[FIX] website_quote: prevent modifying the quote state if it's already been processed
Before this fix, it was possible to validate then cancel a quote (or the other way around) simply by using two tabs in your browser. From now on, we only validate/cancel a quote if it's the 'sent' state and advise the customer of the situation if he tries to abuse the process.
This commit is contained in:
parent
81418ec14e
commit
486cd33091
|
@ -64,6 +64,8 @@ class sale_quote(http.Controller):
|
|||
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
|
||||
if token != order.access_token:
|
||||
return request.website.render('website.404')
|
||||
if order.state != 'sent':
|
||||
return False
|
||||
attachments=sign and [('signature.png', sign.decode('base64'))] or []
|
||||
order_obj.signal_workflow(request.cr, SUPERUSER_ID, [order_id], 'order_confirm', context=request.context)
|
||||
message = _('Order signed by %s') % (signer,)
|
||||
|
@ -76,6 +78,8 @@ class sale_quote(http.Controller):
|
|||
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
|
||||
if token != order.access_token:
|
||||
return request.website.render('website.404')
|
||||
if order.state != 'sent':
|
||||
return werkzeug.utils.redirect("/quote/%s/%s?message=4" % (order_id, token))
|
||||
request.registry.get('sale.order').action_cancel(request.cr, SUPERUSER_ID, [order_id])
|
||||
message = post.get('decline_message')
|
||||
if message:
|
||||
|
|
|
@ -63,8 +63,9 @@ website.if_dom_contains('div.o_website_quote', function () {
|
|||
'signer': signer_name,
|
||||
'sign': sign?JSON.stringify(sign[1]):false,
|
||||
}).then(function (data) {
|
||||
var message_id = (data) ? 3 : 4;
|
||||
$('#modelaccept').modal('hide');
|
||||
window.location.href = '/quote/'+order_id[1]+'/'+token+'?message=3';
|
||||
window.location.href = '/quote/'+order_id[1]+'/'+token+'?message='+message_id;
|
||||
});
|
||||
return false;
|
||||
});
|
||||
|
|
|
@ -252,6 +252,14 @@
|
|||
and do not hesitate to <a href="#discussion">contact us</a> for
|
||||
any question.
|
||||
</div>
|
||||
<div class="alert alert-warning alert-dismissable" t-if="message==4 and quotation.state != 'sent'">
|
||||
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
|
||||
This order has already been
|
||||
<t t-if="quotation.state=='cancel'">cancelled</t>
|
||||
<t t-if="quotation.state not in ('cancel','draft')">validated</t>
|
||||
! You can <a href="#discussion">contact us</a> for
|
||||
any question.
|
||||
</div>
|
||||
<a id="introduction"/>
|
||||
<h1 class="page-header mt16">
|
||||
<span t-if="quotation.state in ('draft','sent','cancel')">Your Quotation</span>
|
||||
|
|
Loading…
Reference in New Issue