Fix CSRF bug in Ordering Form template, make case quantity pretty
This commit is contained in:
		
							parent
							
								
									3db2c9cba4
								
							
						
					
					
						commit
						7a9780e2b8
					
				
					 1 changed files with 19 additions and 10 deletions
				
			
		|  | @ -14,14 +14,12 @@ | |||
|                 return true; | ||||
|             } | ||||
|             if (event.which == 13) { | ||||
|                 var input = $(this); | ||||
|                 var row = $(this).parents('tr:first'); | ||||
|                 var data = { | ||||
|                     product_uuid: row.data('uuid'), | ||||
|                     cases_ordered: row.find('input[name^="cases_ordered_"]').val() || '0', | ||||
|                     units_ordered: row.find('input[name^="units_ordered_"]').val() || '0' | ||||
|                 }; | ||||
|                 $.post('${url('purchases.batch.order_form_update', uuid=batch.uuid)}', data, function(data) { | ||||
|                 var form = $('#item-update-form'); | ||||
|                 form.find('[name="product_uuid"]').val(row.data('uuid')); | ||||
|                 form.find('[name="cases_ordered"]').val(row.find('input[name^="cases_ordered_"]').val() || '0'); | ||||
|                 form.find('[name="units_ordered"]').val(row.find('input[name^="units_ordered_"]').val() || '0'); | ||||
|                 $.post(form.attr('action'), form.serialize(), function(data) { | ||||
|                     if (data.error) { | ||||
|                         alert(data.error); | ||||
|                     } else { | ||||
|  | @ -37,6 +35,10 @@ | |||
| 
 | ||||
|     }); | ||||
|   </script> | ||||
| </%def> | ||||
| 
 | ||||
| <%def name="extra_styles()"> | ||||
|   ${parent.extra_styles()} | ||||
|   <style type="text/css"> | ||||
| 
 | ||||
|     .order-form th.department { | ||||
|  | @ -185,7 +187,7 @@ | |||
|                     <td class="upc">${get_upc(cost.product)}</td> | ||||
|                     <td class="brand">${cost.product.brand or ''}</td> | ||||
|                     <td class="desc">${cost.product.description} ${cost.product.size or ''}</td> | ||||
|                     <td class="case-qty">${cost.case_size} ${"LB" if cost.product.weighed else "EA"}</td> | ||||
|                     <td class="case-qty">${h.pretty_quantity(cost.case_size)} ${"LB" if cost.product.weighed else "EA"}</td> | ||||
|                     <td class="code">${cost.code or ''}</td> | ||||
|                     <td class="preferred">${'X' if cost.preference == 1 else ''}</td> | ||||
|                     <td class="unit-cost">$${'{:0.2f}'.format(cost.unit_cost)}</td> | ||||
|  | @ -204,10 +206,10 @@ | |||
|                         </td> | ||||
|                     % endfor | ||||
|                     <td class="current-order"> | ||||
|                        ${h.text('cases_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.cases_ordered) if cost._batchrow else None)} | ||||
|                        ${h.text('cases_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.cases_ordered or 0) if cost._batchrow else None)} | ||||
|                     </td> | ||||
|                     <td class="current-order"> | ||||
|                        ${h.text('units_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.units_ordered) if cost._batchrow else None)} | ||||
|                        ${h.text('units_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.units_ordered or 0) if cost._batchrow else None)} | ||||
|                     </td> | ||||
|                     <td class="po-total">${'${:0,.2f}'.format(cost._batchrow.po_total) if cost._batchrow else ''}</td> | ||||
|                     ${self.extra_td(cost)} | ||||
|  | @ -219,6 +221,13 @@ | |||
|   </table> | ||||
| </div> | ||||
| 
 | ||||
| ${h.form(url('purchases.batch.order_form_update', uuid=batch.uuid), id='item-update-form', style='display: none;')} | ||||
| ${h.csrf_token(request)} | ||||
| ${h.hidden('product_uuid')} | ||||
| ${h.hidden('cases_ordered')} | ||||
| ${h.hidden('units_ordered')} | ||||
| ${h.end_form()} | ||||
| 
 | ||||
| 
 | ||||
| <%def name="extra_vendor_fields()"></%def> | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Lance Edgar
						Lance Edgar