[FIX] website_quote: prevent modifying the quote state if it's already been processed

Before this fix, it was possible to validate then cancel a quote (or the other way around) simply by using two tabs in your browser. From now on, we only validate/cancel a quote if it's the 'sent' state and advise the customer of the situation if he tries to abuse the process.
This commit is contained in:
Damien Bouvy 2015-10-09 16:50:23 +02:00
parent 81418ec14e
commit 486cd33091
3 changed files with 14 additions and 1 deletions

View File

@ -64,6 +64,8 @@ class sale_quote(http.Controller):
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
if token != order.access_token:
return request.website.render('website.404')
if order.state != 'sent':
return False
attachments=sign and [('signature.png', sign.decode('base64'))] or []
order_obj.signal_workflow(request.cr, SUPERUSER_ID, [order_id], 'order_confirm', context=request.context)
message = _('Order signed by %s') % (signer,)
@ -76,6 +78,8 @@ class sale_quote(http.Controller):
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
if token != order.access_token:
return request.website.render('website.404')
if order.state != 'sent':
return werkzeug.utils.redirect("/quote/%s/%s?message=4" % (order_id, token))
request.registry.get('sale.order').action_cancel(request.cr, SUPERUSER_ID, [order_id])
message = post.get('decline_message')
if message:

View File

@ -63,8 +63,9 @@ website.if_dom_contains('div.o_website_quote', function () {
'signer': signer_name,
'sign': sign?JSON.stringify(sign[1]):false,
}).then(function (data) {
var message_id = (data) ? 3 : 4;
$('#modelaccept').modal('hide');
window.location.href = '/quote/'+order_id[1]+'/'+token+'?message=3';
window.location.href = '/quote/'+order_id[1]+'/'+token+'?message='+message_id;
});
return false;
});

View File

@ -252,6 +252,14 @@
and do not hesitate to <a href="#discussion">contact us</a> for
any question.
</div>
<div class="alert alert-warning alert-dismissable" t-if="message==4 and quotation.state != 'sent'">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">&amp;times;</button>
This order has already been
<t t-if="quotation.state=='cancel'">cancelled</t>
<t t-if="quotation.state not in ('cancel','draft')">validated</t>
! You can <a href="#discussion">contact us</a> for
any question.
</div>
<a id="introduction"/>
<h1 class="page-header mt16">
<span t-if="quotation.state in ('draft','sent','cancel')">Your Quotation</span>