flash("Not allowed to create an order.", "info")
+        abort(401)
     orderForm = OrderForm()
     orderForm.populate()
     if orderForm.validate_on_submit():