[FIX] website_quote: prevent modifying the quote state if it's already been processed
Before this fix, it was possible to validate then cancel a quote (or the other way around) simply by using two tabs in your browser. From now on, we only validate/cancel a quote if it's the 'sent' state and advise the customer of the situation if he tries to abuse the process.
This commit is contained in:
parent
81418ec14e
commit
486cd33091
|
@ -64,6 +64,8 @@ class sale_quote(http.Controller):
|
||||||
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
|
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
|
||||||
if token != order.access_token:
|
if token != order.access_token:
|
||||||
return request.website.render('website.404')
|
return request.website.render('website.404')
|
||||||
|
if order.state != 'sent':
|
||||||
|
return False
|
||||||
attachments=sign and [('signature.png', sign.decode('base64'))] or []
|
attachments=sign and [('signature.png', sign.decode('base64'))] or []
|
||||||
order_obj.signal_workflow(request.cr, SUPERUSER_ID, [order_id], 'order_confirm', context=request.context)
|
order_obj.signal_workflow(request.cr, SUPERUSER_ID, [order_id], 'order_confirm', context=request.context)
|
||||||
message = _('Order signed by %s') % (signer,)
|
message = _('Order signed by %s') % (signer,)
|
||||||
|
@ -76,6 +78,8 @@ class sale_quote(http.Controller):
|
||||||
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
|
order = order_obj.browse(request.cr, SUPERUSER_ID, order_id)
|
||||||
if token != order.access_token:
|
if token != order.access_token:
|
||||||
return request.website.render('website.404')
|
return request.website.render('website.404')
|
||||||
|
if order.state != 'sent':
|
||||||
|
return werkzeug.utils.redirect("/quote/%s/%s?message=4" % (order_id, token))
|
||||||
request.registry.get('sale.order').action_cancel(request.cr, SUPERUSER_ID, [order_id])
|
request.registry.get('sale.order').action_cancel(request.cr, SUPERUSER_ID, [order_id])
|
||||||
message = post.get('decline_message')
|
message = post.get('decline_message')
|
||||||
if message:
|
if message:
|
||||||
|
|
|
@ -63,8 +63,9 @@ website.if_dom_contains('div.o_website_quote', function () {
|
||||||
'signer': signer_name,
|
'signer': signer_name,
|
||||||
'sign': sign?JSON.stringify(sign[1]):false,
|
'sign': sign?JSON.stringify(sign[1]):false,
|
||||||
}).then(function (data) {
|
}).then(function (data) {
|
||||||
|
var message_id = (data) ? 3 : 4;
|
||||||
$('#modelaccept').modal('hide');
|
$('#modelaccept').modal('hide');
|
||||||
window.location.href = '/quote/'+order_id[1]+'/'+token+'?message=3';
|
window.location.href = '/quote/'+order_id[1]+'/'+token+'?message='+message_id;
|
||||||
});
|
});
|
||||||
return false;
|
return false;
|
||||||
});
|
});
|
||||||
|
|
|
@ -252,6 +252,14 @@
|
||||||
and do not hesitate to <a href="#discussion">contact us</a> for
|
and do not hesitate to <a href="#discussion">contact us</a> for
|
||||||
any question.
|
any question.
|
||||||
</div>
|
</div>
|
||||||
|
<div class="alert alert-warning alert-dismissable" t-if="message==4 and quotation.state != 'sent'">
|
||||||
|
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
|
||||||
|
This order has already been
|
||||||
|
<t t-if="quotation.state=='cancel'">cancelled</t>
|
||||||
|
<t t-if="quotation.state not in ('cancel','draft')">validated</t>
|
||||||
|
! You can <a href="#discussion">contact us</a> for
|
||||||
|
any question.
|
||||||
|
</div>
|
||||||
<a id="introduction"/>
|
<a id="introduction"/>
|
||||||
<h1 class="page-header mt16">
|
<h1 class="page-header mt16">
|
||||||
<span t-if="quotation.state in ('draft','sent','cancel')">Your Quotation</span>
|
<span t-if="quotation.state in ('draft','sent','cancel')">Your Quotation</span>
|
||||||
|
|
Loading…
Reference in New Issue