almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-28 17:32:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Test that the users belong the project before settling

Browse source
This commit is contained in:
Alexis Métaireau 2025-01-05 19:47:53 +01:00
parent 87112ec9d1
commit 2ec8924e4c
No known key found for this signature in database
GPG key ID: 1C21B876828E5FF2
3 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ihatemoney/models.py
View file

@ -447,6 +447,10 @@ class Project(db.Model):
db.session.commit() db.session.commit()
return person return person
def has_member(self, member_id):
person = Person.query.get(member_id, self)
return person is not None
def remove_project(self): def remove_project(self):
# We can't import at top level without circular dependencies # We can't import at top level without circular dependencies
from ihatemoney.history import purge_history from ihatemoney.history import purge_history

8
ihatemoney/tests/budget_test.py
View file

@ -1470,8 +1470,8 @@ class TestBudget(IhatemoneyTestCase):
pirate = models.Person.query.filter(models.Person.id == 5).one() pirate = models.Person.query.filter(models.Person.id == 5).one()
assert pirate.name == "pirate" assert pirate.name == "pirate"
# Try to add a new bill in another project # Try to add a new bill to another project
self.client.post( resp = self.client.post(
"/raclette/add", "/raclette/add",
data={ data={
"date": "2017-01-01", "date": "2017-01-01",
@ -1488,7 +1488,7 @@ class TestBudget(IhatemoneyTestCase):
# Try to add a new bill in our project that references members of another project. # Try to add a new bill in our project that references members of another project.
# First with invalid payed_for IDs. # First with invalid payed_for IDs.
self.client.post( resp = self.client.post(
"/tartiflette/add", "/tartiflette/add",
data={ data={
"date": "2017-01-01", "date": "2017-01-01",
@ -1630,7 +1630,7 @@ class TestBudget(IhatemoneyTestCase):
member = models.Person.query.filter(models.Person.id == 1).one_or_none() member = models.Person.query.filter(models.Person.id == 1).one_or_none()
assert member is None assert member is None
# test new settle endpoint to add bills with wrong payer / payed_for # test new settle endpoint to add bills with wrong ids
self.client.post("/exit") self.client.post("/exit")
self.client.post( self.client.post(
"/authenticate", data={"id": "tartiflette", "password": "tartiflette"} "/authenticate", data={"id": "tartiflette", "password": "tartiflette"}

11
ihatemoney/web.py
View file

@ -874,13 +874,18 @@ def add_settlement_bill():
) )
return redirect(url_for(".settle_bill")) return redirect(url_for(".settle_bill"))
# TODO: check that sender and receiver ID are valid and part of this project # Ensure that the sender and receiver ID are valid and part of this project
receiver_id = form.receiver_id.data
sender_id = form.sender_id.data
if not g.project.has_member(sender_id):
return redirect(url_for(".settle_bill"))
settlement = Bill( settlement = Bill(
amount=form.amount.data, amount=form.amount.data,
date=datetime.datetime.today(), date=datetime.datetime.today(),
owers=[Person.query.get(form.receiver_id.data)], owers=[Person.query.get(receiver_id, g.project)],
payer_id=form.sender_id.data, payer_id=sender_id,
project_default_currency=g.project.default_currency, project_default_currency=g.project.default_currency,
bill_type=BillType.REIMBURSEMENT, bill_type=BillType.REIMBURSEMENT,
what=_("Settlement"), what=_("Settlement"),